Shivam Bhasin,Jingyu Pan,Fan Zhang

2018-01-01

Abstract:This works gives an overview of persistent fault attacks on block ciphers, a recently introduced fault analysis technique based on persistent faults. The fault typically targets stored constant of cryptographic algorithms over several encryption calls with a single injection. The underlying analysis technique statistically recovers the secret key and is capable of defeating several popular countermeasures by design.

Hao Chen,Tao Wang,Fan Zhang,Xinjie Zhao,Wei He,Lumin Xu,Yunfei Ma

DOI: https://doi.org/10.1155/2017/8051728

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:HIGHT is a lightweight block cipher which has been adopted as a standard block cipher. In this paper, we present a bit-level algebraic fault analysis (AFA) of HIGHT, where the faults are perturbed by a stealthy HT. The fault model in our attack assumes that the adversary is able to insert a HT that flips a specific bit of a certain intermediate word of the cipher once the HT is activated. The HT is realized by merely 4 registers and with an extremely low activation rate of about 0.000025. We show that the optimal location for inserting the designed HT can be efficiently determined by AFA in advance. Finally, a method is proposed to represent the cipher and the injected faults with a merged set of algebraic equations and the master key can be recovered by solving the merged equation system with an SAT solver. Our attack, which fully recovers the secret master key of the cipher in 12572.26 seconds, requires three times of activation on the designed HT. To the best of our knowledge, this is the first Trojan attack on HIGHT.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Fan Zhang,Xinjie Zhao,Wei He,Shivam Bhasin,Shize Guo

DOI: https://doi.org/10.1007/s11432-016-0233-0

2017-01-01

Science China Information Sciences

Abstract:>Fault analysis is a very powerful technique to break cryptographic implementations.In particular,bitlevel fault analysis(BLFA),where faults are injected by flipping one or a few isolated bits,are among the most efficient of the lot.BLFA requires both precise fault injection capabilities and sophisticated key extraction skills.Algebraic fault analysis(AFA)[1]is a good analysis technique for BLFA.Compared with differential fault analysis(DFA),AFA relies on the automation from machine solvers.Since it fully utilizes the leakages

Xinjie Zhao,Tao Wang,Shize Guo,Fan Zhang,Zhijie Shi,Huiying Liu,Kehui Wu

2011-01-01

Abstract:Introduced in 2009, Algebraic Side-Channel Attack (ASCA) has become a very effective cryptanalysis technique that is different from conventional side-channel attacks such as DPA and CPA. In this paper, we propose an innovative and generic attack framework named as SATETASCA (SAT based Error Tolerant Algebraic Side-Channel Attack). The proposed framework is effective even if the leakage information is not accurate and has large variants or errors. We show its generality by successfully launching SAT-ETASCA to AES on two different platforms, using different types of leakages. The first attack is to an AES implementation on an 8-bit microcontroller, using the Hamming weight leakage model. We demonstrate that SAT-ETASCA can recover the full key even when the obtained leakage information has about 60% errors. The second attack is based on an innovative idea of applying the external cache …

Xue Gong,Fan Zhang,Xinjie Zhao,Jie Xiao,Shize Guo

DOI: https://doi.org/10.1109/tifs.2024.3495234

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Persistent Fault Analysis (PFA) is a powerful analysis technique proposed in CHES 2018, which utilizes those faults that are injected before execution and persist throughout the encryption. However, when it is applied to the block cipher which has multiple S-boxes, the key can not be recovered in just one attack. The adversary has to conduct the fault attack several times and inject faults into all the distinct S-boxes. In this paper, we propose Key Schedule Guided Persistent Fault Attack (KGPFA), which utilizes the key schedule to guide the fault injection and fault analysis. By analyzing the key schedule, KGPFA exploits the relations between the key leakages caused by the same faulty S-box in various rounds. It can reduce the number of attacks and the number of faults required to recover the key. Our major contributions are twofold. Firstly, in the fault injection step, we provide Key Schedule Guided Persistent Fault Injection (KGPFI) strategies to reduce the number of attacks and the number of faults under the assumption of both ciphertext-only and known-plaintext attacks. Secondly, in the fault analysis step, as our target ciphers are Feistel-based, we propose the Ineffective Algebraic Persistent Fault Analysis (IAPFA) to extend the usage of Algebraic Persistent Fault Analysis (APFA) in the ineffective persistent fault setting. To demonstrate the effectiveness of our technique, we apply KGPFA to four widely used block ciphers with multiple S-boxes, DES, 3DES, LBlock, and Camellia. In our experiment, in the ciphertext-only attack, the key of DES can be recovered with 300 ineffective ciphertexts (coresponding to 827 ciphertexts) and four faulty S-boxes within 12.18min. Under the assumption of known-plaintext, the key of DES is recovered within two faulty S-boxes in 2.34h. For LBlock, the key is recovered with two faulty S-boxes and 100 ineffective ciphertexts (coresponding to 6211 ciphertexts) in 1.16min.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Xinjie Zhao,Fan Zhang,Shize Guo,Zheng Gong

