Paper 2021/685

Blind Side-Channel SIFA

Melissa Azouaoui, Kostas Papagiannopoulos, and Dominik Zürner

Abstract

Statistical Ineffective Fault Attacks (SIFA) have been recently proposed as very powerful key-recovery strategies on symmetric cryptographic primitives' implementations. Specically, they have been shown to bypass many common countermeasures against faults such as redundancy or infection, and to remain applicable even when side-channel countermeasures are deployed. In this work, we investigate combined side-channel and fault attacks and show that a profiled, SIFA-like attack can be applied despite not having any direct ciphertext knowledge. The proposed attack exploits the ciphertext's side-channel and fault characteristics to mount successful key recoveries, even in the presence of masking and duplication countermeasures, at the cost of both side-channel and fault profiling. We analyze the attack using simulations, discuss its requirements, strengths and limitations, and compare different approaches to distinguish the correct key. Finally, we demonstrate its applicability on an ARM Cortex-M4 device, utilizing a combination of laser-based fault injection and microprobe-based EM side-channel analysis.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. DATE 2021
Keywords
Fault Injection AttacksSide-Channel AttacksCombined AttacksStatistical Ineffective Fault Attacks
Contact author(s)
melissa azouaoui @ nxp com
History
2021-05-28: received
Short URL
https://ia.cr/2021/685
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/685,
      author = {Melissa Azouaoui and Kostas Papagiannopoulos and Dominik Zürner},
      title = {Blind Side-Channel SIFA},
      howpublished = {Cryptology ePrint Archive, Paper 2021/685},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/685}},
      url = {https://eprint.iacr.org/2021/685}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.