Fault Tolerant Cryptographic Architectures
Motivation and Background
In today's world the implementations of cryptographic algorithms and protocols are rarely challenged by the computational resources of an attacker. Key sizes of 128 bits for symmetric schemes and matching sizes for public key schemes offer sufficiently large security margins to withstand even huge leaps in the cryptanalytical progress. The real, tangible threat stems from side-channel attacks in which an attacker tries to use flaws in the implementation, rather than flaws in the algorithm.
We need to distinguish between two main classes of attacks: passive attacks in which the attacker solely takes the role of an observer and tries to gain knowledge of secret information by means of side-channel leakage, e.g. patterns in the power-trace. This type of attack has been the focus of a large body of research over the past decade, not in the least due to the interest from industrial manufacturers of smart card technology.
The class of active attacks contains scenarios in which the attacker is able to influence the behavior of the device directly and, for example, induce faulty behaviour. The consequences of such a fault attack on a system without error detection has been demonstrated vividly in [1]. Active attacks have so far been approached mainly under the aspect of tamper resistance, which focuses on sensors to detect environmental changes and erase sensitive information if necessary.
But what if, instead of directly tampering with the device, the attacker tries to introduce faults into the system by means that might not be caught, e.g. by briefly cutting the power supply to the system to insert glitches into the logic? Furthermore it is hard to distinguish such effects from faulty behaviour without malicious intent, i.e. caused by a faulty power supply. This could see the unfortunate erasure of information which is then also lost for legitimate users of the system. What is needed is a degree of fault tolerance that would protect against both, regular faults, and malicious ones introduced by an adversary with a certain level of sophistication.
Poster presentation at WPI's 2005 ECE department Graduate Research Day (pdf).
Our Research
- Fault tolerant arithmetic
- Robust control logic
Publications
- G. Gaubatz and B. Sunar, Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography. Workshop on Fault Diagnosis and Tolerance in Cryptography 2005 (FDTC'05), Edinburgh, Scotland, September 2005. (pdf)
- G. Gaubatz, B. Sunar and M.G. Karpovsky. Non-linear Residue Codes for Robust Public-Key Arithmetic. Workshop on Fault Diagnosis and Tolerance in Cryptography 2006 (FDTC'06), Yokohama, Japan, October 2006. (pdf)
- G. Gaubatz, E. Savas, B. Sunar. Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults. Pre-print (pdf)
Links to Other Research Groups
- Boston University Reliable Computing Laboratory (M. Karpovsky)
- Stanford Center for Reliable Computing (E. McCluskey)
- University of Calgary ATIPS Laboratory
Conferences
- Int'l Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC (2006,2005,2004)
- Int'l Workshop on Cryptographic Hardware and Embedded Systems - CHES (website)
References
- D. Boneh, R.A. DeMillo, and R.J. Lipton. On the importance of checking cryptographic protocols for faults. In W. Fumy, ed., Advances in Cryptology - EuroCrypt'97, vol. 1233, Lecture Notes in Computer Science, Springer, Heidelberg, 1997.
Last modified: Nov 18, 2006, 12:21 EST
![[WPI]](http://www.wpi.edu/Buttons/seal.gif "WPI Homepage"){kind=small}
![[ECE]](http://www.ece.wpi.edu/Buttons/ece.gif){kind=small}
![[Home]](http://www.wpi.edu/Buttons/home.gif){kind=small}
![[Back]](http://www.wpi.edu/Buttons/back.gif){kind=small}