13-10-2012, 10:26 AM
Differential Fault Analysis on AES Key Schedule and Some Countermeasures
Differential Fault Analysis.pdf (Size: 266.26 KB / Downloads: 49)
Abstract.
This paper describes a DFA attack on the AES key schedule.
This fault model assumes that the attacker can induce a single byte
fault on the round key. It efficiently finds the key of AES-128 with
feasible computation and less than thirty pairs of correct and faulty
ciphertexts. Several countermeasures are also proposed. This weakness
can be resolved without modifying the structure of the AES algorithm
and without decreasing the efficiency.
Introduction
Since physical cryptanalysis [1,2,3,4] was first considered a few years ago, secure
implementations of cryptographic systems have received much attention. Conventional
cryptanalysis deals with only the mathematical properties of a system,
but physical cryptanalysis focuses on the physical behavior of a system when an
implementation executes.
Differential fault analysis (DFA) is one category of physical cryptanalysis and
was originally proposed by Biham and Shamir in 1997 [5]. It assumes that an attacker
can induce faults into a system and collect the correct as well as the faulty
behaviors. The attacker compares the behaviors in order to retrieve the secret
information embedded inside a system (more precisely, an implementation). As
to the reality of DFA attacks or other kind of hardware fault attacks, it was
once considered to be more or less theoretical work. However, more and more
researchers in this field warn people of the danger of hardware fault attacks.
The DFA Attack on the AES-128 Key Schedule
This section describes DFA on AES-128 with round keys generated on the fly.
It assumes that the attacker can induce a single byte fault on the round key
and collect the correct ciphertext C as well as the faulty ciphertext D. The idea
of this attack is also suitable for AES-192 and AES-256, but the attacker can
retrieve only a part of round keys.
Faults on the Last Four Bytes of K9
In order to retrieve the last four bytes of K9, a fault is induced only on one
of last four bytes in K9. When the single one-byte fault occurs, there are five
non-zero bytes in C ⊕D. Four bytes of them are equal and lay on the same row.
The remaining one is placed on the particular byte corresponded to where the
fault is induced on. If the faults occur on more bytes, there will be more non-zero
rows in C ⊕D. Inducing faults on more bytes doesn’t mean that this attack will
fail. It may reduce the required samples but need analyze case by case.
Conclusions
This paper describes the DFA attack on the AES-128 key schedule. This method
can retrieve thirteen bytes of the round key efficiently with an acceptable amount
of samples. Another three bytes are derived by exhaustive search with feasible
computation. In most cases, it only requires one correct and twenty-two faulty
ciphertexts. And forty-four samples are sufficient in the worst case.
This paper also recommends three possible countermeasures against the proposed
DFA. The first and the second countermeasures are to avoid generating
the round key on the fly. The last countermeasure is a parity check method,
i.e., a method to verify the correctness of the round key. None of these three
countermeasures need to modify the AES algorithm.