Fault Attacks on Dual-Rail Encoded Systems

Jason D. Waddle and David A. Wagner

EECS Department, University of California, Berkeley

Technical Report No. UCB/CSD-04-1347

, 2004

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1347.pdf

Fault induction attacks are a serious concern for designers of secure embedded systems. An ideal solution would be a generic circuit transformation that would produce circuits that are robust against fault induction attacks. We develop some framework for analyzing the security of systems against single-fault attacks and apply it to a recent proposed method (dual-rail encoding) for generically securing circuits against single-fault attacks. Ultimately, we find that the method does not hold up under our threat models: <i>n</i>-bit cryptographic keys can be extracted from the device with roughly <i>n</i> trials. We conclude that secure designs should incorporate explicit countermeasures to either directly address or attempt to invalidate our threat models.

BibTeX citation:

@techreport{Waddle:CSD-04-1347,
    Author= {Waddle, Jason D. and Wagner, David A.},
    Title= {Fault Attacks on Dual-Rail Encoded Systems},
    Year= {2004},
    Month= {Aug},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/5258.html},
    Number= {UCB/CSD-04-1347},
    Abstract= {Fault induction attacks are a serious concern for designers of secure embedded systems. An ideal solution would be a generic circuit transformation that would produce circuits that are robust against fault induction attacks. We develop some framework for analyzing the security of systems against single-fault attacks and apply it to a recent proposed method (dual-rail encoding) for generically securing circuits against single-fault attacks. Ultimately, we find that the method does not hold up under our threat models: <i>n</i>-bit cryptographic keys can be extracted from the device with roughly <i>n</i> trials. We conclude that secure designs should incorporate explicit countermeasures to either directly address or attempt to invalidate our threat models.},
}

EndNote citation:

%0 Report
%A Waddle, Jason D. 
%A Wagner, David A. 
%T Fault Attacks on Dual-Rail Encoded Systems
%I EECS Department, University of California, Berkeley
%D 2004
%@ UCB/CSD-04-1347
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2004/5258.html
%F Waddle:CSD-04-1347