More Related Content Similar to Fault Attacks on Cryptosystems Similar to Fault Attacks on Cryptosystems (20) Fault Attacks on Cryptosystems2. Glitch Attack : Historically the first process of inducing faults
in a smart card was to induce a glitch of power on one of the contacts.
Variations in the Vcc power supply, GND (Ground) or to the external clock
can delay or hinder the functionality of a device and good results were
applied with a power glitch applied to those. A very powerful and brief
addition of power can perturb the component and hence generates a fault. The
additional signal has to short enough so that its detection could be avoided
or the system isn’t damaged. For a successful attack, we must set the
timing, amplitude and duration of the glitch.
Often hardware based stream ciphers use the external clock that can be
overclocked or underclocked by an attacker. The overclocking may cause data
misread or the misinterpretation or omission of an instruction. In case of
data misread the circuit tries to read a value from the data bus before the
memory has time to latch out the asked value. In case of instruction miss,
the circuit starts executing instruction n+1 before the microprocessor has
finished executing the instruction n.
This method is the most common one and also easy to set up and apply as
the intruder need not worry about the localization. However the main
drawback of the method is that the attacker can’t focus on specific parts of
the device.
The popular countermeasures are also employed on most smart cards with
mounted glitch detectors, DC converters or power sensors, filters to resist
those attacks. The smart card can either detect or cancel an out of
specifications peak of power that might induce faulty behaviour. The
hardware reacts accordingly by forcing a reset.
Light Attack : It was introduced in 2000 and is now the most common way
to induce faults on smart cards. This attack is based on using the energy of
a light emission to perturb the silicon of a chip. Actually any electric
circuit is sensitive to light due to photoelectric effect. This is very much
directional and an attacker can choose an exact location of the device and
can furthermore control the light’s energy, intensity, wavelength, emission
time etc properties. The penetration depth of the energy depends on the
light’s wavelength. For CMOS technology, a successful generation of
electronhole pairs close to the Nchannel or the Pchannel, makes the
memory cells become very sensitive.
This attack is semiinvasive. The plastic layer on the component has to
be removed in order to reach the silicon with the light beam. The energy
carried by the light beam is absorbed by the silicon’s electrons and that
energy enables them to jump from the valence band to the conductance band.
Each new electron in the conductance band creates an electronhole pair and
the set of all of these pairs forms a local photoelectric current. The
logical gates or the memory cells of the component are sensitive to such a
current and behave accordingly to induce faults. The longer the emission,
5. ● Exponentiate the received values :
mp = cp
dp
mod p
mq = cq
dq
mod q
Where dp ≡ d mod(p1) and dq ≡ d mod(q1)
● Use the CRT to compute m ∈ Zn
*
such that m ≡ mp mod p and m ≡ mq mod q
The last step is done by computing m = (xmp+ymq)mod n, where x and y are
precomputed integers that satisfy :
x ≡ 1 mod p ; x ≡ 0 mod q
y ≡ 0 mod p ; y ≡ 1 mod q
Here x and y are only computed once and then every execution of the third
step requires only two modular exponentiations.
Fault attack Let c be a ciphertext using CRT. We assume that only the
exponentiation modulo the factor q is faulty i.e. the value mq is incorrect
while the value of mp is correct.
After applying CRT, we get a value m, which is different than the correct
message m. For that value it holds that :
m ≡ mp mod p ; m ≡ mq mod q and
m ≡ mp mod p ; m ≡ mq mod q
An attacker who gets a hold on both m and m can break RSA by computing :
gcd(m m, n) = p.
Alternatively, we can compute : gcd(C me
, n)=p if m is unavailable.
Stream ciphers Prior to the appearance of fast block ciphers, such as
DES, stream ciphers ruled the world of encryption. A stream cipher generates
successive elements of the keystream based on an initial state. The state is
updated in essentially two ways if the state changes independently of the
plaintext or ciphertext messages, the cipher is classified as a synchronous
stream cipher. On the contrast, selfsynchronous stream ciphers update their
state based on previous ciphertext digits. In a synchronous stream cipher a
stream of pseudorandom digits is generated independently of the plaintext
6. and ciphertext messages and then combined with the plaintext (to encrypt) or
the ciphertext (to decrypt). Synchronous stream ciphers include Sober128,
Trivium etc.
Stream ciphers are often constructed using (Linear) Feedback Shift
Registers as they can be easily implemented in hardware, can be readily
analysed mathematically, have provably long cycles and good statistical
properties. (L)FSR based ciphers are the main workhorses when there is a
need to encrypt large quantities of fast streaming data.