DOI: https://doi.org/10.1007/s11432-017-9179-4

2018-01-01

Science China Information Sciences

Abstract:Dear editor, Fault analysis is a very powerful technique used to break cryptographic inplementations.In particular,bit-level fault attacks (BLFAs),where one or a few isolated bits are flipped to inject faults,are among the imost efficient of the lot.Because it requires both precise fault injection and sophisticated key extraction,a BLFA is very difficult to conduct in practice.However,if the underlying cryptographic hardware is maliciously modified,a BLFA can be easily achieved.This recent security threat is popularly known as a hardware Trojan horse (HTH) [1].An HTH is a byproduct of the very popular and economically necessary outsourcing trend in the semiconductor industry.A well-designed HTH can precisely inject any type of bit-level fault.The corresponding attack is called a hardware-Trojan-based bit-level fault attack (HTH-BLFA).

Yulin Zhao,Jiayou Song,Xingjun Wu,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693139

2018-01-01

Abstract:Hardware Trojans (HT) have become a new threat to integrated circuits, which is difficult to be detected and couldn’t be removed. Most of the HTs are designed for extracting the secret key in cryptographic devices. We proposed a new implementation of Trojan side-channel (TSC) combining with side channel attacks (SCA) in this article. This TSC could change the random numbers input of the encryption algorithm with masking method and invalid the protective measures (masking scheme) of encryption algorithm. We insert the TSC into SM4 algorithm and test it on FPGA and the experimental results prove the feasibility of the proposed scheme.

Qian Wang,An Wang,Gang Qu,Guoshuang Zhang

DOI: https://doi.org/10.1109/tmscs.2016.2643638

2017-01-01

IEEE Transactions on Multi-Scale Computing Systems

Abstract:Fault Sensitivity Analysis (FSA) is a side-channel attack that utilizes the sensitive delay of circuits to retrieve the key in cryptographic systems. In this paper, we propose the concept of right or wrong collision (RWC) rate and use it to build templates on two S-boxes, one is the target of the attack and the other is used as a reference. Compared to the traditional Hamming weight model which has eight different values, our template model is two-dimensional with 256 different values and has the potential to significantly reduce the number of plaintext required to reveal the key. Attack experiments show that our template attack can successfully break the masked AES algorithm with only one clock frequency. Furthermore, we propose two improved template attack methods that can reduce the complexity for building templates to 1/256 and 9/256 of the original method, respectively. The improved method with different frequencies also improves the efficiency of template matching by 86.3 percent. Finally and most importantly, our methods can be used to break masked AES where the S-boxes do not have to be implemented by parallel AND gates, a major limitation of the current Hamming weight models.

Qian Wang,An Wang,Liji Wu,Gang Qu,Guoshuang Zhang

DOI: https://doi.org/10.1109/HST.2015.7140245

2015-01-01

Abstract:Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.

Nan Liao,Xiaoxin Cui,Tian Wang,Kai Liao,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/icist.2016.7483412

2016-01-01

Abstract:A high-efficient fault attack on AES S-box is proposed in this paper. Faults are introduced in the encryption process by changing the mapping relationship of S-box. Based on the round in which the faults are introduced, two fault models are presented. Attack results show that the first model only needs 16 faulty ciphertexts to recover the 128-bit secret key. The second fault model is more efficient. In this model, two rounds of attacks are enough to find out the 4-byte round-key based on DFA on the 9th round S-box. For covering all the possible fault situations, influence of multi-byte faults are considered, which effectively improves the attack accuracy and reduces the attack rounds. Compared with previous fault models, our work in this paper shows significant advantage of efficiency.

