«Tutorial Fault Attacks» Bruno ROBISSON SESAM Laboratory (joint R&D team CEA-LETI/EMSE), Centre Microélectronique de Provence 880, route de Mimet, 13541 Gardanne, France ROBISSON Bruno 02/11/2010 1
Problem Decoder Illegal Legal Encrypted video stream K Decrypted video stream «Attack» = method allowing to extract secret information stored into the device K K K K K Cloned Decoder Cloned Decoder Cloned Decoder Cloned Decoder ROBISSON Bruno 02/11/2010 2
Attacks on physical devices Cryptanalysis : mathematical analysis of plain and cipher texts sets plain? cipher Side channel attacks (SCA) : analysis of the chip environment when it performs sensitive computations plain? x(t) Fault attacks : modifications of the chip environment to bypass H/S protections plain? Y Invasives attacks : probing of internal signals? ROBISSON Bruno 02/11/2010 3
Fault attacks: overview Fault injection plain? Vcc, clk, T, flash, laser X, UV, etc Y Data Retrieval Corrupted execution -PIN Test -AES Differential Fault Analysis (DFA) -DES (interactive) -AES Safe-Error Attacks (SEA) -Blömer -DBA Counter-measures ROBISSON Bruno 02/11/2010 4
Fault injection methods Standart ISO 7816 Normal environment conditions 5V 0V Perturbations Power (glitch) Clock (overclocking) Temperature Light EM pulse Laser IR, UV, green, etc X-Ray T min Source : [Skorobogatov02] Source : LETI ROBISSON Bruno 02/11/2010 5
Fault models Bit flip Inverse the value Stuck-0 «stuck» at the previous value Stuck-1 «Stuck» at the previous value Set Set to 1 whatever the previous value!!!very simplified compared to reality!!! The fault does not modify the result Reset Set to 0 whatever the previous value ROBISSON Bruno 02/11/2010 6
Differential fault analysis clair? Vcc, clk, T, flash, laser X X, UV, etc Data Retrieval Corrupted execution Differential Safe-Error Fault Analysis Attacks (DFA) (SEA) -DES -AES Object of this tutorial ROBISSON Bruno 02/11/2010 7
DES DES: Data Encryption Standard Private key algorithm first standardized in 1977 Key: 56 bits (+8 bits for parity code) Plain text: 64 bits Cipher text: 64 bits Complete description http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf ROBISSON Bruno 02/11/2010 8
DES : Data flow L0 R0 That is the permuted input has bit 58 of the input as its first bit, bit 50 as its second bit, and so on with bit 7 as its last bit. That is, the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output. ROBISSON Bruno 02/11/2010 9
DES : f function ROBISSON Bruno 02/11/2010 10
DES : f function S1 Row / Column 0 1 2 3 S-Box 1: Substitution Box 1 0 14 0 4 15 1 4 15 1 12 2 13 7 14 8 3 1 4 8 2 4 2 14 13 4 architecture simple of subs_1 is begin P6 : process(entree) begin case entree is when "000000" => sortie<="1110"; when "000001" => sortie<="0000"; when "000010" => sortie<="0100"; when "000011" => sortie<="1111"; etc when others end case; end process; end simple; => sortie<="1101"; ROBISSON Bruno 02/11/2010 11
DES : SBoxes ROBISSON Bruno 02/11/2010 12
DFA on DES: Biham et Shamir K i r i b i S i -box e= r i r i * K i = cste e = b i b i * r i * b i * S i -box K i S(b i ) d = S(b i ) S(b i* ) S(b i* ) L L i i = cste L i d = x i x * i x i r i r i * x i * Fault on (r i,r i *), known -> e, d In i (e,d)={k i S( K i r i ) S(K i r i e) = d} ROBISSON Bruno 02/11/2010 13
Excel tutorial: correct spreadsheet Correct execution of the last round of the DES: B2:AG2: Right register Ri B8:AW8: 16 th Round Key Ki (chosen by the user) B32:AG32: Left register Li B42:BL42: DES output ROBISSON Bruno 02/11/2010 14
Excel tutorial : uncorrect spreadsheet Correct and Faulty executions of the last round of the DES B3:AG3: Faulty Right register Ri B4:AW4: Error (chosen by the user) ROBISSON Bruno 02/11/2010 15
Excel tutorial: uncorrect spreadsheet Correct and Faulty executions of the last round of the DES B60:BL60: Correct DES output B61:BL61: faulty DES output B62:BL62: Error ROBISSON Bruno 02/11/2010 16
Excel tutorial: attack init spreadsheet Values available at the beginning of the attack B61:BL61: Correct DES output B62:BL62: faulty DES output B63:BL63: Error ROBISSON Bruno 02/11/2010 17
Excel tutorial: attack_step1 spreadsheet Propagation of e and retropropagation of d Retropropagation of d ROBISSON Bruno 02/11/2010 18
Excel tutorial: attack_step1 spreadsheet Propagation of e and retropropagation of d Propagation of e ROBISSON Bruno 02/11/2010 19
Excel tutorial: attack_step1 spreadsheet Propagation of e and retropropagation of d Propagation of e=10 ROBISSON Bruno 02/11/2010 20
Excel tutorial: attack_step2 spreadsheet Analysis of SB(X)+SB(X+e)=d with the value of e computed during step 1 e=10 e X ROBISSON Bruno 02/11/2010 21
Excel tutorial: attack_step2 spreadsheet Test of the highlighted X solutions Towards step 3 Towards step 3 ROBISSON Bruno 02/11/2010 22
Excel tutorial: attack_step3 spreadsheet Recovery of a key hypothesis r K=r+x x Then, test the hypothesis until it explains a couple plain-text/cipher text ROBISSON Bruno 02/11/2010 23
Thank for your attention ROBISSON Bruno 02/11/2010 24