Differential fault analysis attack-tolerant hardware implementation of AES

Cryptographic circuits contain various confidential information and are susceptible to fraudulent manipulations, commonly called attacks, performed by ill-intentioned person. The primary goal of the attacker is to retrieve the sensitive information when the device is executing some task. One of the...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of supercomputing Vol. 80; no. 4; pp. 4648 - 4681
Main Authors Ghosal, Anit Kumar, Sardar, Amit, Chowdhury, Dipanwita Roy
Format Journal Article
LanguageEnglish
Published New York Springer US 01.03.2024
Springer Nature B.V
Subjects
Algorithms
Compilers
Computer Science
Diffusion layers
Embedded systems
Gate counting
Hardware
Infections
Information retrieval
Internet of Things
Interpreters
Laser beams
Linear equations
Microprocessors
Overheating
Processor Architectures
Programming Languages
Security
Hardware implementation
DFA attack
AES Rijndael
MixColumn-Plus
Online AccessGet full text
ISSN0920-8542
1573-0484
DOI10.1007/s11227-023-05632-2

Cover

More Information
Summary:Cryptographic circuits contain various confidential information and are susceptible to fraudulent manipulations, commonly called attacks, performed by ill-intentioned person. The primary goal of the attacker is to retrieve the sensitive information when the device is executing some task. One of the most efficient attack is Differential Fault Analysis attack that exploits the physical or implementation weakness of the device by injecting faults, for example with a laser beam, overheating, etc. AES is vulnerable against Differential Fault Analysis attack. The adversary can form a system of linear equations with a pair of ciphertexts to break AES cryptosystem. In the literature, it is shown that AES key can be recovered using this kind of fault attack with an exhaustive search of 2 32 , which is further improved to 2 8 . Using a 32 cores processor with 2.1 GHz clock speed each, the AES-128 key can be retrieved within 17.5 s. Ghosal et al. as reported by Ghosal (in: Yuan, Bai, Alcaraz, Majumdar (eds) International Conference on Network and System Security, Springer, Cham, 2022) propose an extra diffusion layer to AES cryptosystem, MixColumn - Plus , to strengthen the security of AES against such attack. With the addition of an extra diffusion layer, an attacker has to search exhaustively 2 84 keys. In this work, we propose another matrix for MixColumn - Plus and further, we implement MixColumn - Plus layer with both matrices in hardware platform and compare the delay, LUT, gate count, frequency and execution time with original AES. The complexity of the byte fault attack is improved to 2 116 with the proposed matrix. The proposed hardware implementation of AES with MixColumn-Plus can be called as DFA attack-tolerant module.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-023-05632-2