Ciphertext-only Cryptanalysis Technique Of Fault Injection On The Storage Unit Of S-Box In AES Block Cipher

Posted on:2019-10-23

Degree:Master

Type:Thesis

Country:China

Candidate:S W Shi

Full Text:PDF

GTID:2428330611993604

Subject:Engineering

Abstract/Summary:

PDF Full Text Request

Differential fault analysis(DFA)is classic fault analysis technique.In DFA,the adversary should have the ability of encrypting the same plaintext for multiple times and injecting faults at certain round.Such a strong condition limits its practicality.This work aims to overcome the above shortage,explore the key recovery technique under the fault injection to the storage unit of S-Box and ciphertext-only scenario.In particular,it takes AES as the target to verify the feasibility of the proposed technique.The main work of this work includes:1.A ciphertext-only fault analysistechnique is proposed on AES block cipher.Firstly,as to the unprotected implementation of AES,this work characterizes the information leakage model after fault injection on the storage unit of S-Box.Then,the probability of the ciphertext byte outputs are analyzed.According to the biasedfeature of the distribution probability,a ciphertext-only fault analysistechnique is proposed on AES.In addition,the attack complexity and the remained key entropy are also provided.2.The ciphertext-only fault analysis technique is applied to two classic fault attack countermeasures.As to double encryption verification,reverse decryption verification two classic fault attack countermeasures,this work analyzed its shortage as well as its challenges to fault attack.Then,the ciphertext-only fault analysis technique is adapted and applied to these two countermeasures.The proposed technique is also verified by simulation experiment and the master key of AES can be recovered.3.Extensive physical experiments are conducted on AES in microcontroller and processer.Asto compact S-Box AES implementation on microcontroller,with ultraviolet radiation technique,the S-Box storage unit of microcontroller can be injected with faults.As to optimized T-Box AES implementation on processer,with Row-Hammer technique,the S-Box storage unit of processer can be injected with faults and flip one bit of T-Box.The master key of AES can be recovered by ciphertext-only fault analysis technique.The attacks can succeed even when the implementations are with fault attack countermeasures.

Keywords/Search Tags:

Ciphertext-only cryptanalysis, Fault injection, Fault attack, Storage unit, Block cipher, Advanced encryption standard

PDF Full Text Request

Related items

1	Research And Implementation Of Fault Injection Attack Based On AES Key Extension Algorithm
2	Techniques For Cryptanalysis Of Block Ciphers
3	Fault Analysis Of Several Lightweight Block Ciphers
4	Research Of Persistent Fault Attack On Block Ciphers
5	Cryptanalysis Of The AES And SMS4Block Ciphers
6	Fault-based Cryptanalysis On Several Block Ciphers
7	Cryptanalysis On Lightweight Block Ciphers
8	Cryptanalysis Of Two Symmetric Encryption Algorithms ARIA And SALSA20
9	Block Cipher Analysis Based On The Method Of Intermediate Encounter Attack
10	Research On Fault Attack Of A Lightweight Block Cipher Skinny