Differential fault attack (DFA) is a distinctive methodology for acquiring the key to block ciphers, which comprises two distinct strategies: DFA on state and schedule. Given widespread adoption of Advanced Encryption Standard (AES), it has emerged as prominent target DFA. This paper presents an efficient AES, utilizing two−byte model that induces faults at with discontiguous rows. The experime...

This paper presents a novel approach to tolerating transient data faults that may affect the software executing on commercial-of-the-shelf (COTS) embedded processors. The main concept of the approach is the use of information redundancy, in which the program user data and user stack areas are duplicated byte-forbyte in areas of RAM known as mirror arrays. We also present a novel approach to imp...

In this paper we describe a differential fault attack technique working against Substitution-Permutation Networks, and requiring very few faulty ciphertexts. The fault model used is realistic, as we consider random faults affecting bytes (faults affecting one only bit are much harder to induce). We implemented our attack on a PC for both the AES and KHAZAD. We are able to break the AES-128 with...

This paper describes an attack on cryptographic devices called Differential Behavioral Analysis (or DBA). This is an hybrid attack between two already powerful attacks: differential power analysis (DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire sec...

Smart cards are the safer device to execute cryptographic algorithms. Applications are verified before being loaded in the card. Recently, the idea of combined attacks to bypass byte code verification has emerged. Indeed, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam to become mutant applications or fault enabled viruses. We propose a frame...

The m-spotty byte error control codes can correct or detect multiple spotty byte errors that are distributed in multiple bytes. These codes are successfully applied to computer memory systems that use RAM chips with b-bit Input/Output data when high-energy particles strike a particular RAM chips. In this paper, we derive a MacWilliams type identity for m-spotty Hamming weight enumerator over th...

Faults occurred during the operations in a hardware device cause many problems such as performance deterioration, unreliable output, etc. If a fault occurs in a cryptographic hardware device, the effect can be even serious because an adversary may exploit it to find the secret information stored in the device. More precisely, the adversary can find the key of a block cipher using differential i...