An Adaptive Multiple-Fault Injection Attack on Microcontrollers and a Countermeasure

Sho ENDO  Naofumi HOMMA  Yu-ichi HAYASHI  Junko TAKAHASHI  Hitoshi FUJI  Takafumi AOKI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E98-A    No.1    pp.171-181
Publication Date: 2015/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E98.A.171
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Foundation
embedded microcontrollers,  cryptographic software,  fault injection attacks,  

Full Text: PDF>>
Buy this Article

This paper proposes a multiple-fault injection attack based on adaptive control of fault injection timing in embedded microcontrollers. The proposed method can be conducted under the black-box condition that the detailed cryptographic software running on the target device is not known to attackers. In addition, the proposed method is non-invasive, without the depackaging required in previous works, since such adaptive fault injection is performed by precisely generating a clock glitch. We first describe the proposed method which injects two kinds of faults to obtain a faulty output available for differential fault analysis while avoiding a conditional branch in a typical recalculation-based countermeasure. We then show that the faulty output can be obtained by the proposed method without using information from the detailed instruction sequence. In particular, the validity of the proposed method is demonstrated through experiments on Advanced Encryption Standard (AES) software with a recalculation-based countermeasure on 8-bit and 32-bit microcontrollers. We also present a countermeasure resistant to the proposed method.