Reverse Engineering of a Secret AES-like Cipher by Ineffective …conferenze.dei.polimi.it/FDTC13/shared/FDTC-2013-session... · 2013-10-11 · Introduction Scope of the Attack Attack
Post on 03-Aug-2020
1 Views
Preview:
Transcript
Introduction Scope of the Attack Attack Steps Conclusion
Reverse Engineering of a Secret AES-like Cipher byIneffective Fault Analysis
Antoine Wurcker Christophe Clavierantoine.wurcker@xlim.fr christophe.clavier@unilim.fr
Universite de Limoges
FDTC 2013
20-08-2013
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 1 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Outline
1 IntroductionAdvanced Encryption StandardIneffective Fault Analysis
2 Scope of the AttackModifications on AESConstraints on Attacker
3 Attack Steps
4 ConclusionGlobal ResultsFuture Works
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 2 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Outline
1 IntroductionAdvanced Encryption StandardIneffective Fault Analysis
2 Scope of the AttackModifications on AESConstraints on Attacker
3 Attack Steps
4 ConclusionGlobal ResultsFuture Works
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 3 / 33
Introduction Scope of the Attack Attack Steps Conclusion
AES
AES Datapath
M
AddRoundKey(K0)
S0
Sr−1
SubBytes
ShiftRows
MixColumns
AddRoundKey(Kr )
Sr
S9
SubBytes
ShiftRows
AddRoundKey(K10)
C
r = 0 r = 1, . . . , 9 r = 10
Figure: The AES encryption path.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 4 / 33
Introduction Scope of the Attack Attack Steps Conclusion
AES
AES KeySchedule
⊕ ⊕ ⊕ ⊕
Kr−1
RotWord
SubWord⊕Rcon(r)
Kr
Figure: The AES key schedule.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 5 / 33
Introduction Scope of the Attack Attack Steps Conclusion
IFA
Ineffective Fault Analysis
Fault Model: Stuck at 0 a precise byte.
Fault effect:
Ciphertext not modified ⇒ the value was already 0.
Ciphertext modified ⇒ the value was not 0.
Remark:
IFA by-pass dual-execution countermeasure.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 6 / 33
Introduction Scope of the Attack Attack Steps Conclusion
IFA
E5
23
AF
75
77
13
98
1A
08
9C
34
EE
B6
59
44
M⇓...
...
⇓C
45
E5
23
AF
75
77
13
98
1A
08
9C
34
EE
B6
59
44
M⇓...
...
⇓C ′
00
6=
Figure: Example of no-occurrence of IFA.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 7 / 33
Introduction Scope of the Attack Attack Steps Conclusion
IFA
AB
5F
31
45
4C
DE
C6
11
58
90
67
6F
78
58
34
M⇓...
...
⇓C
00
AB
5F
31
45
4C
DE
C6
11
58
90
67
6F
78
58
34
M⇓...
...
⇓C
00
=
Figure: Example of occurrence of IFA.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 7 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Notations
Notations
mi : Byte number i of the input plaintext M.
ci : Byte number i of the output ciphertext C .
Kr : 128-bit Key of round number r .
kr ,i : Byte number i of the round key Kr .
S(): Function SubBytes.
S−1(0) : Preimage of 0 value by S-Box table
µi = k0,i ⊕ S−1(0)
Xr = {xr ,0, . . . , xr ,15}: Input state of SubBytes step of round rYr = {yr ,0, . . . , yr ,15}: Input state of ShiftRows step of round rZr = {zr ,0, . . . , zr ,15}: Input state of MixColumns step of round rTr = {tr ,0, . . . , tr ,15}: Input state of AddRoundKey step of round r
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 8 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Outline
1 IntroductionAdvanced Encryption StandardIneffective Fault Analysis
2 Scope of the AttackModifications on AESConstraints on Attacker
3 Attack Steps
4 ConclusionGlobal ResultsFuture Works
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 9 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Modifications on AES
Modifications on AES
The modifications allowed have to respect the constraints from the NISTdocument describing the AES:
1 The SBOX operation is a permutation table.⇒ 256! possible SBOX (' 21684).
2 The ShiftRows operation keeps shifting rows.⇒ 28 possible ShiftRows.
3 The MixColumns matrix stays circulant with four parameters ( 6= 0).⇒ 2554 possible MixColumns (' 232).
4 The RotWord operation keeps shifting word.⇒ 22 possible RotWord.
5 The Rcon vectors keeps the form [ρr−1, 0, 0, 0].⇒ 28 possible sets of Rcon vectors.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 10 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Modifications on AES
/ σ0
/ σ1
/ σ2
/ σ3
α0 α1 α2 α3
α3 α0 α1 α2
α2 α3 α0 α1
α1 α2 α3 α0
Figure: ShiftRows parameters. Figure: MixColumns matrix.
