Jason Waddle
UC Berkeley
USA
David Wagner
UC Berkeley
USA
Fault induction attacks are a serious concern for designers of secure
embedded systems. An ideal solution would be a generic circuit
transformation that would produce circuits that are robust against
fault induction attacks. We develop some framework for analyzing the
security of systems against single-fault attacks and apply it to a
recent proposed method (dual-rail encoding) for generically securing
circuits against single-fault attacks. Ultimately, we find that the
method does not hold up under our threat models: $n$-bit cryptographic
keys can be extracted from the device with roughly $n$ trials. We
conclude that secure designs should incorporate explicit
countermeasures to either directly address or attempt to invalidate
our threat models.
Keywords: fault attacks, asynchronous, side channel, embedded systems