Fault Analysis on AES: A Property-Based Verification Perspective

Xiaojie Dai; Xingxin Wang; Xue Qu; Baolei Mao; Wei Hu

doi:10.26599/TST.2023.9010035

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (5.4 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

Fault Analysis on AES: A Property-Based Verification Perspective

Xiaojie Dai^¹, Xingxin Wang^¹, Xue Qu^¹, Baolei Mao^², Wei Hu^¹(

)

1School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China

2School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450001, China

Show Author Information

Abstract

Fault analysis is a frequently used side-channel attack for cryptanalysis. However, existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces. In this work, we take a property-based formal verification approach to fault analysis. We derive fine-grained formal models for automatic fault propagation and fusion, which establish a mathematical foundation for precise measurement and formal reasoning of fault effects. We extract the correlations in fault effects in order to create properties for fault verification. We further propose a method for key recovery, by formally checking when the extracted properties can be satisfied with partial keys as the search variables. Experimental results using both unprotected and masked advanced encryption standard (AES) implementations show that our method has a key search complexity of $2^{16}$ , which only requires two correct and faulty ciphertext pairs to determine the secret key, and does not assume knowledge about fault location or pattern.

Keywords

side-channel attack fault analysis fault propagation model property extraction fault verification

References

[1]

P. C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in Advances in Cryptology—CRYPTO’96, N. Koblitz, ed. Berlin, Germany: Springer, 1996, pp. 104–113.

Crossref

[2]

R. Spreitzer, V. Moonsamy, T. Korak, and S. Mangard, Systematic classification of side-channel attacks: A case study for mobile devices, IEEE Commun. Surv. Tutor., vol. 20, no. 1, pp. 465–488, 2018.

Crossref Google Scholar

[3]

A. Boscher and H. Handschuh, Masking does not protect against differential fault attacks, in Proc. 2008 5^th Workshop on Fault Diagnosis and Tolerance in Cryptography, Washington, DC, USA, 2008, pp. 35–40.

Crossref Google Scholar

[4]

W. Hu, A. Althoff, A. Ardeshiricham, and R. Kastner, Towards property driven hardware security, in Proc. 2016 17^th Int. Workshop on Microprocessor and SOC Test and Verification (MTV), Austin, TX, USA, 2017, pp. 51–56.

Crossref Google Scholar

[5]

H. Wang, H. Li, F. Rahman, M. M. Tehranipoor, and F. Farahmandi, SoFI: Security property-driven vulnerability assessments of ICs against fault-injection attacks, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst., vol. 41, no. 3, pp. 452–465, 2022.

Crossref Google Scholar

[6]

D. Boneh, R. A. DeMillo, and R. J. Lipton, On the importance of checking cryptographic protocols for faults, in Advances in Cryptology — EUROCRYPT’97, W. Fumy, Ed. Berlin, Germany: Springer, 1997, pp. 37–51.

Crossref

[7]

E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology—CRYPTO’97, W. Fumy, Ed. Berlin, Germany: Springer, 1997, pp. 513–525.

Crossref

[8]

N. T. Courtois, K. Jackson, and D. Ware, Fault-algebraic attacks on inner rounds of DES, in Proc. the Strategies Telecom and Multimedia, Montreuil, France. 2010.

Google Scholar

[9]

C. Clavier and A. Wurcker, Reverse engineering of a secret AES-like cipher by ineffective fault analysis, in Proc. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 2013, pp. 119–128.

Crossref Google Scholar

[10]

A. Wang, M. Chen, Z. Wang, and X. Wang, Fault rate analysis: Breaking masked AES hardware implementations efficiently, IEEE Trans. Circuits Syst. II, vol. 60, no. 8, pp. 517–521, 2013.

Crossref Google Scholar

[11]

T. Fuhr, E. Jaulmes, V. Lomné, and A. Thillard, Fault attacks on AES with faulty ciphertexts only, in Proc. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, Los Alamitos, CA, USA, 2013, pp. 108–118.

Crossref Google Scholar

[12]

C. Dobraunig, M. Eichlseder, T. Korak, S. Mangard, F. Mendel, and R. Primas, Sifa: Exploiting ineffective fault inductions on symmetric cryptography, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2018, no. 3, pp. 547–572, 2018.

Crossref Google Scholar

[13]

F. Zhang, X. Lou, X. Zhao, S. Bhasin, W. He, R. Ding, S. Qureshi, and K. Ren, Persistent fault analysis on block ciphers, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2018, no. 3, pp.150–172, 2018.

