| Block cipher is an important cryptographic primitive.It is widely used in smart cards,USB-KEYs,and other commercial devices to prevent attackers from stealing personal information.With the continuous improvement of block cipher design schemes,typical cryptographic algorithms such as AES(Advanced Encryption Standard)and PRESENT have an extremely high security level in theory.It is difficult for traditional cryptanalysis methods to produce substantial threats to these algorithms.However,theoretical security does not mean security in practice.As these cryptographic algorithms need to be implemented on physical devices,the security level of the device itself also plays a vital role.Without careful design,cryptographic devices are vulnerable to fault attacks.This paper mainly studies a new type of fault attack called Persistence Fault Attack(PFA).Persistent fault attack was first proposed at CHES 2018 and is a fault attack method against block ciphers.Compared with traditional fault attacks,it has many advantages,such as loose fault injection time.However,as a new type of fault attack method,the persistent fault attack proposed in 2018 could still use some improvements.This paper aims to improve persistent fault attacks in terms of practicability and attack efficiency,and uses AES and PRESENT as examples to illustrate how persistent fault attacks can be applied.Finally,several laser-based fault injection attacks are carried out on a microcontroller chip to verify the improved persistent fault attack.In terms of practicability,this paper mainly makes two contributions.First,the original persistent fault attack is based on a strict fault model: it assumes that the attacker can inject a known fault into a certain element in the S-box of a block cipher.However,these assumptions are difficult to meet in practice.In order to solve this problem,a series of improvements are proposed so that the persistent fault attack can recover the secret key without knowledge about the fault.Secondly,this paper proposes some algorithms to efficiently judge whether an expected fault is injected into the algorithm implementation.Since the actual fault injection often requires multiple attempts to obtain a fault that meets the expectations,these methods play a critical role in the practicability of PFA.In terms of analysis efficiency,this paper uses the maximum likelihood estimation to improve PFA.The number of ciphertexts that is required for PFA is greatly reduced with this improvement.For example,the improved analysis only needs 1641 ciphertexts to recovery the key of AES on average,which is about 28% lower than 2273 before the improvement.Finally,this article uses laser equipment to perform a fault attack on the implementation of AES and PRESENT on the ATmega163 L microcontroller,thereby verifying the practicability of the improved persistent fault attack.Besides,a series of additional experiments are conducted to further verify the contributions made in this paper. |
PDF Full Text Request