Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Fault Attacks on Dual-Rail Encoded Systems

Jason D. Waddle and David A. Wagner

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-04-1347
August 2004

http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/CSD-04-1347.pdf

Fault induction attacks are a serious concern for designers of secure embedded systems. An ideal solution would be a generic circuit transformation that would produce circuits that are robust against fault induction attacks. We develop some framework for analyzing the security of systems against single-fault attacks and apply it to a recent proposed method (dual-rail encoding) for generically securing circuits against single-fault attacks. Ultimately, we find that the method does not hold up under our threat models: n-bit cryptographic keys can be extracted from the device with roughly n trials. We conclude that secure designs should incorporate explicit countermeasures to either directly address or attempt to invalidate our threat models.


BibTeX citation:

@techreport{Waddle:CSD-04-1347,
    Author = {Waddle, Jason D. and Wagner, David A.},
    Title = {Fault Attacks on Dual-Rail Encoded Systems},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2004},
    Month = {Aug},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/5258.html},
    Number = {UCB/CSD-04-1347},
    Abstract = {Fault induction attacks are a serious concern for designers of secure embedded systems. An ideal solution would be a generic circuit transformation that would produce circuits that are robust against fault induction attacks. We develop some framework for analyzing the security of systems against single-fault attacks and apply it to a recent proposed method (dual-rail encoding) for generically securing circuits against single-fault attacks. Ultimately, we find that the method does not hold up under our threat models: <i>n</i>-bit cryptographic keys can be extracted from the device with roughly <i>n</i> trials. We conclude that secure designs should incorporate explicit countermeasures to either directly address or attempt to invalidate our threat models.}
}

EndNote citation:

%0 Report
%A Waddle, Jason D.
%A Wagner, David A.
%T Fault Attacks on Dual-Rail Encoded Systems
%I EECS Department, University of California, Berkeley
%D 2004
%@ UCB/CSD-04-1347
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2004/5258.html
%F Waddle:CSD-04-1347