Skip to Main Content
Over the past ten years, cryptographic algorithms have been found to be vulnerable against side-channel attacks such as power analysis attacks, timing attacks, electromagnetic radiation attacks and fault attacks. These attacks capture leaking information from an implementation of the algorithm in software or in hardware and apply cryptanalytical and statistical tools to recover the secret keys. A very well-known countermeasure against these attacks is to randomize every execution of the algorithm and every intermediate piece of data with a so-called masking method. In this paper we demonstrate that traditional countermeasures such as masking methodsfor symmetric cryptosystems are completely inefficient against fault attacks. In other words, differential fault attacks still apply on masked data. As an example we show how to recover secret keys from two masked AES implementations using a basic differential fault attack.
Date of Conference: 10-10 Aug. 2008