4η
⊕ ρr−1
Figure: RotWord parameter. Figure: Rcon[r ] parameter.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 11 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Constraints
Constraints on Attacker
We placed main constraints on an attacker:
1 The SBOX table is unknown.
2 The MixColumns coefficients are unknown.
3 The ShiftRows coefficients are unknown.
4 The fault can only be applied on SBOX output.
5 The key K is unknown.
The Key-Schedule operation is also constrained:
1 RotWord coefficient is unknown.
2 Rcon parameter is unknown.
3 Unavailable to fault injection (e.g. pre-computation).
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 12 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Outline
1 IntroductionAdvanced Encryption StandardIneffective Fault Analysis
2 Scope of the AttackModifications on AESConstraints on Attacker
3 Attack Steps
4 ConclusionGlobal ResultsFuture Works
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 13 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving K0 up to a Constant Byte
Retrieving K0 up to a Constant Byte
We obtain µi = k0,i ⊕ S−1(0) by exhausting mi while faulting the outputof i th S-Box of first round.
Eventually an IFA occurs and we obtain the equation:
S(mi ⊕ k0,i ) = 0
mi ⊕ k0,i = S−1(0)
mi = k0,i ⊕ S−1(0)
mi = µi
We retrieve every µi values by applying this method on each position.⇒ The set of candidates for K0 is reduced from 2128 to 28.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 14 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving K0 up to a Constant Byte
Retrieving K0 up to a Constant Byte
We obtain µi = k0,i ⊕ S−1(0) by exhausting mi while faulting the outputof i th S-Box of first round.
Eventually an IFA occurs and we obtain the equation:
S(mi ⊕ k0,i ) = 0
mi ⊕ k0,i = S−1(0)
mi = k0,i ⊕ S−1(0)
mi = µi
We retrieve every µi values by applying this method on each position.⇒ The set of candidates for K0 is reduced from 2128 to 28.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 14 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: ”Choosing” S-Box Input
Lemma: ”Choosing” S-Box Input
LemmaThe knowledge of µi values allows us to choose any value x1,i up to theconstant value S−1(0).
Proof.Playing value mi = v ⊕ µi implies that:
x1,i = mi ⊕ k0,i
x1,i = v ⊕ µi ⊕ k0,i
x1,i = v ⊕ S−1(0)⊕ k0,i ⊕ k0,i
x1,i = v ⊕ S−1(0)
Remark: if v = 0 it implies x1,i = S−1(0)⇒ y1,i = 0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 15 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: ”Choosing” S-Box Input
Lemma: ”Choosing” S-Box Input
LemmaThe knowledge of µi values allows us to choose any value x1,i up to theconstant value S−1(0).
Proof.Playing value mi = v ⊕ µi implies that:
x1,i = mi ⊕ k0,i
x1,i = v ⊕ µi ⊕ k0,i
x1,i = v ⊕ S−1(0)⊕ k0,i ⊕ k0,i
x1,i = v ⊕ S−1(0)
Remark: if v = 0 it implies x1,i = S−1(0)⇒ y1,i = 0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 15 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
Fault position: first S-Box of second round.
First step: Playing random messages until an IFA occurs.
Second step: Playing previous message with only one byte modified eachtime.On each row 1 position will break the IFA when 3 will not.
We play the second step until we get the 4 values that break IFA,revealing the 4 ShiftRows parameters.
⇒ The ShiftRows operation is reversed.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 16 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
Fault position: first S-Box of second round.
First step: Playing random messages until an IFA occurs.
Second step: Playing previous message with only one byte modified eachtime.On each row 1 position will break the IFA when 3 will not.
We play the second step until we get the 4 values that break IFA,revealing the 4 ShiftRows parameters.
