A Non-invasive Fault Attack on FPGA-based Cryptographic Applications

doi:10.13209/j.0479-8023.2015.126

Acta Scientiarum Naturalium Universitatis Pekinensis ›› 2016, Vol. 52 ›› Issue (2): 193-198.DOI: 10.13209/j.0479-8023.2015.126

Previous Articles Next Articles

A Non-invasive Fault Attack on FPGA-based Cryptographic Applications

LIAO Nan¹, CUI Xiaoxin¹, LIAO Kai¹, WANG Tian¹, YU Dunshan¹, CHENG Yufang²

1. Institute of Microelectronics, School of Electronics Engineering and Computer Science, Peking University, Beijing 100871;
2. Nationz technologies Inc, Shenzhen 518057; † Corresponding author, E-mail: cuixx@pku.edu.cn

Received:2014-12-18 Online:2016-03-20 Published:2016-03-20
Contact: CUI Xiaoxin, E-mail: cuixx(at)pku.edu.cn

一种针对FPGA密码模块的非侵入式故障攻击

廖楠¹, 崔小欣¹, 廖凯¹, 王田¹, 于敦山¹, 程玉芳²

1. 北京大学信息科学技术学院微电子学研究院, 北京 100871; 2. 国民技术股份有限公司, 深圳 518057;
† 通信作者, E-mail: cuixx@pku.edu.cn

通讯作者: 崔小欣, E-mail: cuixx(at)pku.edu.cn
基金资助:
国家自然科学基金(61306040) 、北京市自然科学基金(4152020) 和深圳市战略新兴产业发展专项资金创新环境建设计划(ZDSY20130402095348589)资助

Abstract

Abstract:

A non-invasive, high-efficient and low-cost fault attack is realized on FPGA-based cryptographic applications. Based on the setup failures in critical paths, faults are injected into the FPGA devices by lowering the supply voltage. Then the encryption key can be retrieved efficiently with an appropriate fault model. In the attack experiments, the full 128-bit key of AES is retrieved correctly with only 8 pairs of correct and faulty ciphertexts within a few minutes, by using a power supply and a personal computer, based on the FPGA platform.

Key words: fault attack, FPGA, AES, setup failure

摘要：

在FPGA平台上, 利用降低电源电压的方法使电路关键路径上的数据建立失败, 从而达到注入故障的目的。基于合适的故障模型, 攻击者可以有效地获取密钥信息，实现了针对密码模块的高效率、低成本的非侵入式故障攻击方法。攻击实验利用一台电压源和一台个人电脑, 通过8组正确和错误密文对, 成功地恢复出一个FPGA 中AES密码模块的128 bit完整密钥。

关键词: 故障攻击, FPGA, AES, 建立失败

CLC Number:

TN49

LIAO Nan, CUI Xiaoxin, LIAO Kai, WANG Tian, YU Dunshan, CHENG Yufang. A Non-invasive Fault Attack on FPGA-based Cryptographic Applications[J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2016, 52(2): 193-198.

廖楠, 崔小欣, 廖凯, 王田, 于敦山, 程玉芳. 一种针对FPGA密码模块的非侵入式故障攻击[J]. 北京大学学报（自然科学版）, 2016, 52(2): 193-198.

[1]	XIE Hao, CAO Jian, LI Pu, ZHAO Xiongbo, ZHANG Xing. A Hardware Accelerator for SSD Object Detection Algorithm Based on FPGA [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2022, 58(6): 1015-1022.
[2]	CHEN Zhaohui, MA Yuan, JING Jiwu. Hardware Optimization and Evaluation for Crucial Modules of Lattice-Based Cryptography [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2021, 57(4): 595-604.
[3]	YONG Shanshan,WANG Xin’an,CAO Ying,ZHANG Fangni,SHI Xiaolong,XIE Zheng. Reconfigurable Operators Array: Architecture and Modeling [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2014, 50(4): 761-767.
[4]	CAO Jian,JIAO Hai,WANG Yuan,ZHANG Xing. Volumetric Display System Based on FPGA and DLP Technologies [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2014, 50(4): 605-610.
[5]	HUANG Ying,CUI Xiaoxin,WEI Wei,ZHANG Xiao,LIAO Kai,LIAO Nan,YU Dunshan. Research on DPA Resistant Circuit for FPGA [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2014, 50(4): 652-656.
[6]	ZHANG Xiao,CUI Xiaoxin,WEI Wei,HUANG Ying,LIAO Kai,LIAO Nan,YU Dunshan. Correlation Electromagnetic Analysis Attacks against an FPGA Implementation of AES [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2014, 50(4): 647-651.
[7]	SHEN Jinpeng,WANG Xin’an,LIU Shan,LI Shoucheng,HU Tongning. A Security-Enhanced UHF RFID Transponder with Novel Demodulator [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2014, 50(2): 214-220.
[8]	ZHANG Kai,GUAN Jie,ZHANG Zhongya,LUO Lei. Key Recovery Attack on Hybrid Cipher SCB Algorithm [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2013, 49(3): 397-403.
[9]	LI Yuwen,ZHANG Xing,JIANG Anping. Design of AES Coprocessor Used on the Node of Wireless Sensor Network [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2009, 45(3): 426-430.
[10]	LIN Teng,FENG Jianhua,ZHAO Jianbing,WANG Yangyuan. A Novel Scheme for Application-Dependent Testing of FPGAs [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2009, 45(3): 402-408.
[11]	LI Ying,LU Weijun,YU Dunshan,ZHANG Xing. A Resource Optimizing Algorithm in FPGA Based High Speed FIR Digital Filters [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2009, 45(2): 222-226.
[12]	ZHU Qing,FENG Jing,WU Weizhong,RUI Kejian,GAO Hang. Preliminary Analysis on Algal Inhibition by Rice Straw Extract and Allelopathic Components [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2009, 45(1): 178-182.
[13]	WANG Jian,JIANG Anping,SHENG Shimin. A Dual Finite Fields Algorithm for Elliptic Curve Cryptosystem and FPGA Implementation [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2008, 44(6): 871-876.
[14]	LIU Yong,CHEN Yu,CHEN Zhong. Optimize Cryptographic Symmetric Primitives Performance [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2008, 44(5): 733-738.
[15]	QIAO Hua,GUAN Wu,DONG Mingke,XIANG Haige. Design and Implementation of LDPC Decoder with High Throughput [J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2008, 44(3): 347-352.

A Non-invasive Fault Attack on FPGA-based Cryptographic Applications

一种针对FPGA密码模块的非侵入式故障攻击

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics