Summary of Error injection attacks (Fault injection Attack)

1. What is called Error injection attack

Error injection attacks, in the cipher chip device by introducing errors in the cryptographic algorithm, causing the cryptographic device to produce incorrect results, the error results are analyzed to obtain the key.

It is more than a differential energy attack (Dpa,differentialpower analysis), a simple energy attack (spa,simplepower analyses), an EMP attack (EMA, Electromagneticanalysis) are more powerful. Attacking an unprotected RSA-CRT requires only a trace (energy trace), and Aes or des requires two traces. DPA and EMA usually require thousands or thousands of Traces,spa to require a small amount of traces, but not strong enough.

2. The main way of error injection attacks

A) Glitch Attack

An attack on a device by disturbing an external voltage or an external clock causes the device to fail, with the advantage of being easy to implement, but unable to attack a particular part. Most chips now have glitch detector or DC filter to resist attack.

b) Temperature Attack

By changing the external temperature to disrupt the normal operation of the device, resulting in incorrect results.

c) Light Attack

The normal operation of the cipher device is disturbed by the photon by laser irradiation. It can choose the location of the attack, is the strongest attack mode. Since the chips are primarily protected on the front, protection is rarely used on the back. Laser attack can be attacked by irradiation on the back.

D) Magnetic Attack

Electromagnetic attacks, using a powerful magnetic field to interfere with the device. The advantage is cheap, but not as strong as the laser attack.

3. Types of errors: including permanent and transient errors

A) Permanent error

Powerful, can be used to attack data (EEPROM, RAM) or code (EEPROM), but difficult to implement.

b) Transient error

Interference code specific procedures, including: Skip the sub-procedure skip subroutine, avoid detecting avoidtest, error execution code executedifferently, fetch error value fetch WRONGVALUE, change program counter Modify Programcounter, etc.

4. The choice of the error injection attack model: The step is two-step, first choose which kind of error to introduce, then choose the way of practice.

A) Bit v.s. Byte

Bit: Attack single bit, powerful, can almost successfully attack all password systems, but difficult to achieve

BYTE: Attacking entire byte, because byte is the primary way to store and transfer device data, it is easier to implement

b) Specific v.s. Random Value

Specific: Set the data to full 0 or all 1, theoretically more easily thought of attack mode

Random Value: It is easier to implement an attack by using stochastic numbers.

c) Static V.s. Computational

Static: Used to attack the DSA, the attack point is memory memories, more difficult

Computational: Used to attack the RSA-CRT, in the attack to introduce error operation calculation, the implementation is relatively easy.

d) Data V.s. Control

Data: attack on chip operations

Control: The operation of the attack chip, this method is more difficult to achieve, but more powerful.

Reference:

Kim, Chong Hee, and J-j. Quisquater. "Faults, injection methods, and fault attacks." Design & Test of Computers, IEEE 24.6 (2007): 544-545.