Improved Algebraic Fault Analysis: A Case Study on Piccolo and Applications to Other Lightweight Block Ciphers

2013 ◽  
pp. 62-79 ◽  
Author(s):  
Fan Zhang ◽  
Xinjie Zhao ◽  
Shize Guo ◽  
Tao Wang ◽  
Zhijie Shi
Keyword(s):  
Block Ciphers ◽  
Fault Analysis

scholarly journals Persistent Fault Analysis on Block Ciphers

2018 ◽  
pp. 150-172 ◽  
Author(s):  
Fan Zhang ◽  
Xiaoxuan Lou ◽  
Xinjie Zhao ◽  
Shivam Bhasin ◽  
Wei He ◽  
...  
Keyword(s):  
Time Synchronization ◽  
Fault Injection ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Experimental Results ◽  
Fault Attacks ◽  
Intrinsic Nature ◽  
Fault Attack ◽  
Modular Redundancy

Persistence is an intrinsic nature for many errors yet has not been caught enough attractions for years. In this paper, the feature of persistence is applied to fault attacks, and the persistent fault attack is proposed. Different from traditional fault attacks, adversaries can prepare the fault injection stage before the encryption stage, which relaxes the constraint of the tight-coupled time synchronization. The persistent fault analysis (PFA) is elaborated on different implementations of AES-128, specially fault hardened implementations based on Dual Modular Redundancy (DMR). Our experimental results show that PFA is quite simple and efficient in breaking these typical implementations. To show the feasibility and practicability of our attack, a case study is illustrated on the shared library Libgcrypt with rowhammer technique. Approximately 8200 ciphertexts are enough to extract the master key of AES-128 when PFA is applied to Libgcrypt1.6.3 with redundant encryption based DMR. This work puts forward a new direction of fault attacks and can be extended to attack other implementations under more interesting scenarios.

How Chosen Seismic Fault Picking Strategy Influences Subsequent Fault Analyses: A Case Study from the Horda Platform, with Implications for CO2 storage

2021 ◽  
Author(s):  
Emma Michie ◽  
Mark Mulrooney ◽  
Alvar Braathen
Keyword(s):  
Fluid Flow ◽  
Co2 Storage ◽  
Fault Analysis ◽  
Surface Generation ◽  
Storage Site ◽  
Seismic Line ◽  
Fault Stability ◽  
Line Spacing ◽  
Fault Growth

<p>Significant uncertainties occur through varying methodologies when interpreting faults using seismic data.  These uncertainties are carried through to the interpretation of how faults may act as baffles/barriers or increase fluid flow.  Seismic line spacing chosen by the interpreter when picking fault segments, as well as the chosen surface generation algorithm used, will dictate how detailed or smoothed the surface is, and hence will impact any further interpretation such as fault seal, fault stability and fault growth analyses.</p><p>This contribution is a case study showing how picking strategies influence analysis of a bounding fault in terms of CO<sub>2</sub> storage assessment.  This example utilizes data from the Smeaheia potential storage site within the Horda Platform, 20 km East of Troll East.  This is a fault bound prospect, known as the Alpha prospect, and hence the bounding fault is required to have a high seal potential and low chance of reactivation upon CO<sub>2</sub> injection.</p><p>We can observe that an optimum spacing for fault interpretation for this case study is set at approximately 100 m.  It appears that any additional detail through interpretation with a line spacing of ≤50 m simply adds further complexities, associated with sensitivities by the individual interpreter.  Hence, interpreting at a finer scale may not necessarily improve the subsurface model and any related analysis, but in fact lead to the production of highly irregular surfaces, which impacts any further fault analysis.  Interpreting on spacing greater than 100 m often leads to overly smoothed fault surfaces that miss details that could be crucial, both for fault seal / stability as well as for fault growth models.</p><p>Uncertainty associated with the chosen seismic interpretation methodology will follow through to subsequent fault seal analysis, such as analysis of whether in situ stresses, combined with increased pore pressure through CO<sub>2</sub> injection, will act to reactivate the faults, leading to up-fault fluid flow / seep.  We have shown that changing picking strategies significantly alters the interpreted stability of the fault, where picking with an increased line spacing has shown to increase the overall fault stability, and picking using every line leads to the interpretation of a critically stressed fault.  Alternatively, it is important to note that differences in picking strategy show little influence on the overall predicted fault membrane seal (i.e. shale gouge ratio) of the fault, used when interpreting the fault seal capacity for a fault bound CO<sub>2</sub> storage site.</p>

scholarly journals Fault Interpretation Uncertainties using Seismic Data, and the Effects on Fault Seal Analysis: A Case Study from the Horda Platform, with Implications for CO<sub>2</sub> storage