Crossref Google Scholar

[14]

G. Wang and S. Wang, Differential fault analysis on PRESENT key schedule, in Proc. 2010 Int. Conf. Computational Intelligence and Security, Nanning, China, 2011, pp. 362–366.

Crossref Google Scholar

[15]

H. Momeni, M. Masoumi, and A. Dehghan, A practical fault induction attack against an FPGA implementation of AES cryptosystem, in Proc. World Congress on Internet Security (WorldCIS-2013), London, UK, 2014, pp. 134–138.

Crossref Google Scholar

[16]

S. S. Ali and D. Mukhopadhyay, A differential fault analysis on AES key schedule using single fault, in Proc. 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, Nara, Japan, 2011, pp. 35–42.

Crossref Google Scholar

[17]

X. X. Wang, H. Wei, T. Jing, Z. Jiacheng, and T. Shibo, Correlation fault attack on aes, Journal of Xidian University, vol. 48, no. 4, pp. 192–199, 2021.

Google Scholar

[18]

J. Takahashi and T. Fukunaga, Differential fault analysis on AES with 192 and 256-bit key, in Proc. 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, Santa Barbara, CA, USA, 2010, pp. 3–9.

Google Scholar

[19]

L. Han, N. Wu, F. Ge, F. Zhou, J. Wen, and P. Qing, Differential fault attack for the iterative operation of AES-192 key expansion, in Proc. 2020 IEEE 20^th Int. Conf. Communication Technology (ICCT), Nanning, China, 2020, pp. 1156–1160.

Crossref Google Scholar

[20]

F. Zhang, S. Guo, X. Zhao, T. Wang, J. Yang, F. X. Standaert, and D. Gu, A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers, IEEE Trans. Inf. Forensics Secur., vol. 11, no. 5, pp. 1039–1054, 2016.

Crossref Google Scholar

[21]

M. Gay, T. Paxian, D. Upadhyaya, B. Becker, and I. Polian, Hardware-oriented algebraic fault attack framework with multiple fault injection support, in Proc. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Atlanta, GA, USA, 2019, pp. 25–32.

Crossref Google Scholar

[22]

S. Saha, M. Alam, A. Bag, D. Mukhopadhyay, and P. Dasgupta, Leakage assessment in fault attacks: A deep learning perspective, https://eprint.iacr.org/2020/306, 2020.

[23]

F. Zhang, Y. Zhang, H. Jiang, X. Zhu, S. Bhasin, X. Zhao, Z. Liu, D. Gu, and K. Ren, Persistent fault attack in practice, IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2020, no. 2, pp. 172–195, 2020.

Crossref Google Scholar

[24]

G. Xu, F. Zhang, B. Yang, X. Zhao, W. He, and K. Ren, Pushing the limit of PFA: Enhanced persistent fault analysis on block ciphers, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst., vol. 40, no. 6, pp. 1102–1116, 2021.

Crossref Google Scholar

[25]

K. Bae, S. Moon, D. Choi, Y. Choi, H. D. Kim, and J. Ha, A practical analysis of fault attack countermeasure on AES using data masking, in Proc. Int. Conf. Computing and Convergence Technology (ICCCT), Seoul, Republic of Korea, 2012, pp. 508–513.

Google Scholar

[26]

X. Wang, J. Zheng, L. Wu, J. Zhu, and W. Hu, A correlation fault attack on rotating S-box masking AES, in Proc. 2021 Asian Hardware Oriented Security and Trust Symp. (AsianHOST), Shanghai, China, 2022, pp. 1–6.

Crossref Google Scholar

[27]

C. Dobraunig, M. Eichlseder, H. Gross, S. Mangard, F. Mendel, and R. Primas, Statistical ineffective fault attacks on masked AES with fault countermeasures, in Proc. 24^th Int. Conf. Theory and Application of Cryptology and Information Security, Taipei, China, 2018, pp. 315–342.

Crossref Google Scholar

[28]

Description of the masked AES of the DPA contest v4, https://www.dpacontest.org/v4/data/rsm/aes-rsm.pdf, 2022.

Tsinghua Science and Technology

Volume 29 Issue 2,
April 2024

Pages 576-588

DOI: 10.26599/TST.2023.9010035

Cite this article:

Dai X, Wang X, Qu X, et al. Fault Analysis on AES: A Property-Based Verification Perspective. Tsinghua Science and Technology, 2024, 29(2): 576-588. https://doi.org/10.26599/TST.2023.9010035

288

Views

Downloads

Crossref

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 07 March 2023

Revised: 28 April 2023

Accepted: 03 May 2023

Published: 22 September 2023

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).