CTO North America and Principal Security Analyst at Riscure
Flip a bit, grab a key: symbolic execution edition
Differential fault analysis (DFA) is the field of using corruption of a cipher execution to extract its secret/private key. It is often applied in hardware-based crypto systems, but it is also being actively used in extracting keys from whitebox / software cryptographic implementations.
However, such DFA attacks require manual analysis as a pre-processing step, a fixed guess at the fault model, and can be non-trivial to implement. Algebraic Fault Analysis (AFA) is a class of DFA which overcomes these difficulties by using a combination of algebraic cryptanalysis and DFA to retrieve the secret key. In this research, we present a methodology which decreases the complexity of performing AFA, by using a symbolic execution engine on a software implementation of the cipher.
Depending on fault conditions we show AES and DES keys can be extracted with as little as 2--5 faults, while having a low computational and design complexity. We perform a live demo of such key extraction.
Four authors:
Cees-Bart Breunesse, PhD
Principal Security Analyst at Riscure; specialist in both hardware and software security
Rajesh Velegalati, PhD
Security Analyst at Riscure; focus on hardware fault injection
Panasayya Yalla, PhD
Security Analyst at Riscure; focus on hardware fault injection
Jasper van Woudenberg, MSc
CTO North America and Principal Security Analyst at Riscure ; specialist in both hardware and software security