⇒ The ShiftRows operation is reversed.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 16 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
⇒⊕K0 ⇒SB ⇒SR
⇓MC
⇐SB ⇐⊕K1
Figure: Position of IFA
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
⇒⊕K0 ⇒SB ⇒SR
⇓MC
⇐SB ⇐⊕K1
6= 6= 6= 6=
6=6=6=6=
6=6=6=6=
6=6=6=6=
Figure: Proof: shift parameter of second row is not 0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
⇒⊕K0 ⇒SB ⇒SR
⇓MC
⇐SB ⇐⊕K1
6= 6= 6= 6=
6=6=6=6=
6=6=6=6=
6=6=6=6=
Figure: Proof: shift parameter of second row is 1
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
⇒⊕K0 ⇒SB ⇒SR
⇓MC
⇐SB ⇐⊕K1
6= 6= 6= 6=
6=6=6=6=
6=6=6=6=
6=6=6=6=
Figure: Proof: shift parameter of second row is not 2
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reversing ShiftRows Operation
Reversing ShiftRows Operation
⇒⊕K0 ⇒SB ⇒SR
⇓MC
⇐SB ⇐⊕K1
6= 6= 6= 6=
6=6=6=6=
6=6=6=6=
6=6=6=6=
Figure: Proof: shift parameter of second row is not 3
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 17 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: Retrieving mki,j Values
Lemma: Retrieving mki ,j Values
Definition
mki,j are particular values that verifies: αj ∗ S(mki,j) = k1,i ⊕ S−1(0)
LemmaThe knowledge of µi values and ShiftRows parameters allows us tocalculate any value mki,j up to S−1(0).
Proof.We can play a full 0 state as input of first round MixColumns, except theposition t = bi/4c+ 4 ∗ j . This induces, with chosen v :
x2,i = αj ∗ S(v ⊕ S−1(0))⊕ k1,i
When v provokes an IFA on y2,i : v = mki,j ⊕ S−1(0)
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 18 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: Retrieving mki,j Values
Lemma: Retrieving mki ,j Values
Definition
mki,j are particular values that verifies: αj ∗ S(mki,j) = k1,i ⊕ S−1(0)
LemmaThe knowledge of µi values and ShiftRows parameters allows us tocalculate any value mki,j up to S−1(0).
Proof.We can play a full 0 state as input of first round MixColumns, except theposition t = bi/4c+ 4 ∗ j . This induces, with chosen v :
x2,i = αj ∗ S(v ⊕ S−1(0))⊕ k1,i
When v provokes an IFA on y2,i : v = mki,j ⊕ S−1(0)
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 18 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns by Retrieving Cycles Orders
Reducing MixColumns by Retrieving Cycles Orders (1/3)
Goal : find multiplicative order of βi,j = αi
αj.
RemarkWe place ourselves in case where at least one of the 6 orders of valuesβi,j is equals to 255. It’s concerning to 95.28% of cases.
Example : recovery of order of β1,2.
Equation given by an IFA on first S-Box of second round :{x2,0 = α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0
x2,0 = S−1(0)
⇒ α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 19 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns by Retrieving Cycles Orders
Reducing MixColumns by Retrieving Cycles Orders (1/3)
Goal : find multiplicative order of βi,j = αi
αj.
RemarkWe place ourselves in case where at least one of the 6 orders of valuesβi,j is equals to 255. It’s concerning to 95.28% of cases.
Example : recovery of order of β1,2.
Equation given by an IFA on first S-Box of second round :{x2,0 = α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0
x2,0 = S−1(0)
⇒ α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 19 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns by Retrieving Cycles Orders
Reducing MixColumns by Retrieving Cycles Orders (2/3)Knowledge of mk0,0 allows to play a plaintext byte value inducing :
z1,0 = S(mk0,0)⇒ α0 ∗ z1,0 = k1,0 ⊕ S−1(0)
That clean K1 and S−1(0) from previous equation :
α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
k1,0 ⊕ S−1(0)⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
Knowledge of µi values allows to play a plaintext byte value inducing :
z1,3 = S(S−1(0)) = 0⇒ α3 ∗ z1,3 = 0
That clean α3 from previous equation :
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 = 0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 20 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns by Retrieving Cycles Orders
Reducing MixColumns by Retrieving Cycles Orders (3/3)We use a random value θ
(0)1,2 :
z1,1 = τ(0)1,2 = S(θ
(0)1,2 ⊕ k0,0)
We exhaust z1,2 until an IFA occurs revealing the value θ(1)1,2 such as:
z1,2 = τ(1)1,2 = S(θ
(1)1,2 ⊕ k0,0)
We then reveal the sequence of θ(k)1,2 that verifies :
α1 ∗ τ (k)1,2 ⊕ α2 ∗ τ (k+1)
1,2 = 0
τ(k+1)1,2 = β1,2 ∗ τ (k)
1,2
⇒ τ(k)1,2 = (β1,2)k ∗ τ (0)
1,2
Eventually τ(n)1,2 = τ
(0)1,2 revealing that (β1,2)n = 1. n1,2 = n, order of β1,2.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 21 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns by Retrieving Cycles Orders
Exploiting Data from Orders Retrieval
For each candidate for {α0, α1, α2, α3} we are now able to test order ofevery βi,j and drop the solutions that do not verify found orders ni,j .
