AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (5.4 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Fault Analysis on AES: A Property-Based Verification Perspective

School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China
School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450001, China
Show Author Information

Abstract

Fault analysis is a frequently used side-channel attack for cryptanalysis. However, existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces. In this work, we take a property-based formal verification approach to fault analysis. We derive fine-grained formal models for automatic fault propagation and fusion, which establish a mathematical foundation for precise measurement and formal reasoning of fault effects. We extract the correlations in fault effects in order to create properties for fault verification. We further propose a method for key recovery, by formally checking when the extracted properties can be satisfied with partial keys as the search variables. Experimental results using both unprotected and masked advanced encryption standard (AES) implementations show that our method has a key search complexity of 216, which only requires two correct and faulty ciphertext pairs to determine the secret key, and does not assume knowledge about fault location or pattern.

Keywords

side-channel attackfault analysisfault propagation modelproperty extractionfault verification

References

[1]
P. C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in Advances in Cryptology—CRYPTO’96, N. Koblitz, ed. Berlin, Germany: Springer, 1996, pp. 104113.
Crossref
[2]
R. Spreitzer, V. Moonsamy, T. Korak, and S. Mangard, Systematic classification of side-channel attacks: A case study for mobile devices, IEEE Commun. Surv. Tutor., vol. 20, no. 1, pp. 465488, 2018.
Crossref Google Scholar
[3]
A. Boscher and H. Handschuh, Masking does not protect against differential fault attacks, in Proc. 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, Washington, DC, USA, 2008, pp. 3540.
Crossref Google Scholar
[4]
W. Hu, A. Althoff, A. Ardeshiricham, and R. Kastner, Towards property driven hardware security, in Proc. 2016 17th Int. Workshop on Microprocessor and SOC Test and Verification (MTV), Austin, TX, USA, 2017, pp. 5156.
Crossref Google Scholar
[5]
H. Wang, H. Li, F. Rahman, M. M. Tehranipoor, and F. Farahmandi, SoFI: Security property-driven vulnerability assessments of ICs against fault-injection attacks, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst., vol. 41, no. 3, pp. 452465, 2022.
Crossref Google Scholar
[6]
D. Boneh, R. A. DeMillo, and R. J. Lipton, On the importance of checking cryptographic protocols for faults, in Advances in Cryptology — EUROCRYPT’97, W. Fumy, Ed. Berlin, Germany: Springer, 1997, pp. 3751.
Crossref
[7]
E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology—CRYPTO’97, W. Fumy, Ed. Berlin, Germany: Springer, 1997, pp. 513525.
Crossref
[8]
N. T. Courtois, K. Jackson, and D. Ware, Fault-algebraic attacks on inner rounds of DES, in Proc. the Strategies Telecom and Multimedia, Montreuil, France. 2010.
Google Scholar
[9]
C. Clavier and A. Wurcker, Reverse engineering of a secret AES-like cipher by ineffective fault analysis, in Proc. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 2013, pp. 119128.
Crossref Google Scholar
[10]
A. Wang, M. Chen, Z. Wang, and X. Wang, Fault rate analysis: Breaking masked AES hardware implementations efficiently, IEEE Trans. Circuits Syst. II, vol. 60, no. 8, pp. 517521, 2013.
Crossref Google Scholar
[11]
T. Fuhr, E. Jaulmes, V. Lomné, and A. Thillard, Fault attacks on AES with faulty ciphertexts only, in Proc. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 2013, pp. 108118.
Crossref Google Scholar
[12]
C. Dobraunig, M. Eichlseder, T. Korak, S. Mangard, F. Mendel, and R. Primas, Sifa: Exploiting ineffective fault inductions on symmetric cryptography, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2018, no. 3, pp. 547572, 2018.
Crossref Google Scholar
[13]
