International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Protecting against Statistical Ineffective Fault Attacks

Authors:
Joan Daemen , Radboud University, Nijmegen, The Netherlands
Christoph Dobraunig , Radboud University, Nijmegen, The Netherlands; Graz University of Technology, Graz, Austria
Maria Eichlseder , Graz University of Technology, Graz, Austria
Hannes Gross , SGS Digital Trust Services GmbH, Graz, Austria
Florian Mendel , Infineon Technologies AG, Neubiberg, Germany
Robert Primas , Graz University of Technology, Graz, Austria
Download:
DOI: 10.13154/tches.v2020.i3.508-543
URL: https://tches.iacr.org/index.php/TCHES/article/view/8599
Search ePrint
Search Google
Presentation: Slides
Abstract: Statistical Ineffective Fault Attacks (SIFA) pose a threat for many practical implementations of symmetric primitives. Countermeasures against both power analysis and fault attacks typically do not prevent straightforward SIFA attacks, which require only very limited knowledge about the concrete implementation. Therefore, the exploration of countermeasures against SIFA that do not rely on protocols or physical protection mechanisms is of great interest. In this paper, we describe different countermeasure strategies against SIFA. First, we introduce an abstraction layer between the algorithmic specification of a cipher and its implementation in hardware or software to study and describe resistance against SIFA. We then show that by basing the masked implementation on permutations as building blocks, we can build circuits that withstand single-fault SIFA and DPA attacks. We show how this approach can be applied to 3-bit, 4-bit, and 5-bit S-boxes and the AES S-box. Additionally, we present a strategy based on fine-grained fault detection suitable for protecting any circuit against SIFA attacks. Although this approach may lead to a higher implementation cost due to the fine-grained detection needed, it can be used to protect arbitrary circuits and can be generalized to cover multi-fault SIFA. For single-fault SIFA protection, our countermeasures only have a small computational overhead compared to a simple combination of masking and duplication.
Video from TCHES 2020
BibTeX
@article{tches-2020-30400,
  title={Protecting against Statistical Ineffective Fault Attacks},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Issue 3},
  pages={508-543},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8599},
  doi={10.13154/tches.v2020.i3.508-543},
  author={Joan Daemen and Christoph Dobraunig and Maria Eichlseder and Hannes Gross and Florian Mendel and Robert Primas},
  year=2020
}