Abstract

Classical fault attacks, such as differential fault analysis(DFA) as well as biased fault attacks, such as the differential fault intensity analysis (DFIA), have been a major threat to cryptosystems in recent times. DFA uses pairs of fault-free and faulty ciphertexts to recover the secret key. DFIA, on the other hand, combines principles of side-channel analysis and fault attacks to try and extract the key using faulty ciphertexts only. Till date, no effective countermeasure that can thwart both DFA- as well as DFIA-based attacks has been reported in the literature to the best of our knowledge. In particular, traditional redundancy-based countermeasures that assume uniform fault distributions are found to be vulnerable against the DFIA due to its use of biased fault models. In this paper, we propose a novel generic countermeasure strategy that combines the principles of redundancy with that of fault space transformation to achieve security against both DFA- and DFIA-based attacks on AES-like block ciphers. As a case study, we have applied our proposed technique to obtain temporal and spatial redundancy-based countermeasures for AES-128, and have evaluated their security against both DFA and DFIA via practical experiments on a SASEBO-GII board. Results show that our proposed countermeasure makes it practically infeasible to obtain a single instance of successful fault injection, even in the presence of biased fault models.