Incremental Fault Analysis: Relaxing the Fault Model of Differential Fault Attacks
This article presents a new fault analysis technique against cryptographic devices called the incremental fault analysis (IFA), which can be adapted into fault attacks using more traditional differential fault analysis (DFA) techniques in order to increase their feasibility under more practical fault injection conditions. Many previous attack methods require precise fault injection techniques such as clock glitching. By contrast, IFA is compatible with a more practical overclocking fault injection technique in which a cryptosystem is stressed at a constant level throughout the entire encryption, and this constant stress level is then increased between consecutive encryptions. It is observed that as new faults occur incrementally between increased stress levels, they often become superimposed upon faults first appearing at lower stress levels. IFA exploits these incremental fault differentials to deduce the cipher key more rapidly. Attacks were tested using practical fault injection methods on the advanced encryption standard (AES) both with and without IFA applied. Using IFA, allowed cipher keys to be retrieved with a success rate of 100% from 10 times less faulty ciphertexts and 6.4 times less computational time, requiring 16, 86, and 43 ciphertexts on average for AES-128, AES-192, and AES-256, respectively.
Advanced encryption standard (AES), block cipher, cryptanalysis, cryptography, differential fault analysis (DFA), fault attack, security, side-channel attack.