We imposed that at least one order is equals to 255, it induces thatduring orders recovery we produced a sequence of 255 values
{θ(0)i,j , . . . , θ
(255)i,j }. That particular sequence will be set as reference for
further steps and noted {θ(0), . . . , θ(255)}. The concerned βi,j will also benoted β.
Then we know that:
τ (i) = S(θ(i) ⊕ k0,0)
τ (i) = β ∗ τ (i−1)
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 22 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: Relation K1-K0
Lemma: Relation K1-K0
This reduction of MixColumns candidates will use particular propertiesbrought by KeySchedule scheme:
Lemma
For i ∈ {0, 4, 1, 5, 2, 6, 3, 7}, we have k1,i ⊕ k1,i+8 = µi+4 ⊕ µi+8.
Proof.
k1,i+4 = k1,i ⊕ k0,i+4
k1,i+8 = k1,i+4 ⊕ k0,i+8
}⇒ k1,i⊕k1,i+8 = k0,i+4⊕k0,i+8 = µi+4⊕µi+8
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 23 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Lemma: Relation K1-K0
Lemma: Relation K1-K0
This reduction of MixColumns candidates will use particular propertiesbrought by KeySchedule scheme:
Lemma
For i ∈ {0, 4, 1, 5, 2, 6, 3, 7}, we have k1,i ⊕ k1,i+8 = µi+4 ⊕ µi+8.
Proof.
k1,i+4 = k1,i ⊕ k0,i+4
k1,i+8 = k1,i+4 ⊕ k0,i+8
}⇒ k1,i⊕k1,i+8 = k0,i+4⊕k0,i+8 = µi+4⊕µi+8
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 23 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns Using K1 Relations
Reducing MixColumns Using K1 Relations(1/2)
We will force the K0-K1 relation to appear in IFA equations. As inprevious step we use mk0,0 knowledge to clean K1 and S−1(0) :
α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
k1,0 ⊕ S−1(0)⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
Then we use knowledge of mk1,i and mk2,i+8 to have z1,1 = S(mk1,i ) andz1,2 = S(mk2,i+8):
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
k1,i ⊕ S−1(0)⊕ k1,i+8 ⊕ S−1(0)⊕ α3 ∗ z1,3 = 0
k1,i ⊕ k1,i+8 ⊕ α3 ∗ z1,3 = 0
µi+4 ⊕ µi+8 ⊕ α3 ∗ z1,3 = 0
Then we exhaust value for z1,3 until we got an IFA.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 24 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns Using K1 Relations
Reducing MixColumns Using K1 Relations(1/2)We will force the K0-K1 relation to appear in IFA equations. As inprevious step we use mk0,0 knowledge to clean K1 and S−1(0) :
α0 ∗ z1,0 ⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
k1,0 ⊕ S−1(0)⊕ α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 ⊕ k1,0 = S−1(0)
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
Then we use knowledge of mk1,i and mk2,i+8 to have z1,1 = S(mk1,i ) andz1,2 = S(mk2,i+8):
α1 ∗ z1,1 ⊕ α2 ∗ z1,2 ⊕ α3 ∗ z1,3 = 0
k1,i ⊕ S−1(0)⊕ k1,i+8 ⊕ S−1(0)⊕ α3 ∗ z1,3 = 0
k1,i ⊕ k1,i+8 ⊕ α3 ∗ z1,3 = 0
µi+4 ⊕ µi+8 ⊕ α3 ∗ z1,3 = 0
Then we exhaust value for z1,3 until we got an IFA.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 24 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Reducing MixColumns Using K1 Relations
Reducing MixColumns Using K1 Relations(2/2)
We recognise the message byte inducing the colliding z1,3 as a θ(p) value,then we know that z1,3 = τ (p):
µi+4 ⊕ µi+8 ⊕ α3 ∗ τ (p) = 0
µi+4 ⊕ µi+8 ⊕ α3 ∗ βp ∗ τ (0) = 0
τ (0) =µi+4 ⊕ µi+8
α3 ∗ βp
That type of relations constraint MixColumns parameters.
