Most of the attacks against the Advanced Encryption Standard based on faults mainly aim at either altering the temporary value of the message or key during the computation. Few other attacks tamper the instruction flow in order to reduce the number of round iterations to one or two. In this work, we extend this idea and present fault attacks against the AES algorithm that exploit the misbehavior of the instruction flow during the last round. In particular, we consider faults that cause the algorithm to skip, repeat or corrupt one of the four AES round functions. In principle, these attacks are applicable against both software and hardware implementations, by targeting the execution of instructions or the control logic. As conclusion countermeasures against fault attacks must also cover the instruction flow and not only the processed data.
Differential Fault Attacks against AES tampering with the Instruction Flow / S. Mella, F. Melzani, A. Visconti - In: Proceedings of the 11th International Conference on Security and Cryptography[s.l] : SCITEPRESS, 2014. - ISBN 9789897580451. - pp. 439-444 (( Intervento presentato al 11. convegno International Conference on Security and Cryptography tenutosi a Wien nel 2014 [10.5220/0005112104390444].
Differential Fault Attacks against AES tampering with the Instruction Flow
S. Mella;A. Visconti
2014
Abstract
Most of the attacks against the Advanced Encryption Standard based on faults mainly aim at either altering the temporary value of the message or key during the computation. Few other attacks tamper the instruction flow in order to reduce the number of round iterations to one or two. In this work, we extend this idea and present fault attacks against the AES algorithm that exploit the misbehavior of the instruction flow during the last round. In particular, we consider faults that cause the algorithm to skip, repeat or corrupt one of the four AES round functions. In principle, these attacks are applicable against both software and hardware implementations, by targeting the execution of instructions or the control logic. As conclusion countermeasures against fault attacks must also cover the instruction flow and not only the processed data.
| File | Dimensione | Formato | |
|---|---|---|---|
|
SECRYPT_2014_122.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
188.75 kB
Formato
Adobe PDF
|
188.75 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
