Defeating with Fault Injection a Combined Attack Resistant Exponentiation

  title={Defeating with Fault Injection a Combined Attack Resistant Exponentiation},
  author={Benoit Feix and Alexandre Venelli},
Since the introduction of the side-channel and fault injection analysis late in the 90's, implementing cryptographic standards on embedded devices has become a difficult challenge. Developers were obliged to add new appropriate countermeasures into their code. To prevent those separate threats, they often implemented countermeasures separately. The side-channel dedicated countermeasures were added to the algorithm when on the other hand specific protections against fault injections, like… 

A secure exponentiation algorithm resistant to a combined attack on RSA implementation

It is shown that this combined attack (CA) can be applied to the Boscher, Naciri, and Prouff algorithm, which is an SPA/fault attack (FA)-resistant exponentiation method for RSA implementation.

A New Exponentiation Algorithm Resistant to Combined Side Channel Attack

This paper shows that the BNP (Boscher, Naciri, and Prouff) algorithm for RSA, which is an SPA/FA-resistant exponentiation method, is also vulnerable to the combined attack and proposes a new exponentiation algorithm resistant to power analysis and fault attack.

You can detect but you cannot hide: Fault Assisted Side Channel Analysis on Protected Software-based Block Ciphers

This work proposes an evaluation platform capable to perform emulated fault injection campaigns against modern MCUs and at the same time able to acquire experimental electromagnetic EM emissions and power traces of cryptographic computations to be used for SCA attacks.

A Note on the Security of CHES 2014 Symmetric Infective Countermeasure

Four different attacks that exploit the infection algorithm to disturb the round counter and related variables are developed and allow one to efficiently recover the secret key of the underlying cryptosystem by using any of the three most popular fault models used in literature.

A Physical Combined Attack and its Countermeasure on BNP Exponentiation Algorithm

This paper diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack and proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

Fault Cryptanalysis of CHES 2014 Symmetric Infective Countermeasure

This paper investigates the security of a new symmetric infective countermeasure suggested at CHES 2014 and develops four dierent at- tacks allowing one to eciently recover the secret key of the underlying cryptosystem by using any of the three most popular fault models used in literature.

Fault Analysis of Infective AES Computations

The first attacks on both infective symmetric implementations are presented, thus proving that these propositions rely on incomplete security analyses, and shows once again that it is very difficult to design a secure infective countermeasure.

Lost in Translation: Fault Analysis of Infective Security Proofs

A flaw in the proof of security of the translation of infective countermeasures is revealed and it is proved that such a methodology does not provide secure results and must not be used to design effective countermeasures.

Implementation Aspects of Security and Privacy in Embedded Design (Beveiliging en privacy in ingebedde systemen: implementatieaspecten)

This thesis shows how physical attacks are still a prominent threat for secure devices by successfully attacking a widely used family of secure memories and devise and thoroughly evaluate a high-level mitigation against side channel attacks.



An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis

This paper focuses on a means to counteract fault attacks by presenting a new way of implementing exponentiation algorithms that can be used to obtain fast FA-resistant RSA signature generations in both the straightforward method and Chinese remainder theorem modes.

Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis

This paper demonstrates that combined attacks are also effective on symmetric cryptosystems and shows how they may jeopardize a supposedly state of the art secure AES implementation.

Public Key Perturbation of Randomized RSA Implementations

The case of fault injections is considered and it is described here how to recover the RSA private key under a practical fault model and is the first fault attack against RSA implementations with the exponent randomization countermeasure.

Combined Implementation Attack Resistant Exponentiation

This paper considers instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems, and proposes a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.

Using templates to distinguish multiplications from squaring operations

This work presents the first attack that this work is aware of where template analysis can be used without requiring an open device to characterize an implementation of a given cryptographic algorithm.

Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity

This work presents several novel exponentiation algorithms, namely, a protected square-and-multiply algorithm, its right-to-left counterpart, and several protected sliding-window algorithms, which share the common feature that the complexity is globally unchanged compared to the corresponding unprotected implementations.

To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order

A novel combined attack against ECC implementations that exploits specially crafted, but valid input points that turn into points of very low order after fault injection.

Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security

This paper presents two variants of a novel generic attack, which works for considerable error rates at each bit position, disproving the hypothesis that mere exponent blinding is always sufficient.

Defeating RSA Multiply-Always and Message Blinding Countermeasures

A new correlation power attack on RSA's modular exponentiation implementations is introduced, defeating both message blinding and multiply-always countermeasures, and it is demonstrated that cross correlation analysis is efficient on hardware RSA implementations, even in the presence of messages blinding and strong hiding countermeasures.

BiTR: Built-in Tamper Resilience

This paper puts forward the notion of Built-in Tamper Resilience (BiTR) for cryptographic protocols, capturing the idea that the protocol that is encapsulated in a hardware token is designed in such a way so that tampering gives no advantage to an adversary.