Research And Implementation Of Persistent Fault Attack Method Of Block Cipher

Advanced encryption Standard(AES)is a typical block cipher algorithm,which is widely used in embedded devices.Since the National Institute of Standards and Technology published the AES algorithm in 2003,the attack methods and related protection schemes against AES have never stopped.As a new fault model,persistent fault attack(PFA)was first proposed on ches 2018.In order to further explore the wider application scenarios of persistent faults and explore whether the idea of traditional fault attack can be further optimized under the new fault model of persistent faults,this paper analyzes the implementation of AES and the corresponding working mode by using persistent faults.Firstly,this paper combines persistent fault with collision attack,and proposes persistent fault based collision attack(PFCA).PFCA needs a more relaxed fault model.When injecting single byte fault,the computational complexity is O(223).When injecting multi byte fault,the complexity can be reduced to O(212)by using filtering algorithm.The simulation experiment on computer shows that the success rate of online key search and offline key search is close to 100%.The attack is also applicable to AES protected by Boolean mask and partial high-order mask,as well as inverse S-box detection and parity detection.Secondly,due to the block cipher working mode used in reality to process long messages,the attacker cannot control the direct input of the encryption/decryption module or collect the direct output of the cipher module.In addition,the AES cryptographic module in OpenSSL uses multiple T boxes instead of S boxes,which not only improves the efficiency,but also leads to the failure of the existing persistent failure attack mode.In this paper,stuck at 0 or random fault is injected into the T-box to attack the implementation of ECB mode encryption/decryption in OpenSSL respectively;For CBC mode,this paper attacks the decryption implementation of CBC mode by challenging ciphertext;For OFB and CFB,the pattern of non-direct operating messages can be successfully attacked by challenging ciphertext.In addition,through the attack on CMAC,this paper verifies that the key can be recovered as long as the collision information in the intermediate state is observed.The simulation results show that the attack success rate is 100%whether it is single byte fault or multi byte fault.Finally,this paper combines persistent fault with differential attack,and proposes persistent fault based differential analysis(PFDA).Since the injected is a persistent fault,the output of byte substitution of all faults is the same,so we can calculate the input difference.Therefore,compared with the traditional differential attack based on temporary fault,PFDA greatly reduces the attack complexity.The experimental results show that PFDA is effective for a variety of high-order masks and fault protection countermeasures.When the number of sharing factors is less than 4,PFDA only needs about 200 ciphertexts.For AES protected by RP high-order masking,this paper uses fault-tolerant method to reduce the required ciphertext.In addition,our evaluation shows that the method combining high-order mask and time redundancy can not provide sufficient protection against PFDA.