There are many secret military hardwareoriented ciphers as well as
civically used ciphers E0 (Bluetooth), designed for a shortrange LAN and
one of the most widely used (by the virtue of being included in the GSM
cipher suite for ensuring overtheair privacy) ciphers A5/1. Another
preference is to use parts of blockcipher like rounds mixed with LFSRlike
structure. MUGI is an example of them.
However,the LFSR alone can’t provide good security due to its inherent
linearity. Various schemes are used to increase the security of LFSRs.
Registers are combined in a variety of ways : LFSR with nonlinear filters,
irregular stepping function, nonlinear feedback functions, irregular
decimation or shrinking and any kind of nonlinear transform. There are
certain possibilities for constructing a stream cipher with LFSRs with
greater enhancement in security :
● Filter the output of the LFSRs through a nonlinear function.
● Control the clocking of one LFSR by the output sequence of another
LFSR.
● Filter the output of the LFSRs through a FSM (Finite State Machine).
The length of the LFSR is generally denoted by n and the XOR of the original
and faulted value of the LFSR at the time the fault was introduced by Δ and
the number of flipped bits by k which is also the hamming weight of Δ.
Grain : Grain is best described as a family of hardwareoriented synchronous
stream ciphers. The cipher’s initial version used an 80 bit key and a 64 bit
initialization vector. The revised specifications, Grain v1, described two
stream ciphers : one for 80 bit with 64 bit initialization vector and
another for 128 bit keys with 80 bit initialization vector. Elegant and
simple, Grain v1 has been an attractive choice with two shift registers :
one with linear feedback and the second with nonlinear feedback being the
essential feature of the algorithm family. These registers and the output
8.
The contents of the two shift registers represent the state of the cipher.
From this state, five variables are taken as input to a boolean function
h(x). This filter function is chosen to be balanced, correlation immune to
the first order and has algebraic degree 3. The nonlinearity is the highest
possible for these functions, namely twelve. The input is taken both from
the LFSR and from the NFSR. The function is defined as
h(x)=x1+x4+x0x3+x2x3+x3x4+x0x1x2+x0x2x3+x0x2x4+x1x2x4+x2x3x4
where the variables x0,x1,x2,x3,x4 corresponds to the tap positions si+3,
si+25, si+46, si+64, si+63 respectively. The output of the filter function is
masked with the bit bi from the NFSR to produce the keystream.
Key Initialization Before any keystream is generated the cipher must
be initialized with the key and the IV. Let the bits of the key k be denoted
by ki where 0≤i≤79 and the bits of the IV be denoted IVi where 0≤i≤63. The
initialization of the key is done as follows.
● Load the LFSR with the key bits bi=ki for 0≤i≤79
● Load the first 64 bits of the LFSR with the IV, si=IVi for 0≤i≤63
● The remaining bits of the LFSR are filled with ones, si=1 for 64≤i≤79.
Because of this, the LFSR can’t be initialized to all zero state. Then the
cipher is clocked 160 times without producing any running key. Instead the
output of the filter function h(x) is fed back and XORed with the input both
to the LFSR and to the NFSR.
Fig. 2 The key initialization
9.
There are four members of Grain Family of stream ciphers with different
feedback polynomials and other design specifications.
Grain V0 It’s the first design submitted to eSTREAM. It is an 80 bit
stream cipher that uses one LFSR, one NFSR of 80 bit each that gives an
internal state of 160 bit.
Feedback polynomial of LFSR f(x)= 1+ x18
+ x29
+ x42
+ x57
+ x67
+ x80
Feedback polynomial of NFSR
g(x) = 1+ x17
+ x20
+ x28
+ x35
+ x43
+ x47
+ x52
+ x59
+ x65
+ x71
+ x80
+ x17
x20
+
x43
x47
+ x65
x71
+ x20
x28
x35
+ x47
x52
x59
+ x17
x35
x52
x71
+ x20
x28
x43
x47
+ x17
x20
x59
x65
+
x17
x20
x28
x35
x43
+ x47
x52
x59
x65
x71
+ x28
x35
x43
x47
x52
x59
The filter function used is
h(x) = x1+ x4+ x0x3+ x2x3+ x3x4+ x0x1x2+ x0x2x3+ x0x2x4+ x1x2x4+ x2x3x4
where the variables x0, x1, x2, x3, x4 correspond to the tap positions si+3,
si+25, si+46, si+64, bi+63 respectively.
Keystream function : zt = xt ⨁ h(yt+3, yt+25, yt+46, yt+64, yt+63)
Grain V1 It has similar design specs as in Grain V0 and it is also 80 bit
stream cipher but the feedback function of NFSR is slightly modified :
The new feedback polynomial of NFSR
g1(x) = 1+ x18
+ x20
+ x28
+ x35
+ x43
+ x47
+ x52
+ x59
+ x65
+ x71
+ x80
+ x17
x20
+
x43
x47
+
x65
x71
+ x20
x28
x35
+ x47
x52
x59
+ x17
x35
x52
x71
+ x20
x28
x43
x47
+ x17
x20
x59
x65
+
x17
x20
x28
x35
x43
+ x47
x52
x59
x65
x71
+ x28
x35
x43
x47
x52
x59
.
