Project summary
Algebraic Fault Attacks
(funded by DFG; project started in October 2015)
Cryptographic circuits are employed in mobile and embedded systems to protect sensitive information from unauthorized access and manipulation. Fault attacks circumvent the protection by injecting faults into the hardware implementation of the cryptographic function, thus manipulating the calculation in a controlled manner and allowing the attacker to derive protected data such as secret keys. A large number of fault attacks and counter-measures against such attacks were suggested in the last years. However, isolated techniques for each individual attack are no longer sufficient; a generic protective strategy is lacking.
The Algebraic Fault Attacks project focuses on the class of algebraic fault attacks, where the information used for cryptanalysis is represented by systems of polynomials. In order to understand the scope of such attacks and develop suitable counter-measures,, techniques to conduct algebraic fault attacks will be developed. Making them as automated as possible will enable systematic vulnerability estimation of cryptographic functions and their hardware implementations. Mixed algebraic models will be employed which integrate the specification of the function with its hardware implementation and can be enriched by results of side-channel analysis. To solve the generated algebraic systems, classical Gröbner-base and border-base procedures as well as reduction of reduction of such systems to Boolean satisfiability (SAT) instances will be employed. Both border-base and SAT algorithms will be optimized for specific properties of fault-based cryptanalysis, and a tightly-integrated combination of both methods will be created. The attacks will be validated on an FPGA-based fault-injection platform, and the obtained data will be fed back in order to refine the employed models of attacks and counter-measures. Finally, a cross-level protection strategy combining error detection based on novel AMD codes with low-level hardening is proposed.