TY - JOUR
T1 - Practical DFA strategy for AES under limited-access conditions
AU - Sakiyama, Kazuo
AU - Li, Yang
AU - Gomisawa, Shigeto
AU - Hayashi, Yu Ichi
AU - Iwamoto, Mitsugu
AU - Homma, Naofumi
AU - Aoki, Takafumi
AU - Ohta, Kazuo
N1 - Copyright:
Copyright 2014 Elsevier B.V., All rights reserved.
PY - 2014
Y1 - 2014
N2 - Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remotefault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.
AB - Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remotefault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.
KW - Advance encryption standard
KW - Cryptography
KW - Differential fault analysis
KW - Intentional electromagnetic interference
KW - Uncertain faults
UR - http://www.scopus.com/inward/record.url?scp=84898667181&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84898667181&partnerID=8YFLogxK
U2 - 10.2197/ipsjjip.22.142
DO - 10.2197/ipsjjip.22.142
M3 - Article
AN - SCOPUS:84898667181
VL - 22
SP - 142
EP - 151
JO - Journal of Information Processing
JF - Journal of Information Processing
SN - 0387-5806
IS - 2
ER -