Quantitative Evaluation of Security on Cryptographic ICs against Fault Injection Attacks

C. Shao, H. Li, G. Xu

Abstract

Fault injection attacks have become a serious threat against cryptographic ICs. However, the traditional security evaluation often demands experienced engineers repeatedly scan the IC under test for a few hours to a few days, and take the workload statistics and experiences as qualitative indexes. This paper proposes a quantitative model to evaluate security based Design for Security Test (DFST), considering both the sensitive time during the algorithm operation and the sensitive area of the cryptographic IC against fault injection attacks. The case study on two RSA implementations demonstrates the feasibility of the quantitative evaluation of security model.

References

  1. Su, D., Xu, K. and Gao, Y., 2011. The Evaluation Model and Index System of Cryptographic Modules Security Assurance Ability. Proceedings of Third International Conference on Multimedia Information Networking and Security, pp. 448-452.
  2. Barenghi, A., Breveglieri, L., Koren, I. and Naccache, D., 2012. Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proceedings of the IEEE, vol. 100, no. 11, pp. 3056-3076.
  3. Kim, C.H. and Quisquater, J. J., 2007. Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures. In: Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems, pp. 215-228.
  4. Boneh, D., De Millo, R. A. and Lipton, R. J., 2001. On the importance of eliminating errors in cryptographic computations. Journal of cryptology, vol. 14, no. 2, pp. 101-119.
  5. Bar-El, H., Choukri, H., Naccache, D., et al, 2006. The sorcerer's apprentice guide to fault attacks. Proceedings of the IEEE, vol. 94, no.2, pp. 370-382.
  6. MasterCard International Incorporated, 2005. Security Guidelines for Smart Card Integrated Circuits.
  7. Shao, C., Li, H., Xu, G., et al, 2014. Design for security test against fault injection attacks. Electronics Letters. vol. 50, no. 23, pp. 1677-1678.
  8. The National Institute of Standards and Technology (NIST), 2009. Security Requirements for Cryptographic Modules. FIPSPUB140-3 Draft.
  9. Ningfang, S., Jiaomei, Q., Xiong, P., et al, 2011. Fault Injection Methodology and Tools. Electronics and Optoelectronics (ICEOE), pp. 47-50.
  10. Moradi, A., Shalmani, M. T. M., and Salmasizadeh, M., 2006. A generalized method of differential fault attack against AES cryptosystem. In Proc. Cryptographic Hardware and Embedded Systems-CHES, Springer Berlin Heidelberg, pp. 91-100.
  11. Rivest, R. L., Shamir, A., and Adleman, L., 1978. A method for obtaining digital signatures and public-key cryptosystems.in Communications of the ACM, vol. 21, pp.120-126.
  12. Wang, J., 2006. Research of RSA Encryption Algorithm. Shenyang University thesis.
  13. Zhang, L., 2005. Research and Implementation of RSA Cryptography. Shandong University of Science and Technology thesis.
  14. Hardy, G. H., and Wright, E. M., 1979. An introduction to the theory of numbers. The Clarendon Press Oxford University Press, fifth edition.
Download


Paper Citation


in Harvard Style

Shao C., Li H. and Xu G. (2016). Quantitative Evaluation of Security on Cryptographic ICs against Fault Injection Attacks . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 97-104. DOI: 10.5220/0005686300970104


in Bibtex Style

@conference{icissp16,
author={C. Shao and H. Li and G. Xu},
title={Quantitative Evaluation of Security on Cryptographic ICs against Fault Injection Attacks},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={97-104},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005686300970104},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Quantitative Evaluation of Security on Cryptographic ICs against Fault Injection Attacks
SN - 978-989-758-167-0
AU - Shao C.
AU - Li H.
AU - Xu G.
PY - 2016
SP - 97
EP - 104
DO - 10.5220/0005686300970104