F. Zhang, X. Lou, X. Zhao, S. Bhasin, W. He, R. Ding, S. Qureshi, and K. Ren, Persistent fault analysis on block ciphers, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2018, no. 3, pp.150172, 2018.
Crossref Google Scholar
[14]
G. Wang and S. Wang, Differential fault analysis on PRESENT key schedule, in Proc. 2010 Int. Conf. Computational Intelligence and Security, Nanning, China, 2011, pp. 362366.
Crossref Google Scholar
[15]
H. Momeni, M. Masoumi, and A. Dehghan, A practical fault induction attack against an FPGA implementation of AES cryptosystem, in Proc. World Congress on Internet Security (WorldCIS-2013), London, UK, 2014, pp. 134138.
Crossref Google Scholar
[16]
S. S. Ali and D. Mukhopadhyay, A differential fault analysis on AES key schedule using single fault, in Proc. 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, Nara, Japan, 2011, pp. 3542.
Crossref Google Scholar
[17]
X. X. Wang, H. Wei, T. Jing, Z. Jiacheng, and T. Shibo, Correlation fault attack on aes, Journal of Xidian University, vol. 48, no. 4, pp. 192199, 2021.
Google Scholar
[18]
J. Takahashi and T. Fukunaga, Differential fault analysis on AES with 192 and 256-bit key, in Proc. 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, Santa Barbara, CA, USA, 2010, pp. 39.
Google Scholar
[19]
L. Han, N. Wu, F. Ge, F. Zhou, J. Wen, and P. Qing, Differential fault attack for the iterative operation of AES-192 key expansion, in Proc. 2020 IEEE 20th Int. Conf. Communication Technology (ICCT), Nanning, China, 2020, pp. 11561160.
Crossref Google Scholar
[20]
F. Zhang, S. Guo, X. Zhao, T. Wang, J. Yang, F. X. Standaert, and D. Gu, A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers, IEEE Trans. Inf. Forensics Secur., vol. 11, no. 5, pp. 10391054, 2016.
Crossref Google Scholar
[21]
M. Gay, T. Paxian, D. Upadhyaya, B. Becker, and I. Polian, Hardware-oriented algebraic fault attack framework with multiple fault injection support, in Proc. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Atlanta, GA, USA, 2019, pp. 2532.
Crossref Google Scholar
[22]
S. Saha, M. Alam, A. Bag, D. Mukhopadhyay, and P. Dasgupta, Leakage assessment in fault attacks: A deep learning perspective, https://eprint.iacr.org/2020/306, 2020.
[23]
F. Zhang, Y. Zhang, H. Jiang, X. Zhu, S. Bhasin, X. Zhao, Z. Liu, D. Gu, and K. Ren, Persistent fault attack in practice, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2020, no. 2, pp. 172195, 2020.
Crossref Google Scholar
[24]
G. Xu, F. Zhang, B. Yang, X. Zhao, W. He, and K. Ren, Pushing the limit of PFA: Enhanced persistent fault analysis on block ciphers, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst., vol. 40, no. 6, pp. 11021116, 2021.
Crossref Google Scholar
[25]
K. Bae, S. Moon, D. Choi, Y. Choi, H. D. Kim, and J. Ha, A practical analysis of fault attack countermeasure on AES using data masking, in Proc. Int. Conf. Computing and Convergence Technology (ICCCT), Seoul, Republic of Korea, 2012, pp. 508513.
Google Scholar
[26]
X. Wang, J. Zheng, L. Wu, J. Zhu, and W. Hu, A correlation fault attack on rotating S-box masking AES, in Proc. 2021 Asian Hardware Oriented Security and Trust Symp. (AsianHOST), Shanghai, China, 2022, pp. 16.
Crossref Google Scholar
[27]
C. Dobraunig, M. Eichlseder, H. Gross, S. Mangard, F. Mendel, and R. Primas, Statistical ineffective fault attacks on masked AES with fault countermeasures, in Proc. 24th Int. Conf. Theory and Application of Cryptology and Information Security, Taipei, China, 2018, pp. 315342.
Crossref Google Scholar
[28]
Description of the masked AES of the DPA contest v4, https://www.dpacontest.org/v4/data/rsm/aes-rsm.pdf, 2022.
Tsinghua Science and Technology
Volume 29 Issue 2,
April 2024
Pages 576-588
DOI: 10.26599/TST.2023.9010035
Cite this article:
Dai X, Wang X, Qu X, et al. Fault Analysis on AES: A Property-Based Verification Perspective. Tsinghua Science and Technology, 2024, 29(2): 576-588. https://doi.org/10.26599/TST.2023.9010035

477

Views

68

Downloads

0

Crossref

1

Web of Science

1

Scopus

0

CSCD

Altmetrics
Received: 07 March 2023
Revised: 28 April 2023
Accepted: 03 May 2023
Published: 22 September 2023
© The author(s) 2024.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).
Return