An Wang,Yu Zhang,Weina Tian,Qian Wang,Guoshuang Zhang,Liehuang Zhu

DOI: https://doi.org/10.1007/s11432-016-0616-4

2018-01-01

Abstract:In CHES 2010, Fault Sensitivity Analysis (FSA) on Advanced Encryption Standard (AES) hardware circuit based on S-box setup-time acquired by injecting clock glitches is proposed. Soon after, some improvements of FSA were presented such as colliding timing characteristics from Moradi et al. However, the acquisition of timing characteristics requires complex procedure due to the very gradual decrease of clock glitch cycle and the heavy requirements of setup-time samples. In HOST 2015, Wang et al. presented template-based right or wrong collision rate attack to improve the efficiency of FSA, but its profiling and plaintexts-choice procedures required too many encryptions. In this paper, we fix only one specific clock glitch cycle, and take the right or wrong collision rate as a collision distinguisher. So, the whole process is a non-profiling collision attack which can be executed automatically without massive pre-computations and interactions between PC and signal generator. According to the experiments, 256 encryptions are enough for exactly deciding whether two plaintext bytes can induce an S-box collision. Compared with the existing power analysis and FSA-based attacks on AES hardware, it costs negligible time (about 6.65 s) and storage space (only one byte), and no offline computations for finding the collision between two masked S-boxes. Furthermore, our study shows that the signal-to-noise ratio in FSA-based attacks is much higher than power-based attacks.

Qianmei Wu,Fan Zhang,Shize Guo,Kun Yang,Haoting Shen

DOI: https://doi.org/10.1109/tc.2024.3416682

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:As a common defense against side-channel attacks, random delay insertion introduces noise into the executive flow of encryption, which increases attack complexity. Accordingly, various techniques are exploited to mitigate the defense effect of such insertions. As an advanced mathematical technique, wavelet analysis is considered to be a more effective technology according to its detailed and comprehensive interpretation of signals. In this paper, we propose a unified and fully automated wavelet-based attack framework (denoted as UWAF), whose data processing is kept within one unified wavelet domain, with three enhanced components: denoising, alignment and key extraction. We put forward a new idea of combining machine learning with wavelet analysis to realize the full automation of the program for attack framework, rendering it possible to search exhaustively for the optimal combination of parameter settings in wavelet transform. Our proposal finds a new setting of wavelet parameters that have not been exploited ever before and achieves the performance enhancement for about 20 times fewer traces required for successful key recovery. UWAF is compared with several mainstream attack frameworks. Experimental results show that it outperforms those counterparts, and can be considered as an effective framework-level solution to defeat the countermeasure of random delay insertion.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.06.001

2012-01-01

Abstract:The security of EPCBC,a lightweight block cipher proposed in CANS 2011,against the side-channel cube attack is evaluated by combining cube cryptanalysis with side-channel attack under the 8-bit Hamming weight leakage model.Under the black-box attack scenario,the adversary firstly generates random cube and superpoly.Then the cube is used to generate chosen plaintexts.The adversary deduces one bit of the intermediate state from the side-channel attack for each chosen plaintext and computes the high order differences of these one bit values to verify the relations between the cube and superpoly.Simulation experiments are launched on two variants of EPCBC with different block lengths.The results demonstrate that the unprotected implementation of EPCBC is vulnerable to side-channel cube attacks.If the adversary can accurately deduce the Hamming weight of the intermediate states from the side-channel leakages,many cubes and superpolys can be extracted and used for key recovery.372 chosen plaintexts can recover 48-bit of the master key for EPCBC(48,96) and reduce the key search space to 248.610 chosen plaintexts can recover full 96-bit of the master key for EPCBC(96,96) directly.The techniques of this paper can provide certain references to black-box side-channel cube attacks on other block ciphers.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Zhe Liu,Jean-Francois Gallais

