Welcome to the resource topic for 2002/073
Title:
Fault attacks on RSA with CRT: Concrete Results and Practical Countermeasures
Authors: C. Aumüller, P. Bier, P. Hofreiter, W. Fischer, J. -P. Seifert
Abstract:This article describes concrete results and practically approved countermeasures concerning differential fault attacks
on RSA using the CRT. It especially investigates smartcards with a RSA coprocessor where any hardware countermeasure to
defeat such fault attacks have been switched off.
This scenario has been chosen in order to completely analyze the resulting effects
and errors occurring inside the hardware. Using the results of this kind of physical
stress attack enables the development of completely reliable software countermeasures.
Although {\em successful/} RSA attacks on the investigated hardware have been only possible with an expensive enhanced
laboratory equipment, the effects on the unprotected hardware have been tremendously. This caused lots of analysis efforts to
investigate what really happened during the attack. Indeed, this will be addressed in this paper.
We first report on the nature of the resulting errors within the hardware due to the physical stress applied to the
smartcard. Hereafter, we describe the experiments and results with a very efficient and prominent software RSA-CRT DFA
countermeasure. This method could be shown to be insufficient, i.e., detected nearly no error, when we introduced
stress at the right position during the computation.
Naturally, a detailed error analysis model followed, specifying every failure point during the RSA-CRT operation.
This model finally allowed to develop and present here new very practically oriented software countermeasures hedging
the observed and characterized fault attacks.
Eventually, we present the security analysis of our new developed software RSA-CRT DFA countermeasures.
Thanks to their careful specification according to the observed and analyzed errors they resisted all kinds of physical
stress attacks and were able to detect any subtle computation error, thus avoiding to break the smartcard by fault attacks.
Nevertheless, we stress, that although our software countermeasures have been fully approved by practical experiments,
we are convinced that only sophisticated hardware countermeasures like sensors and filters in combination with
software countermeasures will be able to provide a secure and comfortable base to defeat in general any conceivable
fault attacks scenario on smartcards properly.
ePrint: https://eprint.iacr.org/2002/073
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .