AntiSIFA-CAD: A Framework to Thwart SIFA at the Layout Level
Article No.: 63, Pages 1 - 9
Abstract
Fault Attacks (FA) have gained a lot of attention from both industry and academia due to their practicality, and wide applicability to different domains of computing. In the context of symmetric-key cryptography, designing countermeasures against FA is still an open problem. Recently proposed attacks such as Statistical Ineffective Fault Analysis (SIFA) has shown that merely adding redundancy or infection-based countermeasure to detect the fault doesn't work and a proper combination of masking and error correction/detection is required. In this work, we show that masking which is mathematically established as a good countermeasure against a certain class of SIFA faults, in practice may fall short if low-level details during physical design layout development are not taken care of. We initiate this study by demonstrating a successful SIFA attack on a post placed-and-routed masked crypto design for ASIC platform. Eventually, we propose a fully automated approach along with a proper choice of placement constraints which can be realized easily for any commercial CAD tools to successfully get rid of this vulnerability during the physical layout development process. Our experimental validation of our tool flow over masked implementation on PRESENT cipher establishes our claim.
References
[1]
Alessandro Barenghi et al. 2012. Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures. Proc. IEEE 100, 11 (2012), 3056--3076.
[2]
Eli Biham and Adi Shamir. 1997. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology --- CRYPTO '97, Burton S. Kaliski (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 513--525.
[3]
Begül Bilgin. 2015. Threshold implementations : as countermeasure against higher-order differential power analysis. Ph.D. Dissertation. University of Twente, Enschede, Netherlands. http://purl.utwente.nl/publications/95796
[4]
Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. In CHES. 16--29.
[5]
Christophe Clavier. 2007. Secret External Encodings Do Not Prevent Transient Fault Analysis. In CHES 2007, Pascal Paillier and Ingrid Verbauwhede (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 181--194.
[6]
Joan Daemen, Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Florian Mendel, and Robert Primas. 2020. Protecting against Statistical Ineffective Fault Attacks. IACR TCHES 2020, 3 (Jun. 2020), 508--543.
[7]
D. Das, S. Maity, S. B. Nasir, S. Ghosh, A. Raychowdhury, and S. Sen. 2018. ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity. IEEE Transactions on Circuits and Systems I: Regular Papers 65, 10 (2018), 3300--3311.
[8]
Debayan Das, Mayukh Nath, Baibhab Chatterjee, Santosh Ghosh, and Shreyas Sen. 2019. STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis. In 2019 IEEE HOST. 11--20.
[9]
A. Dehbaoui, J.M. Dutertre, B. Robisson, P. Orsatelli, P. Maurine, and A. Tria. 2012. Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system-. Cryptology ePrint Archive, Report 2012/123. https://ia.cr/2012/123.
[10]
Christoph Dobraunig et al. 2018. SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 3 (Aug. 2018), 547--572.
[11]
Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, and Robert Primas. 2018. Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures. In Advances in Cryptology - ASIACRYPT 2018, Thomas Peyrin and Steven Galbraith (Eds.). Springer International Publishing, Cham, 315--342.
[12]
Thomas Fuhr et al. 2013. Fault Attacks on AES with Faulty Ciphertexts Only. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. 108--118.
[13]
Hannes Gross et al. 2016. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. Cryptology ePrint Archive, Report 2016/486. https://eprint.iacr.org/2016/486.
[14]
Xiaofei Guo, Debdeep Mukhopadhyay, Chenglu Jin, and Ramesh Karri. 2015. Security analysis of concurrent error detection against differential fault analysis. Journal of Cryptographic Engineering 5, 3 (01 Sep 2015), 153--169.
[15]
Mustafa Khairallah, Rajat Sadhukhan, Radhamanjari Samanta, Jakub Breier, Shivam Bhasin, Rajat Subhra Chakraborty, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. 2018. DFARPA: Differential fault attack resistant physical design automation. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE). 1171--1174.
[16]
Johann Knechtel, Elif Bilge Kavun, Francesco Regazzoni, Annelie Heuser, Anupam Chattopadhyay, Debdeep Mukhopadhyay, Soumyajit Dey, Yunsi Fei, Yaacov Belenky, Itamar Levi, Tim Güneysu, Patrick Schaumont, and Ilia Polian. 2020. Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA. In 2020 Design, Automation Test in Europe Conference Exhibition (DATE). 508--513.
[17]
Paul Kocher et al. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). 1--19.
[18]
Paul C. Kocher et al. 1999. Differential Power Analysis. In Proceedings of CRYPTO'99 (LNCS, Vol. 1666). Springer-Verlag, 388--397.
[19]
Sebastian Kutzner, Phuong Ha Nguyen, Axel Poschmann, and Huaxiong Wang. 2013. On 3-Share Threshold Implementations for 4-Bit S-boxes. In Constructive Side-Channel Analysis and Secure Design, Emmanuel Prouff (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 99--113.
