Nowadays RSA using Chinese Remainder Theorem (CRT) is widely used in practical applications. However there is a very powerful attack against it with a fault injection during one of its exponentiations. Many countermeasures were proposed but almost all of them are proven to be insecure. In 2005, two new countermeasures were proposed. However they still have a weakness. The final signature is sto...

The present paper develops an attack on the AES algorithm, exploiting multiple byte faults in the state matrix. The work shows that inducing a random fault anywhere in one of the four diagonals of the state matrix at the input of the eighth round of the cipher leads to the deduction of the entire AES key. We also propose a more generalized fault attack which works if the fault induction does no...

In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64, respectively. All three variants have the same key length of 80 bits. We assume a single-bit fault injection model where the adversary is supposed to be able to corrupt a sing...

Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks. Those include side-channel and fault injection attacks. We introduce ODSM, Orthogonal Direct Sum Masking, a new computation paradigm that achieves protection against those two kinds of attacks. A large vector space is structured as two supplementary orthogonal subspace...

Among all countermeasures that have been proposed to thwart side-channel attacks against RSA implementations, the exponent randomization method – also known as exponent blinding – has been very early suggested by P. Kocher in 1996, and formalized by J.-S. Coron at CHES 1999. Although it has been used for a long time, some authors pointed out the fact that it does not intrinsically remove all so...

Cryptographic circuits are often a foundation of security in nowadays systems. As a consequence, attacks on them are critical and can be used to defeat security policies. In this context, the protection against attacks is a major concern. A fault attack uses a physical perturbation of the circuit in order to obtain faulty computations. These miscomputed results can enable cryptanalysis and reve...

The continuous scaling of VLSI technology and the aggressive use of low power strategies (such as subthreshold voltage) make it possible to implement standard cryptographic primitives within the very limited circuit and power budget of RFID devices. On the other hand, such cryptographic implementations raise concerns regarding their vulnerability to both active and passive side channel attacks....

In this paper, we propose a new method for fault tolerant computation over GF (2) for use in public key cryptosystems. In particular, we are concerned with the active side channel attacks, i.e., fault attacks. We define a larger ring in which new computation is performed with encoded elements while arithmetic structure is preserved. Computation is decomposed into parallel, mutually independent,...

Energization of a transformer results in sudden flow of current which is an effect of core magnetization. This current will be dominated by the presence of second harmonic, which in turn is used to segregate fault and inrush current, thus guaranteeing proper operation of the relay. This additional security in the relay sometimes obstructs or delays differential protection in a specific scenario...

In software development life cycle (SDLC) testing is very important step. One of the key elements of software quality is testing. Fault detection and removal process is also very important when we are doing testing. In the last 30 years numerous software reliability growth models where developed for fault detection and correction process. Majority of models where developed under static conditio...