The filter function is same as V0 but the keystream function is modified.
The new keystream function is defined as :
zi = bi+k + h(si+3, si+25, si+46, si+64, si+63)
where A = {1, 2, 4, 10, 31, 43, 56}
Grain 128 Feedback polynomial of LFSR f(x) = 1+ x32
+ x47
+ x58
+ x90
+ x121
+
x128
10. Feedback polynomial of NFSR
g(x) = 1+ x32
+ x37
+ x72
+ x102
+ x128
+ x44
x60
+ x61
x125
+ x63
x67
+ x69
x101
+ x80
x88
+
x110
x111
+ x115
x117
The filter function is h(x) = x0x1+ x2x3+ x4x5+ x6x7 +x0x4x8
where the variables x0 to x8 respectively correspond to the tap position
bi+12, si+8, si+13, si+20, bi+95, si+42, si+60, si+79, si+95
The keystream function is defined as
zi = bi+j+ h(x)+ si+93
where A = {2, 15, 36, 45, 64, 73, 89}
Grain 128a It is the strongest member of the Grain Family of stream
ciphers that is 128 bit cipher which also incorporate authentication
mechanism. It uses the same feedback polynomial for LFSR and similar filter
function as in the Grain 128 but the feedback polynomial has been
strengthened with respect of different possible attacks.
The new feedback polynomial of NFSR is
g(x) = 1+ x32
+ x37
+ x72
+ x102
+ x128
+ x44
x60
+ x61
x125
+ x63
x67
+ x69
x101
+ x80
x88
+
x110
x111
+ x115
x117
+ x46
x50
x58
+ x103
x104
x106
+ x33
x35
x36
x40
The keystream function has been also tweaked :
yi = h(x)+ si+93+ bi+j
where A = {2, 15, 36, 45, 64, 73, 89}
zi = y64+2i
Grain 128a can be used in both the modes with authentication or without
authentication.
Assumptions Resistance against all known cryptanalytic attacks is the
most important property of a cipher. Initial cryptanalytic attempts against
the cipher show fault attacks to be among the strongest attacks. We (from
the perspective of an attacker) assume that we can apply some bit flipping
faults to one of the two feedback registers at our will. However we have
only partial control over their number, location and exact timing. We can
make a stronger assumption that any attacker is able to flip a single bit at
a time instance and at a location which s/he may not know exactly.
11. Additionally we can reset the device to its original state and then apply
another randomly chosen fault to the device. However we make the strongest
possible assumption, which may not be realistic, that we induce a single bit
fault in the LFSR and that we’re somehow able to determine the exact
position of the fault. The aim is to study inputoutput properties for h(x)
and to derive information on the 5 inputs out of the known inputoutput
pairs similar as for Sboxes in differential cryptanalysis of DES.
Attacks As long as the difference induced by the fault in the LFSR
does not propagate to position bi+63, the difference observed in the output
of the cipher is coming from inputs of h(x) from the LFSR alone. If we’re
able to reset the device to induce a single bit fault many times at
different positions that we can correctly guess from the output difference,
we can not preclude that we’ll get get the information about a subset of the
state bits in the LFSR. Nonetheless such an attack seems more difficult
under the (more realistic) assumption that the fault induced affects several
state bits at partially unknown positions, since in that case it’s more
difficult to determine the induced difference from output differences.
Likewise, we can also consider faults induced in the NFSR alone. By the
way these faults don’t influence the contents of the LFSR. However, faults
in the NFSR propagate nonlinearly and their evolution will be harder to
predict. Thus a fault attack on the NFSR seems more difficult.
The best classical cryptanalytic techniques haven’t yet obtained any
results against Grain. Recently there has been reported of a successful
fault attack based on a single bitflip in the state of the cipher without
knowledge of the flipped bit though requiring exact timing downright
clockaccurate.
Here is a brief account on various attacks on the Grain family of
stream ciphers :
Grain V0 A distinguishing attack against Grain V0 was mounted by Khazaei
et al. It uses the concepts of linear sequential circuit approximation
method with a time and memory complexity of O(261.4
).
The second attack, presented by Maximov et al., is a key recovery
attack against Grain V0. In this attack, first of all linear approximation
method is used to derive the LFSR bits and these LFSR bits are further
utilized to recover the initial state of NFSR and knowledge of key. This
attack requires 238
keystream bits and computational complexity of O(243
) to
recover the key. As a countermeasure of these attacks, the designers of the
Grain proposed and submitted a new design Grain V1.
