TY - GEN
T1 - Fault injection resilience
AU - Guilley, Sylvain
AU - Sauvage, Laurent
AU - Danger, Jean Luc
AU - Selmane, Nidhal
PY - 2010/10/26
Y1 - 2010/10/26
N2 - Fault injections constitute a major threat to the security of embedded systems. Errors occurring in the cryptographic algorithms have been shown to be extremely dangerous, since powerful attacks can exploit few of them to recover the full secrets. Most of the resistance techniques to perturbation attacks have relied so far on the detection of faults. We present in this paper another strategy, based on the resilience against fault attacks. The core idea is to allow an erroneous result to be outputted, but with the assurance that this faulty infrmation conveys no information about the secrets concealed in the chip. We first underline the benefits of FIR: false positive are never raised, secrets are not erased uselessly in case of uncompromising faults injections, which increases the card lifespan if the fault is natural and not malevolent, and FIR enables a high potential of resistance even in the context of multiple faults. Then we illustrate two families of fault injection resilience (FIR) schemes suitable for symmetric encryption. The first family is a protocollevel scheme that can be formally proved resilient. The second family mobilizes a special logic-level architecture of the cryptographic module. We notably detail how a countermeasure of this later family, namely dual-rail with precharge logic style, can both protect both against active and passive attacks, thereby bringing a combined global protection of the device. The cost of this logic is evaluated as lower than detection schemes. Finally, we also give some ideas about the modalities of adjunction of FIR to some certification schemes.
AB - Fault injections constitute a major threat to the security of embedded systems. Errors occurring in the cryptographic algorithms have been shown to be extremely dangerous, since powerful attacks can exploit few of them to recover the full secrets. Most of the resistance techniques to perturbation attacks have relied so far on the detection of faults. We present in this paper another strategy, based on the resilience against fault attacks. The core idea is to allow an erroneous result to be outputted, but with the assurance that this faulty infrmation conveys no information about the secrets concealed in the chip. We first underline the benefits of FIR: false positive are never raised, secrets are not erased uselessly in case of uncompromising faults injections, which increases the card lifespan if the fault is natural and not malevolent, and FIR enables a high potential of resistance even in the context of multiple faults. Then we illustrate two families of fault injection resilience (FIR) schemes suitable for symmetric encryption. The first family is a protocollevel scheme that can be formally proved resilient. The second family mobilizes a special logic-level architecture of the cryptographic module. We notably detail how a countermeasure of this later family, namely dual-rail with precharge logic style, can both protect both against active and passive attacks, thereby bringing a combined global protection of the device. The cost of this logic is evaluated as lower than detection schemes. Finally, we also give some ideas about the modalities of adjunction of FIR to some certification schemes.
KW - Denial of Service (DoS)
KW - Differential fault analysis (DFA)
KW - Dual-rail with precharge logic (DPL)
KW - Fault Injection Attack (FIA)
KW - Fault injection resilience (FIR)
KW - Side- channel attack (SCA)
KW - Symmetric block encryption
UR - https://www.scopus.com/pages/publications/77958093762
U2 - 10.1109/FDTC.2010.15
DO - 10.1109/FDTC.2010.15
M3 - Conference contribution
AN - SCOPUS:77958093762
SN - 9780769541693
T3 - Fault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010
SP - 51
EP - 65
BT - Fault Diagnosis and Tolerance in Cryptography - Proceedings of the 7th International Workshop, FDTC 2010
T2 - 7th International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010
Y2 - 21 August 2010 through 21 August 2010
ER -