Fully automated differential fault analysis on software implementations of block ciphers
Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cann...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/137811 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-137811 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1378112020-04-20T02:51:22Z Fully automated differential fault analysis on software implementations of block ciphers Hou, Xiaolu Breier, Jakub Zhang, Fuyuan Liu, Yang School of Computer Science and Engineering Engineering::Computer science and engineering::Data::Data encryption Differential Fault Analysis Fault Attacks Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification. This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher. NRF (Natl Research Foundation, S’pore) Published version 2020-04-15T04:18:04Z 2020-04-15T04:18:04Z 2019 Journal Article Hou, X., Breier, J., Zhang, F., & Liu, Y. (2019). Fully automated differential fault analysis on software implementations of block ciphers. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(3), 1-29. doi:10.13154/tches.v2019.i3.1-29 2569-2925 https://hdl.handle.net/10356/137811 10.13154/tches.v2019.i3.1-29 3 2019 1 29 en IACR Transactions on Cryptographic Hardware and Embedded Systems © 2019 Xiaolu Hou, Jakub Breier, Fuyuan Zhang, Yang Liu. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Data::Data encryption Differential Fault Analysis Fault Attacks |
| spellingShingle |
Engineering::Computer science and engineering::Data::Data encryption Differential Fault Analysis Fault Attacks Hou, Xiaolu Breier, Jakub Zhang, Fuyuan Liu, Yang Fully automated differential fault analysis on software implementations of block ciphers |
| description |
Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification.
This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Hou, Xiaolu Breier, Jakub Zhang, Fuyuan Liu, Yang |
| format |
Article |
| author |
Hou, Xiaolu Breier, Jakub Zhang, Fuyuan Liu, Yang |
| author_sort |
Hou, Xiaolu |
| title |
Fully automated differential fault analysis on software implementations of block ciphers |
| title_short |
Fully automated differential fault analysis on software implementations of block ciphers |
| title_full |
Fully automated differential fault analysis on software implementations of block ciphers |
| title_fullStr |
Fully automated differential fault analysis on software implementations of block ciphers |
| title_full_unstemmed |
Fully automated differential fault analysis on software implementations of block ciphers |
| title_sort |
fully automated differential fault analysis on software implementations of block ciphers |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/137811 |
| _version_ |
1681059330713976832 |