Grain V1 Canniere et al. mounted an attack on Grain V1 by using a weakness
in initialization algorithm. This attack was an extension of the work by
14. Fast Clock
Frequency
(MHz)
No Fault Single bit
fault
Multi bit fault
130 1024 0 0
140 1024 0 0
150 1024 0 0
160 1024 0 0
170 1024 0 0
180 1024 0 0
190 0 bitNFSR128(1024) 0
200 0 bitNFSR125(2) {bitNFSR128, bitNFSR125}(1022)
210 0 0 {bitNFSR127, bitNFSR126,
bitNFSR125}(1024)
220 0 0 {bitNFSR127, bitNFSR126,
bitNFSR125, bitNFSR124}(1024)
Grain 128a The first 64 bits can not be accessed by the attackers when
authentication mode is on. Maitra et al. proposed a differential fault
attack that targets the MAC instead of keystream. The attack requires 211
fault injections and 212
MAC generation routines to access the key.
Ding and Guan proposed a related key attack that requires 296 chosen
IVs and 2103.613
keystream bits to recover the 128 bit key with the
computational complexity of 296.322
.
The following table gives the key length, IV size and padding used in
IV’s to fill it for different ciphers of Grain family :
Cipher Key Length IV Length Padding in IV
Grain V0 80 64 FFFF
Grain V1 80 64 FFFF
15. Grain 128 128 96 FFFFFFFF
Grain 128a 128 96 FFFFFFFE
The following table presents the update functions of all the ciphers of the
Grain family for the two shift register LFSR and NFSR :
Ciphe
r
LFSR update
function
NFSR update function
Grain
V0
si+80=si+si+13+si+23+
si+38+si+51+si+62
bi+80=si+bi+63+bi+60+bi+52+bi+45+bi+37+bi+33+bi+28+bi+21+
bi+15+bi+9+bi+bi+63bi+60+bi+37bi+33+bi+15bi+9+bi+60bi+52bi
+45+
bi+33bi+28bi+21+bi+63bi+45bi+28bi+9+bi+60bi+52bi+37bi+33+
bi+63bi+60bi+21bi+15+bi+63bi+60bi+52bi+45bi+37+
bi+33bi+28bi+21bi+15bi+9+ bi+52bi+45bi+37bi+33bi+28bi+21
Grain
V1
si+80=si+si+13+si+23+
si+38+si+51+si+62
bi+80=si+bi+bi+9+bi+14+bi+21+bi+28+bi+33+bi+37+bi+45+bi+5
2+
bi+60+bi+62+bi+9bi+15+bi+33bi+37+bi+60bi+63+bi+21bi+28bi+33
+
bi+45bi+52bi+60+ bi+15bi+21bi+60bi+63+bi+33bi+37bi+52bi+60+
bi+9bi+28bi+45bi+63+bi+9bi+15bi+21bi+28bi+33+
bi+37bi+45bi+52bi+60bi+63+bi+21bi+28bi+33bi+37bi+45bi+52
Grain
128
si+128=si+si+7+si+38+
si+70+si+81+si+96
bi+128=si+bi+bi+26+bi+56+bi+91+bi+96+bi+3bi+67+bi+11bi+13
+
bi+17bi+18+bi+27bi+59+bi+40bi+48+ bi+61bi+65+bi+68bi+84
Grain
128a
bi+128=si+bi+bi+26+bi+56+bi+91+bi+96+bi+3bi+67+bi+11bi+13
+
bi+17bi+18+bi+27bi+59+bi+40bi+48+bi+61bi+65+bi+68bi+84+
bi+88bi+92bi+93bi+95+ bi+22bi+24bi+25+bi+70bi+78bi+82
MICKEY 2.0 Mickey 2.0 is a hardware efficient synchronous cipher designed
by Steve Babbbage and Mattew Dodd aimed at resource constrained platforms.
17. Fig. 5 MICKEY generic algorithm structure
The clocking of S is done by use of given four sequences of 100 bits each.
Two of the sequences are used to derive an intermediate state and the other
two are then multiplied with the feedback bit, one when the control bit of S
is 0 and the other one otherwise.
The generator is clocked on depending on both of the registers R and S.
The registers are both initialized with all zeros. After that IV and key are
loaded. Keystream bits are generated by XORing the registers R and S.
1 IV Loading for i=0 to (v1) CLOCK_KG(R,S,1,IVi) 3
2 Key Loading for i=0 to 79 CLOCK_KG(R,S,1,Ki)
3 Pre Clock For i=0 to 99 CLOCK_KG(R,S,1,0)
4 PRGA While required z=r0+s0 CLOCK_KG(R,S,0,0)
3
Let’s say the cipher supports an 80bit Key and a vbit IV for 0 ≤ v ≤ 80