One of the acceptance criteria for an AES candidate cipher was that it would be efficient enough for use in "small computers", i.e. smart cards.
And smart cards are in principle vulnerable to these kind of attacks, like perturbation attacks and differential fault analysis.
As payment card technology is moving away from the passive magstripe to active smart cards, this is a relevant development to say the least.
But, experienced smart card developers do have a bag of very effective tricks to counter aforementioned types of attack. And smart card developers know now which kind of trick they have to use when implementing rijmdael on a smart card.
Right, I guess the smart card people are different, because they are keen enough to dig deeply, and do not use AES just because NIST said it was good. Typically, smart card designers design their own protocols, and choose their own algorithms. And often they are really tweaking things for performance.
And, as you said, they've been doing things like environmental probing for a long time, far longer than anyone else.
Posted by Iang at June 16, 2010 12:36 AMThe "catch" is usually called a fault attack, isn't it ?
Posted by John Doe at June 16, 2010 07:40 AMYes, among other terms.
Posted by Iang at June 16, 2010 07:55 PMIang,
The problem with the general perception of "fault injection attacks" is that you need to have direct access at the hardware to inject the fault, you don't.
Back in the 1980's I was showing not only that you could inject a fault without contact via RF carrier but you could also use it to read information out of a target device to look for "signitures" by which you could time your injection point.
Here we are a quater of a century later and the accademic community is just starting to pick up on it...
Some bods over at the CambLabsUK showed how they reduced the number of bits of entropy from a True Random Number Generator (TRNG) from 32bits to ~8bits with no dificulty.
This was with an unmodulated RF carrier as I pointed out to them you can not only modulate the carrier with your fault injection signiture, but by using different RF carrier frequencies you can to a certain extent be selective about what point you inject the fault (via resonance / antiresonance).
The equipment needed to do this can usually be picked up for peanuts at Amateur Radio Conventions (which is where I got the bits to build my rig).
However it is not just for "injecting" faults, by being able to reduce the carrier power to a low level a strange effect happens to the unmodulted carrier as it passess through the active circuitry, due to the process of cross modulation the electronics modulate the carrier with information that can be used in many ways. One of which is to identify the point of execution of the target CPU code to actualy inject a none random fault...
Oh and don't assume metal shielding will help you can usually find a frequency that gets through any ventalation slots etc (10GHz being one of my favorites.
So yes I suspect that some systems will be vulnerable to RF Fault Injection...