Evaluation of Combined Fault Injection and Side-Channel Analysis Attacks on AES-128

Presenter

Brayden Josney Bergeron

Campus

UMass Amherst

Sponsor

Wayne Burleson, Department of Electrical and Computer Engineering, UMass Amherst

Schedule

Session 2, 11:30 AM - 12:15 PM [Schedule by Time][Poster Grid for Time/Location]

Location

Poster Board A40, Campus Center Auditorium, Row 2 (A21-A40) [Poster Location Map]

Abstract

Standard cryptographic algorithms like the Advanced Encryption Standard (AES) are used to protect information from malicious entities. Side-channel leakage, in the form of power consumption for example, can be exploited to recover secret cryptographic keys through what is known as side-channel attacks (SCA). Another attack known as fault injections can force devices to output faulty results or disable various features also causing secret keys to be recovered. Many widely used countermeasures like error checking, fault detection, and masking for fault injection and side-channel attacks are developed independently from one another and are thus vulnerable to combined attacks. Combined attacks utilize elements and combinations of both side-channel and fault attacks allowing countermeasures to be exploited or bypassed to recover key bytes. 

This research seeks to identify the feasibility, cost, and effectiveness of these combined attacks on various implementations of AES-128. AES-128 will be evaluated using ChipWhisperer hardware using a software AES-128 implementation on the CW308T-STM32F3 target board and an AES-128 hardware core on a field programmable gate array (FPGA) with the CW308T-S6LX9 board. Countermeasures like first and second order masking for SCA and fault detection integrity checking and randomized delays for fault attacks are utilized. A fault attack on the AES key schedule is replicated at 12 key bytes are recovered using 10 plaintexts. A combined attack on the AES key schedule is reviewed, improved upon, and compared to similar attacks. Through countermeasure implementations and attack evaluations, countermeasures will be recommended for the conducted combined attacks.

Keywords

AES, Side-Channel Attacks, Fault Attacks, Combined Attacks, Security Engineering

Research Area

Cybersecurity

SIMILAR ABSTRACTS (BY KEYWORD)