LemmaTwo equations of previous step allows to reduce the set of candidates forMixColumns parameters to 255 elements.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 25 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving MixColumns and RotWord parameters
Retrieving MixColumns and RotWord parameters
In this step we use two types of equations combined:{k1,0 = k0,0 ⊕ S(k0,12+η)⊕ ρ0
k1,0 = αj ∗ S(mk0,j ⊕ k0,0)⊕ S−1(0)
⇒S(k0,12+η) = k0,0 ⊕ S−1(0)⊕ 1⊕ αj ∗ S(mk0,j ⊕ k0,0)
⇒S(k0,12+η) = µ0 ⊕ 1⊕ αj ∗ S(θ(q1)⊕k0,0)
⇒S(k0,12+η) = µ0 ⊕ 1⊕ αj ∗ τ (q1)
For each MixColumns parameter candidate we are able to calculateS(k0,12+η) and recognise it as a known τ (q2) value:
⇒S(k0,12+η) = τ (q2) = S(θ(q2) ⊕ k0,0)
⇒k0,12+η = θ(q2) ⊕ k0,0
⇒θ(q2) = µ0 ⊕ µ12+η
Then we got only 4 valid solutions, a second equation let only 1.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 26 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving MixColumns and RotWord parameters
Retrieving MixColumns and RotWord parametersIn this step we use two types of equations combined:{
k1,0 = k0,0 ⊕ S(k0,12+η)⊕ ρ0
k1,0 = αj ∗ S(mk0,j ⊕ k0,0)⊕ S−1(0)
⇒S(k0,12+η) = k0,0 ⊕ S−1(0)⊕ 1⊕ αj ∗ S(mk0,j ⊕ k0,0)
⇒S(k0,12+η) = µ0 ⊕ 1⊕ αj ∗ S(θ(q1)⊕k0,0)
⇒S(k0,12+η) = µ0 ⊕ 1⊕ αj ∗ τ (q1)
For each MixColumns parameter candidate we are able to calculateS(k0,12+η) and recognise it as a known τ (q2) value:
⇒S(k0,12+η) = τ (q2) = S(θ(q2) ⊕ k0,0)
⇒k0,12+η = θ(q2) ⊕ k0,0
⇒θ(q2) = µ0 ⊕ µ12+η
Then we got only 4 valid solutions, a second equation let only 1.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 26 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving S−1(0)
Retrieving S−1(0)
We are now able to calculate k1,4, due to equations from KeySchedule:{k1,0 = k0,0 ⊕ τ (q2) ⊕ 1k1,4 = k1,0 ⊕ k0,4
⇒ k1,4 = k0,0 ⊕ τ (q2) ⊕ 1⊕ k0,4
⇒ k1,4 = µ0 ⊕ S−1(0)⊕ τ (q2) ⊕ 1⊕ µ4 ⊕ S−1(0)
⇒ k1,4 = τ (q2) ⊕ 1⊕ µ0 ⊕ µ4
We then use k1,4 to derive S−1(0) from a mki,j equation:
k1,4 = αj ∗ S(mk4,j ⊕ k0,0)⊕ S−1(0)
S−1(0) = αj ∗ S(θ(q3)⊕k0,0)⊕ k1,4
S−1(0) = αj ∗ τ (q3) ⊕ k1,4
RemarkWe are now able to infer the values of: S-Box, K0 and K1.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 27 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving S−1(0)
Retrieving S−1(0)We are now able to calculate k1,4, due to equations from KeySchedule:{
k1,0 = k0,0 ⊕ τ (q2) ⊕ 1k1,4 = k1,0 ⊕ k0,4
⇒ k1,4 = k0,0 ⊕ τ (q2) ⊕ 1⊕ k0,4
⇒ k1,4 = µ0 ⊕ S−1(0)⊕ τ (q2) ⊕ 1⊕ µ4 ⊕ S−1(0)
⇒ k1,4 = τ (q2) ⊕ 1⊕ µ0 ⊕ µ4
We then use k1,4 to derive S−1(0) from a mki,j equation:
k1,4 = αj ∗ S(mk4,j ⊕ k0,0)⊕ S−1(0)
S−1(0) = αj ∗ S(θ(q3)⊕k0,0)⊕ k1,4
S−1(0) = αj ∗ τ (q3) ⊕ k1,4
RemarkWe are now able to infer the values of: S-Box, K0 and K1.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 27 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving Rcon parameter
Retrieving Rcon parameter
We know all AES parameters except ρ, that allows to control T2 state.We exhaust t2,0 values until an IFA occurs on first S-Box of third round:
y3,0 = 0
S(x3,0) = 0
S(t2,0 ⊕ k2,0) = 0
k2,0 = t2,0 ⊕ S−1(0)
We learn k2,0 and then we can simply calculate ρ:
k2,0 = k1,0 ⊕ S(k1,12+η)⊕ ρρ = k1,0 ⊕ S(k1,12+η)⊕ k2,0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 28 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Retrieving Rcon parameter
Retrieving Rcon parameter
We know all AES parameters except ρ, that allows to control T2 state.We exhaust t2,0 values until an IFA occurs on first S-Box of third round:
y3,0 = 0
S(x3,0) = 0
S(t2,0 ⊕ k2,0) = 0
k2,0 = t2,0 ⊕ S−1(0)
We learn k2,0 and then we can simply calculate ρ:
k2,0 = k1,0 ⊕ S(k1,12+η)⊕ ρρ = k1,0 ⊕ S(k1,12+η)⊕ k2,0
