Physical Attacks against Cryptographic Implementations

Alexandre Berzati, Martin Gallezot, Alain Pomet - INVIA

1- Introduction

Since the advent of side channel attacks, classical cryptanalysis is no longer sufficient to ensure the security of cryptographic algorithms. In practice, the implementation of algorithms on electronic devices is a potential source of leakage that an attacker can use to completely break a system [KJJ99,BB03,GMO01]. The injection of faults during the execution of cryptographic algorithm is considered as an intrusive side channel method because secret information may leak from malicious modifications of the device's behavior [BDL97,BDL01,BS97]. In this context, the security of public key cryptosystems [BDL97,BDL01] and symmetric ciphers in both block [BS97] and stream modes [HS04] has been challenged. In this context, finding efficient countermeasures for cryptosystems against fault attacks is challenged by a constant discovery of ﬂaws in designs. Even elements, such as public keys, that do not seem critical must be protected against physical attacks [BMM00,BCMCC06,KBPJJ08]. In this paper, we propose to distinguish potential source of leakage in designs that may lead to critical security ﬂaws, even using provably secured cryptographic algorithms.

The rest of the paper is organized as follow. The example presented in Section 2 highlights the need for protecting both hardware and software against physical attacks. The Section 3 describes the diferent source of physical leakage referenced in the literature that must be considered as potential threats when designing secured systems.

Click here to read more ...