A practical analysis of fault attack countermeasure on AES using data masking

摘要

The symmetric cryptographic system such as the advanced encryption standard (AES) is a favorite target for differential fault analysis. Tunstall et al. recently proposed a fault attack in which a secret key can be extracted by injecting only a one-byte fault on the AES. Countermeasures against fault analysis have been proposed, but they have a fault detection rate limit or additional costs for extra verification processes. We evaluate whether the AES implementation using Akkar and Giraud's data masking method, which was originally proposed to protect against power analysis attack, can defeat the fault injection attack. Based on practical experiments, we suggest that an AES adopting the masking method is sufficiently secure from existing fault injection techniques in real environments.