Sk Subidh Ali

A Differential Fault Analysis on AES Key Schedule Using Single Fault

Literature on Differential Fault Analysis (DFA) on AES-128 shows that it is more difficult to attack AES when the fault is induced in the key schedule, than when it is injected in the intermediate states. Recent research shows that DFA on AES key schedule still requires two faulty cipher texts, while it requires only one faulty cipher text and a brute-force search of

Differential fault analysis of AES: towards reaching its limits

2^8

Novel Test-Mode-Only Scan Attack and Countermeasure for Compression-Based Scan Architectures

AES-128 keys when the fault is injected inside the round of AES. The present paper proposes a DFA on AES-128 key schedule which requires only one single byte fault and a brute-force search of

Scan attack in presence of mode-reset countermeasure

2^8

Security assessment of cyberphysical digital microfluidic biochips

keys, showing that a DFA on AES key schedule is equally dangerous as a fault analysis when the fault is injected in the intermediate state of AES. Further, the fault model of the present attack is a single byte fault. This is more realistic than the existing fault model of injecting three byte faults in a column of the AES key which has a less chance of success. To the best of our knowledge the proposed attack is the best known DFA on AES key schedule and requires minimum number of faulty cipher text. The simulated attack, running on 3GHz Intel Core 2 Duo desktop machine with 2GB RAM, takes around 35 minutes to reveal the secret key.

Security analysis of logic encryption against the most effective side-channel attack: DPA

In this paper, we present a theoretical analysis of the limits of the differential fault analysis (DFA) of AES by developing an inter-relationship between conventional cryptanalysis of AES and DFAs. We show that the existing attacks have not reached these limits and present techniques to reach these. More specifically, we propose optimal DFA on states of AES-128 and AES-256. We also propose attacks on the key schedule of the three versions of AES, and demonstrate that these are some of the most efficient attacks on AES to date. Our attack on AES-128 key schedule is optimal, and the attacks on AES-192 and AES-256 key schedule are very close to optimal. Detailed experimental results have been provided for the developed attacks. The work has been compared to other works and also the optimal limits of DFA of AES.

Test-mode-only scan attack and countermeasure for contemporary scan architectures

Scan design is a de facto design-for-testability (DfT) technique that enhances access during manufacturing test process. However, it can also be used as a back door to leak secret information from a secure chip. In existing scan attacks, the secret key of a secure chip is retrieved by using both the functional mode and the test mode of the chip. These attacks can be thwarted by applying a reset operation when there is a switch of mode. However, the mode-reset countermeasure can be thwarted by using only the test mode of a secure chip. In this paper, we perform a detailed analysis on the test-mode-only scan attack. We propose attacks on an advanced encryption standard (AES) design with a basic scan architecture as well as on an AES design with an advanced DfT infrastructure that comprises decompressors and compactors. The attack results show that indeed the secure chips are vulnerable to test-mode-only attacks. The secret key can be recovered within 1 s even in the presence of decompressors and compactors. We then propose new countermeasures to thwart these attacks. The proposed countermeasures incur minimal cost while providing high success rate.

AES design space exploration new line for scan attack resiliency

Design for testability (DFT) is the most common testing technique used in the modern VLSI industries. However, when this technique is incorporated in a cryptographic circuit, it may open a back door to an attacker. The attacker can get access to the internal scan chains by switching the device from the normal mode to the test mode and then observe the chip content. The scan cells which were originally used to enhance the testability, can thus be misused to access the intermediate results of the cryptographic algorithm running inside the chip. One countermeasure against such attacks is to reset the device whenever there is a switch from the normal mode to the test mode. In this work we are going to analyse this countermeasure and show that it is not completely secure against scan attack. We show that an attack is possible using only the test mode which will bypass the countermeasure.

Security implications of cyberphysical digital microfluidic biochips

A digital microfluidic biochip (DMFB) is an emerging technology that enables miniaturized analysis systems for point-of-care clinical diagnostics, DNA sequencing, and environmental monitoring. A DMFB reduces the rate of sample and reagent consumption, and automates the analysis of assays. In this paper, we provide the first assessment of the security vulnerabilities of DMFBs. We identify result-manipulation attacks on a DMFB that maliciously alter the assay outcomes. Two practical result-manipulation attacks are shown on a DMFB platform performing enzymatic glucose assay on serum. In the first attack, the attacker adjusts the concentration of the glucose sample and thereby modifies the final result. In the second attack, the attacker tampers with the calibration curve of the assay operation. We then identify denial-of-service attacks, where the attacker can disrupt the assay operation by tampering either with the droplet-routing algorithm or with the actuation sequence. We demonstrate these attacks using a digital microfluidic synthesis simulator. The results show that the attacks are easy to implement and hard to detect. Therefore, this work highlights the need for effective protections against malicious modifications in DMFBs.

Improved Differential Fault Analysis of CLEFIA

Logic encryption has recently gained interest as a countermeasure against IP piracy and reverse engineering attacks. A secret key is used to lock/encrypt an IC such that the IC will not be functional without being activated with the correct key. Existing attacks against logic encryption are of theoretical and/or algorithmic nature. In this paper, we evaluate for the first time the security of logic encryption against side-channel attacks. We present a differential power analysis attack against random and strong logic encryption techniques. The proposed attack is highly effective against random logic encryption, revealing more than 70% of the key bits correctly in 50% of the circuits. However, in the case of strong logic encryption, which exhibits an inherent DPA-resistance, the attack could reveal more than 50% of the key bits in only 25% of the circuits.