2021 ◽  
Author(s):  
Emma A. H. Michie ◽  
Mark J. Mulrooney ◽  
Alvar Braathen
Keyword(s):  
Fluid Flow ◽  
Seismic Data ◽  
Growth Models ◽  
Fault Analysis ◽  
Surface Generation ◽  
Co2 Injection ◽  
Line Spacing ◽  
Fault Growth ◽  
Fault Interpretation

Abstract. Significant uncertainties occur through varying methodologies when interpreting faults using seismic data. These uncertainties are carried through to the interpretation of how faults may act as baffles/barriers or increase fluid flow. How fault segments are picked when interpreting structures, i.e. what seismic line spacing is specified, as well as what surface generation algorithm is used, will dictate how detailed the surface is, and hence will impact any further interpretation such as fault seal or fault growth models. We can observe that an optimum spacing for fault interpretation for this case study is set at approximately 100 m. It appears that any additional detail through interpretation with a line spacing of ≤ 50 m adds complexity associated with sensitivities by the individual interpreter. Further, the location of all fault segmentation identified on Throw-Distance plots using the finest line spacing are also observed when 100 m line spacing is used. Hence, interpreting at a finer scale may not necessarily improve the subsurface model and any related analysis, but in fact lead to the production of very rough surfaces, which impacts any further fault analysis. Interpreting on spacing greater than 100 m often leads to overly smoothed fault surfaces that miss details that could be crucial, both for fault seal as well as for fault growth models. Uncertainty in seismic interpretation methodology will follow through to fault seal analysis, specifically for analysis of whether in situ stresses combined with increased pressure through CO2 injection will act to reactivate the faults, leading to up-fault fluid flow/seep. We have shown that changing picking strategies alter the interpreted stability of the fault, where picking with an increased line spacing has shown to increase the overall fault stability. Picking strategy has shown to have minor, although potentially crucial, impact on the predicted Shale Gouge Ratio.

scholarly journals An Automated Framework for Exploitable Fault Identification in Block Ciphers – A Data Mining Approach

10.29007/fmzl ◽  
2018 ◽  
Author(s):  
Sayandeep Saha ◽  
Ujjawal Kumar ◽  
Debdeep Mukhopadhyay ◽  
Pallab Dasgupta
Keyword(s):  
Data Mining ◽  
Complexity Analysis ◽  
Practical Interest ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Fault Attacks ◽  
Differential Fault Analysis ◽  
Analysis Scheme ◽  
Fault Characterization

Characterization of all possible faults in a cryptosystem exploitable for fault attacks is a problem which is of both theoretical and practical interest for the cryptographic community. The complete knowledge of exploitable fault space is desirable while designing optimal countermeasures for any given crypto-implementation. In this paper, we address the exploitable fault characterization problem in the context of Differential Fault Analysis (DFA) attacks on block ciphers. The formidable size of the fault spaces demands an automated albeit fast mechanism for verifying each individual fault instance and neither thetraditional, cipher-specific, manual DFA techniques nor the generic and automated Algebraic Fault Attacks (AFA) [10] fulfill these criteria. Further, the diversified structures of different block ciphers suggest that such an automation should be equally applicable to any block cipher. This work presents an automatedframework for DFA identification, fulfilling all aforementioned criteria, which, instead of performing the attack just estimates the attack complexity for each individual fault instance. A generic and extendable data-mining assisted dynamic analysis framework capable of capturing a large class of DFA distinguishersis devised, along with a graph-based complexity analysis scheme. The framework significantly outperforms another recently proposed one [6], in terms of attack class coverage and automation effort. Experimental evaluation on AES and PRESENT establishes the effectiveness of the proposed framework in detectingmost of the known DFAs, which eventually enables the characterization of the exploitable fault space.

scholarly journals Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers

2019 ◽  
pp. 1-29 ◽  
Author(s):  
Xiaolu Hou ◽  
Jakub Breier ◽  
Fuyuan Zhang ◽  
Yang Liu
Keyword(s):  
Block Ciphers ◽  
Fault Analysis ◽  
Smt Solver ◽  
Multiplication Operation ◽  
Analysis Methodology ◽  
Differential Fault Analysis ◽  
Software Implementations ◽  
Symmetric Block ◽  
Assembly Analysis ◽  
Effective Description

