Download full-text


Available from: Gerardo Pelosi,
16 Reads
  • Source
    • "Three recent papers [4]–[6] presented attacks similar to the one presented in this work. In [4], the authors introduce a single-byte attack which, keeping the plaintext fixed, retrieves an intermediate state in the penultimate round and uses it to find the penultimate round key. Takahashi et al. [6] are able to obtain 192-bit keys using 3 pairs of correct and faulty ciphertexts, and the 256-bit key using 2 pairs of correct and faulty ciphertexts and 2 pairs of correct and faulty plaintexts, with a single byte fault model. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This work presents a differential fault attack against AES employin any key size, regardless of the key scheduling strategy. The presented attack relies on the injection of a single bit flip, and is able to check for the correctness of the injection of the fault a posteriori. This fault model nicely fits the one obtained through underfeeding a computing device employing a low cost tunable power supply unit. This fault injection technique, which has been successfully applied to hardware implementations of AES, receives a further validation in this paper where the target computing device is a system-on-chip based on the widely adopted ARM926EJ-S CPU core. The attack is successfully carried out against two different devices, etched in two different technologies (a generic 130 nm and a low-power oriented 90 nm library) running a software implementation of AES-192 and AES-256 and has been reproduced on multiple instances of the same chip.
    Information Assurance and Security (IAS), 2010 Sixth International Conference on; 09/2010
  • Source
    • "This technique has been previously used by A. Barenghi and al. [14] to adapt the attack of G. Piret, and J-J. Quisquater [2] on AES-192 and AES-256 variants. "
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we present a theoretical analysis of the limits of the differential fault analysis (DFA) of AES by developing an inter-relationship between conventional cryptanalysis of AES and DFAs. We show that the existing attacks have not reached these limits and present techniques to reach these. More specifically, we propose optimal DFA on states of AES-128 and AES-256. We also propose attacks on the key schedule of the three versions of AES, and demonstrate that these are some of the most efficient attacks on AES to date. Our attack on AES-128 key schedule is optimal, and the attacks on AES-192 and AES-256 key schedule are very close to optimal. Detailed experimental results have been provided for the developed attacks. The work has been compared to other works and also the optimal limits of DFA of AES.
    Journal of Cryptographic Engineering 06/2012; 3(2). DOI:10.1007/s13389-012-0046-y
Show more