A Fault Induction Technique Based on Voltage Underfeeding with Application to Attacks against AES and RSA

Alessandro Barenghi, G. Bertoni, LUCA ODDONE Breveglieri, Gerardo Pelosi
January 2013
Cite DOI URL

Abstract

Fault injection attacks have proven to be a powerful tool to exploit the implementation weaknesses of cryptographic algorithms. Several techniques perturbing the computation of a cipher have been devised and successfully employed to leak secret information from erroneous results. We present a low-cost, non-invasive and effective technique to inject transient faults into a general purpose processor through lowering its feeding voltage, and to characterize the effects on the computing system. This technique is effective enough to lead attacks against a software implementation of a cryptosystem running on a full fledged ARM9 CPU with a complete operating system. We validate the effectiveness of the fault model through attacking OpenSSL implementations of the RSA and AES cryptosystems. A new attack against AES, able to retrieve the full 256-bit key, is described, and the number of faults to be collected is delineated. In addition, we propose a generalization of the attack against the RSA encryption presented in Barenghi et al. (2009), to a multi-bit fault model, and the analysis of its computational complexity. The attacks against AES retrieve all the round keys regardless of their derivation strategy, the number of cipher rounds and the diffusion layer, while the attacks against RSA retrieve either the message or the secret key.

Type
Journal article
Publication
THE JOURNAL OF SYSTEMS AND SOFTWARE
Embedded System Security; Side Channel Attacks; Fault Attacks
Alessandro Barenghi
Alessandro Barenghi
Associate Professor

Alessandro Barenghi holds an M.Sc. (2007) and Ph.D. (2011) from Politecnico di Milano. His research focuses on computer, embedded, and network security, particularly applied cryptography. He also works on formal languages and compilers, specifically techniques for parallel parsing using operator precedence grammars.

Gerardo Pelosi
Gerardo Pelosi
Associate Professor

Gerardo Pelosi received the Laurea degree in Telecommunications Engineering in 2003 and the Ph.D. degree in Computer Engineering and Information Technology in 2007 from Politecnico di Milano. His research fields cover (1) the area of information security and privacy including access control models, models for encrypted data management in relational databases, and secure data outsourcing; (2) the area of applied cryptography including side-channel cryptanalysis, system-level attacks, and efficient hardware and software design of cryptographic algorithms; other research interests are in designing security support into computer architectures and the logic synthesis of combinatorial circuits.