A Framework to Counter Statistical Ineffective Fault Analysis of Block Ciphers Using Domain Transformation and Error Correction

Right from its introduction, fault attacks (FA) have been established to be one of the most practical threats to both public key and symmetric key based cryptosystems. Statistical Ineffective Fault Analysis (SIFA) is a recently proposed class of fault attacks introduced at CHES 2018. The fascinating...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2020, Vol.15, p.1905-1919
Main Authors: Saha, Sayandeep, Jap, Dirmanto, Basu Roy, Debapriya, Chakraborty, Avik, Bhasin, Shivam, Mukhopadhyay, Debdeep
Format: Article
Language:English
Subjects:
Algorithms
block cipher
Ciphers
Computer systems
Cryptography
Domains
Encryption
Error correction
Error correction & detection
Fault attack
Masking
Redundancy
Target masking
Transformations (mathematics)
Transforms
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Right from its introduction, fault attacks (FA) have been established to be one of the most practical threats to both public key and symmetric key based cryptosystems. Statistical Ineffective Fault Analysis (SIFA) is a recently proposed class of fault attacks introduced at CHES 2018. The fascinating feature of this attack is that it exploits the correct ciphertexts obtained during a fault injection campaign, instead of the faulty ciphertexts. SIFA has been shown to bypass almost all of the existing fault attack countermeasures even when they are combined with masking schemes for side-channel resistance. The goal of this work is to propose a countermeasure framework for SIFA. It has been observed that a randomized domain transformation of the intermediate computation combined with bit-level error correction can prevent SIFA attacks. The domain transformation (Transform) can be realized by standard masking schemes. In fact, we prove that if biased faults are injected at the state register of a block cipher at a certain target round, then masking is sufficient for SIFA protection, until all the shares for a specific bit are corrupted. However, masking alone cannot prevent SIFA if the faults are injected at certain specific locations inside the S-Boxes. To address this issue, we incorporate a bit-level error-correction mechanism (Encode). An instantiation of this Transform-and-Encode (TaE) framework, called AntiSIFA, has been proposed and realized for the block cipher PRESENT as a proof-of-concept. Practical evaluation of the countermeasure implementation in both hardware and software ensures our theoretical claims regarding SIFA security, as well as protection against Side-Channel-Attacks (SCA).
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2019.2952262