An Efficient AES 32-Bit Architecture Resistant to Fault Attacks

The Advanced Encryption Standard cryptographic algorithm,named AES,is implemented in cryptographic circuits to ensure high security level to any system which required confidentiality and secure information exchange.One of the most effective physical attacks against the hardware implementation of AES is fault attacks which can extract secret data.Until now,a several AES fault detection schemes against fault injection attacks have been proposed.In this paper,so as to ensure a high level of security against fault injection attacks,a new efficient fault detection scheme based on the AES architecture modification has been proposed.For this reason,the AES 32-bit round is divided into two half rounds and input and pipeline registers are implemented between them.The proposed scheme is independent of the procedure the AES is implemented.Thus,it can be implemented to secure the pipeline and iterative architectures.To evaluate the robustness of the proposed fault detection scheme against fault injection attacks,we conduct a transient and permanent fault attacks and then we determine the fault detection capability;it is about 99.88585%and 99.9069%for transient and permanent faults respectively.We have modeled the AES fault detection scheme using VHDL hardware language and through hardware FPGA implementation.The FPGA results demonstrate that our scheme can efficiently protect the AES hardware implementation against fault attacks.It can be simply implemented with low complexity.In addition,the FPGA implementation performances prove the low area overhead and the high efficiency and working frequency for the proposed AES detection scheme.

Fault Attack on the Balanced Shrinking Generator

Fault analysis, belonging to indirect attack, is a cryptanalysis technique for the physical implementation of cryptosystem. In this paper, we propose a fault attack on the Balanced Shrinking Generator. The results show that the attacker can obtain the secret key by analyzing faulty output sequences which is produced by changing control clock of one of Linear Feedback Shift Registers （LFSR）. Therefore, the balanced shrinking generator has a trouble in hardware implementation.

An AOP-Based Security Verification Environment for KECCAK Hash Algorithm

Robustness of the electronic cryptographic devices against fault injection attacks is a great concern to ensure security.Due to significant resource constraints,these devices are limited in their capabilities.The increasing complexity of cryptographic devices necessitates the development of a fast simulation environment capable of performing security tests against fault injection attacks.SystemC is a good choice for Electronic System Level(ESL)modeling since it enables models to run at a faster rate.To enable fault injection and detection inside a SystemC cryptographic model,however,the model’s source code must be updated.Without altering the source code,Aspect-Oriented Programming(AOP)may be used to evaluate the robustness of cryptographic models.This might replace conventional cryptanalysis methods in the real world.At the ESL,we discuss a unique technique for simulating security fault attacks on cryptographic systems.The current study presents a fault injection/detection environment for assessing the KECCAK SystemC model’s resistance against fault injection attacks.The approach of injecting faults into KECCAK SystemC model is accomplished via the use of weaving faults in AspectC++based on AOP programming language.We confirm our technique by applying it to two scenarios using a SystemC KECCAK hash algorithm case study:The first concerns discuss the effect of the AOP on fault detection capabilities,while the second concerns discuss the effect of the AOP on simulation time and executable file size.The simulation results demonstrate that this technique is fully capable of evaluating the fault injection resistance of a KECCAK design.They demonstrate that AOP has a negligible effect on simulation time and executable file size.

A Secure Hardware Implementation for Elliptic Curve Digital Signature Algorithm

Since the end of the 1990s,cryptosystems implemented on smart cards have had to deal with two main categories of attacks:side-channel attacks and fault injection attacks.Countermeasures have been developed and validated against these two types of attacks,taking into account a well-defined attacker model.This work focuses on small vulnerabilities and countermeasures related to the Elliptic Curve Digital Signature Algorithm(ECDSA)algorithm.The work done in this paper focuses on protecting the ECDSA algorithm against fault-injection attacks.More precisely,we are interested in the countermeasures of scalar multiplication in the body of the elliptic curves to protect against attacks concerning only a few bits of secret may be sufficient to recover the private key.ECDSA can be implemented in different ways,in software or via dedicated hardware or a mix of both.Many different architectures are therefore possible to implement an ECDSA-based system.For this reason,this work focuses mainly on the hardware implementation of the digital signature ECDSA.In addition,the proposed ECDSA architecture with and without fault detection for the scalar multiplication have been implemented on Xilinxfield programmable gate arrays(FPGA)platform(Virtex-5).Our implementation results have been compared and discussed.Our area,frequency,area overhead and frequency degradation have been compared and it is shown that the proposed architecture of ECDSA with fault detection for the scalar multiplication allows a trade-off between the hardware overhead and the security of the ECDSA.

Cryptanalysis of a Type of CRT-Based RSA Algorithms

It is well known that the Chinese Remainder Theorem （CRT） can greatly improve the performances of RSA cryptosystem in both running times and memory requirements. However, if the implementation of CRT-based RSA is careless, an attacker can reveal some secret information by exploiting hardware fault cryptanalysis. In this paper, we present some fault attacks on a type of CRT-RSA algorithms namely BOS type schemes including the original BOS scheme proposed by Blomer, Otto, and Seifert at CCS 2003 and its modified scheme proposed by Liu et al. at DASC 2006. We first demonstrate that if some special signed messages such as m = 0, ±1 are dealt carelessly, they can be exploited by an adversary to completely break the security of both the BOS scheme and Liu et al.＇s scheme. Then we present a new permanent fault attack on the BOS scheme with a success probability about 25%. Lastly, we propose a polynomial time attack on Liu et al.＇s CRT-RSA algorithm, which combines physical fault injection and lattice reduction techniques when the public exponent is short.