Fault Analysis Of Several Lightweight Block Ciphers

Block cipher is one of the most important cryptographic primitives.Because of its high speed, good security that have been studied andevaluated, and compact implementation in both hardware and softwareplatform block cipher has been widely used in lots of data encryption fields.With the rapid development of thing network and sensor network thecrypto researchers have proposed some new lightweight block ciphers thatare specially designed to work in such resource constrained environment.Compared with the traditional block ciphers, light weight block ciphers areusing less circuit and simpler round function to reduce the hardware cost.At the same time to ensure security there are usually more rounds toachieve good diffusion.Fault attack is an implementation attack and has two main steps tocomplete one attack. First attacker need to inject fault into thecryptographic devices by exposing the devices to extreme conditions andcollect the fault output of the devices. Then in the second phase theattacker combine the fault output with used crypto algorithms to deducethe mater key.This thesis is focused on the fault attack of the lightweight blockcipher. We proposed new fault attack methods against the Piccolo blockcipher. Using the differential fault analysis we can retrieve64master keybits of80by only2pair of correct and faulty cipher texts with the faultinjected in the3nd round from last in few seconds. For the fault injected inthe4th round from last we can also do some analysis using impossiblefault analysis. Experiments on software simulation show that within about1400pairs of correct and faulty cipher texts one can get two bytes master key. For the SPN structure block ciphers we came up the fault attackmethod based on statistics techniques. The method exploits the weaknessthat this type of block ciphers has slow diffusion speed. For the singlerandom Sbox fault model this method can attack the fault injected in the7th round from last for PRESENT and9th round from last forPRINTcipher. This method also has good generality and can be used toattack the multi Sbox fault model. At last this thesis discussed the faultinjection techniques using power and clock fault injection. The resultsshow different implementation like software and hardware implementationcan show different characteristics under fault injection.