Differential Fault Analysis (DFA) is considered as the most popular fault analysis method. While there are techniques that provide a fault analysis automation on the cipher level to some degree, it can be shown that when it comes to software implementations, there are new vulnerabilities, which cannot be found by observing the cipher design specification.This work bridges the gap by providing a fully automated way to carry out DFA on assembly implementations of symmetric block ciphers. We use a customized data flow graph to represent the program and develop a novel fault analysis methodology to capture the program behavior under faults. We establish an effective description of DFA as constraints that are passed to an SMT solver. We create a tool that takes assembly code as input, analyzes the dependencies among instructions, automatically attacks vulnerable instructions using SMT solver and outputs the attack details that recover the last round key (and possibly the earlier keys). We support our design with evaluations on lightweight ciphers SIMON, SPECK, and PRIDE, and a current NIST standard, AES. By automated assembly analysis, we were able to find new efficient DFA attacks on SPECK and PRIDE, exploiting implementation specific vulnerabilities, and previously published DFA on SIMON and AES. Moreover, we present a novel DFA on multiplication operation that has never been shown for symmetric block ciphers before. Our experimental evaluation also shows reasonable execution times that are scalable to current cipher designs and can easily outclass the manual analysis. Moreover, we present a method to check the countermeasure-protected implementations in a way that helps implementers to decide how many rounds should be protected. We note that this is the first work that automatically carries out DFA on cipher implementations without any plaintext or ciphertext information and therefore, can be generally applied to any input data to the cipher.

A Framework to Counter Statistical Ineffective Fault Analysis of Block Ciphers Using Domain Transformation and Error Correction

2020 ◽  
Vol 15 ◽  
pp. 1905-1919 ◽  
Author(s):  
Sayandeep Saha ◽  
Dirmanto Jap ◽  
Debapriya Basu Roy ◽  
Avik Chakraborty ◽  
Shivam Bhasin ◽  
...  
Keyword(s):  
Error Correction ◽  
Block Ciphers ◽  
Fault Analysis ◽  
Domain Transformation

scholarly journals A Novel Differential Fault Analysis on the Key Schedule of SIMON Family

Electronics ◽  
2019 ◽  
Vol 8 (1) ◽  
pp. 93 ◽  
Author(s):  
Jinbao Zhang ◽  
Ning Wu ◽  
Fang Zhou ◽  
Muhammad Yahya ◽  
Jianhua Li
Keyword(s):  
Block Ciphers ◽  
Fault Model ◽  
Fault Analysis ◽  
Research Attention ◽  
Key Schedule ◽  
Differential Fault Analysis ◽  
Detailed Simulation ◽  
Exact Position ◽  
Propagation Properties ◽  
Fourth Round

As a family of lightweight block ciphers, SIMON has attracted lots of research attention since its publication in 2013. Recent works show that SIMON is vulnerable to differential fault analysis (DFA) and existing DFAs on SIMON assume the location of induced faults are on the cipher states. In this paper, a novel DFA on SIMON is proposed where the key schedule is selected as the location of induced faults. Firstly, we assume a random one-bit fault is induced in the fourth round key KT−4 to the last. Then, by utilizing the key schedule propagation properties of SIMON, we determine the exact position of induced fault and demonstrate that the proposed DFA can retrieve 4 bits of the last round key KT−1 on average using one-bit fault. Till now this is the largest number of bits that can be cracked as compared to DFAs based on random bit fault model. Furthermore, by reusing the induced fault, we prove that 2 bits of the penultimate round key KT−2 could be retrieved. To the best of our knowledge, the proposed attack is the first one which extracts a key from SIMON based upon DFA on the key schedule. Finally, correctness and validity of our proposed attack is verified through detailed simulation and analysis.

scholarly journals Diffusional Side-Channel Leakage From Unrolled Lightweight Block Ciphers: A Case Study of Power Analysis on PRINCE

2021 ◽  
Vol 16 ◽  
pp. 1351-1364
Author(s):  
Ville Yli-Mayry ◽  
Rei Ueno ◽  
Noriyuki Miura ◽  
Makoto Nagata ◽  
Shivam Bhasin ◽  
...  
Keyword(s):  
Power Analysis ◽  
Block Ciphers ◽  
Side Channel
Sign in / Sign up

Export Citation Format

Share Document