A Fault-Resistant AES Implementation
Using Differential Characteristic of Input and Output

 

JeongSoo Park¹, KiSeok Bae², YongJe Choi³, DooHo Choi³, and JaeCheol Ha¹*

 

¹Hoseo University

Asan, ChungNam, Korea

sizeplay@nate.com, jcha@hoseo.edu

 

²Kyungpook National University

Daegu, Korea

gith@ee.knu.ac.kr

 

³ETRI

Daejeon, Korea

{choiyj, dhchoi}@etri.re.kr

 

 

Abstract

 

The goal of a fault injection attack is to extract a secret key which is embedded in a cryptographic

device by injecting a fault during execution of the algorithm. In particular, an attacker can extract

the master key of the advanced encryption standard (AES) using only a one-byte fault injection. We

propose a new countermeasure method resistant to fault injection attacks by checking the differential

byte of the input and output in the encryption process and key expansion process, respectively. Based

on the result of computer simulations and practical experiments, we suggest that our proposed AES

implementation against fault attack has a superior error detection ability and improved efficiency

compared with previous existing methods.

 

Keywords: fault attack, countermeasure, AES, differential characteristic

 

*Corresponding author: Dept. of Information Security, Hoseo University, 165 Sechul-Ri, Baebang-Eup,
Asan-Si, Chungnam, 336-795 Korea, Tel: +82-41-540-5991

Journal of Internet Services and Information Security (JISIS), 2(3/4): 93-109, November 2012 [pdf]