[20]
Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Toshinori Fukunaga, Junko Takahashi, and Kazuo Ohta. 2010. Fault Sensitivity Analysis. In Cryptographic Hardware and Embedded Systems, CHES 2010, Stefan Mangard and François-Xavier Standaert (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 320--334.
[21]
Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald. 2005. Successfully attacking masked AES hardware implementations. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 157--171.
[22]
Mitsuru Matsui. 1994. Linear Cryptanalysis Method for DES Cipher. In Advances in Cryptology --- EUROCRYPT '93, Tor Helleseth (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 386--397.
[23]
Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold Implementations Against Side-Channel Attacks and Glitches. In Information and Communications Security, Peng Ning, Sihan Qing, and Ninghui Li (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 529--545.
[24]
Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold implementations against side-channel attacks and glitches. In International Conference on Information and Communications Security. Springer, 529--545.
[25]
Bo Ning and Qiang Liu. 2018. Modeling and Efficiency Analysis of Clock Glitch Fault Injection Attack. In 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). 13--18.
[26]
Carsten Rolfes et al. 2008. Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents. In Smart Card Research and Advanced Applications, Gilles Grimaud and François-Xavier Standaert (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 89--103.
[27]
Sayandeep Saha, Dirmanto Jap, Debapriya Basu Roy, Avik Chakraborty, Shivam Bhasin, and Debdeep Mukhopadhyay. 2020. A Framework to Counter Statistical Ineffective Fault Analysis of Block Ciphers Using Domain Transformation and Error Correction. IEEE Transactions on Information Forensics and Security 15 (2020), 1905--1919.
[28]
Pascal Sasdrich, Oliver Mischke, Amir Moradi, and Tim Güneysu. 2015. Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives. Cryptology ePrint Archive, Report 2015/198. https://eprint.iacr.org/2015/198.
[29]
Bodo Selmke, Johann Heyszl, and Georg Sigl. 2016. Attack on a DFA Protected AES by Simultaneous Laser Fault Injections. In 2016 FDTC. 36--46.
[30]
Aein Rezaei Shahmirzadi and Amir Moradi. 2020. Clock Glitch versus SIFA. In 2020 IEEE DFT. 1--6.
[31]
Aein Rezaei Shahmirzadi, Shahram Rasoolzadeh, and Amir Moradi. 2020. Impeccable Circuits II. In 2020 57th ACM/IEEE Design Automation Conference (DAC). 1--6.
[32]
Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (Nov. 1979), 612--613.
[33]
F. Standaert et al. 2005. On the masking countermeasure and higher-order power analysis attacks. In International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II, Vol. 1. 562--567 Vol. 1.
[34]
Elena Trichina. 2003. Combinational Logic Design for AES SubByte Transformation on Masked Data. IACR Cryptol. ePrint Arch. 2003 (2003), 236.
[35]
Elena Trichina. 2003. Combinational Logic Design for AES SubByte Transformation on Masked Data. Cryptology ePrint Archive, Report 2003/236. https://eprint.iacr.org/2003/236.
[36]
Harshal Tupsamudre, Shikha Bisht, and Debdeep Mukhopadhyay. 2014. Destroying Fault Invariant with Randomization. In CHES 2014, Lejla Batina and Matthew Robshaw (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 93--111.
Index Terms
- AntiSIFA-CAD: A Framework to Thwart SIFA at the Layout Level
Recommendations
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures
Advances in Cryptology – ASIACRYPT 2018AbstractImplementation attacks like side-channel and fault attacks are a threat to deployed devices especially if an attacker has physical access. As a consequence, devices like smart cards and IoT devices usually provide countermeasures against ...
Divided We Stand, United We Fall: Security Analysis of Some SCA+SIFA Countermeasures Against SCA-Enhanced Fault Template Attacks
Advances in Cryptology – ASIACRYPT 2021AbstractProtection against Side-Channel (SCA) and Fault Attacks (FA) requires two classes of countermeasures to be simultaneously embedded in a cryptographic implementation. It has already been shown that a straightforward combination of SCA and FA ...
A Novel Duplication Based Countermeasure to Statistical Ineffective Fault Analysis
Information Security and PrivacyAbstractThe Statistical Ineffective Fault Analysis, SIFA, is a recent addition to the family of fault based cryptanalysis techniques. SIFA based attack is shown to be formidable and is able to bypass virtually all the conventional fault attack ...
Comments
Information & Contributors
Information
Published In
October 2022
1467 pages
ISBN:9781450392174
DOI:10.1145/3508352
- Conference Chair:
- Tulika Mitra,
- Program Chairs:
- Evangeline Young,
- Jinjun Xiong
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
- IEEE-EDS: Electronic Devices Society
- IEEE CAS
- IEEE CEDA
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 December 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICCAD '22
Sponsor:
ICCAD '22: IEEE/ACM International Conference on Computer-Aided Design
October 30 - November 3, 2022
California, San Diego
Acceptance Rates
Overall Acceptance Rate 457 of 1,762 submissions, 26%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 122Total Downloads
- Downloads (Last 12 months)35
- Downloads (Last 6 weeks)3
Reflects downloads up to 07 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in