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 28 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Simulations Results
Simulations Results
Step # of faultsRetrieving µi values 2055.96Retrieving ShiftRows 138.50Retrieving βi,j orders 22339.80Retrieving cross-orders relations 0Retrieving K1 relations 915.77Retrieving MixColumns and RotWord 64.30Retrieving S−1(0) 0Retrieving Rcon 127.5Total 25641.83
Figure: Experimental results on an unprotected implementation.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 29 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Simulations Results
Simulations Results
Step # of faultsRetrieving µi values 2055.96Retrieving ShiftRows 138.50Retrieving βi,j orders 22339.80Retrieving cross-orders relations 0Retrieving K1 relations 915.77Retrieving MixColumns and RotWord 64.30Retrieving S−1(0) 0Retrieving Rcon 127.5Total 25641.83
Figure: Experimental results on an unprotected implementation.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 29 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Outline
1 IntroductionAdvanced Encryption StandardIneffective Fault Analysis
2 Scope of the AttackModifications on AESConstraints on Attacker
3 Attack Steps
4 ConclusionGlobal ResultsFuture Works
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 30 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Global Results
Global Results
We by-pass the dual-execution countermeasure.
In 95.28% of cases we retrieve the whole algorithm specifications in anaverage of ∼ 25k required fault number.
With reasonable over-costs, we are able to extend our attack to twoharder configurations:
1 Full entropy MixColumns matrix: MixColumns matrix is no morecirculant and is composed of 16 independent parameters. This newattack is valid in 99.99% of cases (instead of 95.28%).
2 Extended Rcon parameters: Rcon is no more dependant from anunique value ρ but each round have it’s own independent value.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 31 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Future Works
Future Works
Search tricks in order to reduce fault number.
Extend attack to 5% remaining cases.
Adapt attack when fault is done on exclusive-or (⊕) operationsinstead of table lookup.
Study adaptability of this attack in presence of different type ofcounter-measures.
Study how the knowledge of the key facilitates the attack (adecryption function available on the device give ability to find thekey).
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 32 / 33
Introduction Scope of the Attack Attack Steps Conclusion
Questions
Questions
Thank you for your attention.
Any Question ?
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 33 / 33
Proof: Only 255 MixColumns Candidates Remains
Proof: Only 255 MixColumns Candidates Remains
Proof.
τ (0) =µ1,i+4⊕µ1,i+8
α3∗βp1
τ (0) =µ1,i+8⊕µ1,i+12
α3∗βp2
}⇒ βp1−p2 =
µ1,i+4 ⊕ µ1,i+8
µ1,i+8 ⊕ µ1,i+12
⇒ (αi?
αj?)p1−p2 =
µ1,i+4 ⊕ µ1,i+8
µ1,i+8 ⊕ µ1,i+12
⇒ αp1−p2
i? =µ1,i+4 ⊕ µ1,i+8
µ1,i+8 ⊕ µ1,i+12∗ αp1−p2
j?
It remains 255 valid pairs (αi? , αj?). Already acquired relations extendthis property to other MixColumns parameters.
RemarkFor each of 255 candidates for MixColumns parameters we are able tocalculate τ (0) and β, then the whole sequence (τ (k))k=0,...,254.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 34 / 33
Simulation’s Oracle
Simulation’s Oracle
We ran simulations using an oracle taking as input:
the parameters of the modified AES
the round and S-Box position that is considered as faulted
the message we decide to play
it gives back a boolean value indicating if the fault was ineffective or not.
Antoine Wurcker (Universite de Limoges) Reverse AES by IFA FDTC 2013 35 / 33
top related