This paper investigates the feasibility of emulation of source code software faults directly in Java byte code. Experimental results show that software defects introduced in source code can be emulated in Java byte code with high level of confidence. This makes it possible to validate the dependability of Java programs with respect to realistic software defects embedded within used COTS compone...

In this paper we present a differential fault attack that can be applied to the AES using a single fault. We demonstrate that when a single random byte fault is induced at the input of the eighth round, the AES key can be deduced using a two stage algorithm. The first step has a statistical expectation of reducing the possible key hypotheses to 2, and the second step to a mere 2.

The S-box lookup is one of the most important operations in cipher algorithm design, and also is the most effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies an active fault based implementation attack on block ciphers with S-box. Firstly,...

Differential Fault Analysis (DFA) finds the key of a block cipher using differential information between correct and faulty ciphertexts obtained by inducing faults during the computation of ciphertexts. Among many ciphers AES has been the main target of DFA due to its popularity. DFA of AES has also been diversified into several directions: reducing the required number of faults, applying it to...

This paper addresses the relations between logic circuit synthesis, error model and error control codes so that the eecient reliable logic circuits can be obtained. We propose that single fault masking capability of a random logic circuit can be obtained by encoding its outputs in a byte error correcting code; this is equivalent to that of the triple modulo redundancy (TMR) technique. Similarly...

In this paper we describe two different DFA attacks on the AES. The first one uses a theoretical fault model that induces a fault on only one bit of an intermediate result, hence allowing us to obtain the key by using 50 faulty ciphertexts for an AES-128. The second attack uses a more realistic fault model: we assume that we may induce a fault on a whole byte. For an AES-128, this second attack...

In order to achieve fault tolerance, highly reliable system often require the ability to detect errors as soon as they occur and prevent the speared of erroneous information throughout the system. Thus, the need for codes capable of detecting and correcting byte errors are extremely important since many memory systems use b-bit-per-chip organization. Redundancy on the chip must be put to make f...

In this paper we propose an improved multi-byte differential fault analysis of AES-128 key schedule using a single pair of fault-free and faulty ciphertexts. We propose a four byte fault model where the fault is induced at ninth round key. The induced fault corrupts all the four bytes of the first column of the ninth round key which subsequently propagates to the entire tenth round key. The ele...

Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault attack techniques on various cryptosystems have been proposed. Most of these techniques, like Differential Fault Analysis, Safe Error Attack, and Collision Fault Analysis have the requirement to process two inputs that are either identical or related, in order to generate pairs of correct/faulty cipherte...

Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault attack techniques on various cryptosystems have been proposed. Most of these techniques, like Differential Fault Analysis, Safe Error Attack, and Collision Fault Analysis have the requirement to process two inputs that are either identical or related, in order to generate pairs of correct/faulty cipherte...