DOI: https://doi.org/10.1016/j.cose.2013.07.002

IF: 5.105

2013-01-01

Computers & Security

Abstract:Existing trace driven cache attacks (TDCAs) can only analyze the cache events in the first two rounds or the last round of AES, which limits the efficiency of the attacks. Recently, Zhao et al. proposed the multiple deductions-based algebraic side-channel attack (MDASCA) to cope with the errors in leakage measurements and to exploit new leakage models. Their preliminary results showed that MDASCA can improve TDCAs and attack the AES implemented with a compact lookup table of 256 bytes. This paper performs a comprehensive study of MDASCA-based TDCAs (MDATDCA) on most of the AES implementations that are widely used. First, the key recovery in TDCA is depicted by an abstract model regardless of the specific attack techniques. Then, the previous work of TDCAs on AES is classified into three types and its limitations are analyzed. How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA. Extensive experiments are conducted under different implementations, attack scenarios and key lengths of AES. The experimental results are consistent with the theoretical analysis. Many improvements are achieved. For the first time, we show that TDCAs on AES-192 and AES-256 become possible with the MDATDCA technique. Our work attests that combining TDCAs with algebraic techniques is a very efficient way to improve cache attacks.

Fan Zhang,Yiran Zhang,Huilong Jiang,Xiang Zhu,Shivam Bhasin,Xinjie Zhao,Zhe Liu,Dawu Gu,Kui Ren

DOI: https://doi.org/10.13154/tches.v2020.i2.172-195

2020-01-01

Abstract:Persistence fault analysis (PFA) is a novel fault analysis technique proposed in CHES 2018 and demonstrated with rowhammer-based fault injections. However, whether such analysis can be applied to traditional fault attack scenario, together with its difficulty in practice, has not been carefully investigated. For the first time, a persistent fault attack is conducted on an unprotected AES implemented on ATmega163L microcontroller in this paper. Several critical challenges are solved with our new improvements, including (1) how to decide whether the fault is injected in SBox; (2) how to use the maximum likelihood estimation to pursue the minimum number of ciphertexts; (3) how to utilize the unknown fault in SBox to extract the key. Our experiments show that: to break AES with physical laser injections despite all these challenges, the minimum and average number of required ciphertexts are 926 and 1641, respectively. It is about 38% and 28% reductions of the ciphertexts required in comparison to 1493 and 2273 in previous work where both fault value and location have to be known. Furthermore, our analysis is extended to the PRESENT cipher. By applying the persistent fault analysis to the penultimate round, the full PRESENT key of 80 bits can be recovered. Eventually, an experimental validation is performed to confirm the accuracy of our attack with more insights. This paper solves the challenges in most aspects of practice and also demonstrates the feasibility and universality of PFA on SPN block ciphers.

Fan Zhang,Yiran Zhang,Shengwen Shi,Shize Guo,Ziyuan Liang,Samiya Qureshi,Congyuan Xu

DOI: https://doi.org/10.1109/PADSW.2018.8644906

2018-01-01

Abstract:An optimized lightweight Hardware Trojan (HT)based fault attack is proposed, especially for those resource-constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA)is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.

An Wang,Man Chen,Zongyue Wang,Xiaoyun Wang

DOI: https://doi.org/10.1109/TCSII.2013.2268379

2013-01-01

Abstract:In 2011, Li presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the other two inputs. Therefore, some sophisticated glitch cycles can be chosen such that the values in the critical path of the whole S-box are destroyed but this short path is not affected. As a result, the output mask does not offer protection to the S-box, which leads to a more efficient attack. Compared with three attacks on masking countermeasures at the Workshop on Cryptographic Hardware and Embedded Systems 2010 and 2011, our method only costs about 8% of their time and 4% of their storage space.

Xiaofei Dong,Fan Zhang,Samiya Queshi,Yiran Zhang,Ziyuan Liang,Bolin Yang,Feng Gao

DOI: https://doi.org/10.1109/asianhost.2018.8607162

2018-01-01

Abstract:Random delay insertion is a simple yet rather effective technique to increase the difficulty for traditional power analysis. However as compared to the random masking technique, it is uncommonly used as a countermeasure considering the frequency analysis. In this paper, it is investigated that the frequency analysis may not work as efficiently as expected when facing to advanced random delay countermeasures. Hence, a novel attack is proposed which is in the wavelet domain. After preprocessing the wavelet coefficients of power traces with wavelet decomposition, the effects of multiple random delays can be removed. Two attack strategies are proposed to recover the secret key: either indirectly from the reconstructed power traces without random delays or directly from the processed wavelet coefficients. Our experimental results show that the wavelet-based power analysis attack can perform much better than those frequency-based ones, which is evaluated through several standard metrics to show the efficiency and robustness.