Protection against hardware attacks is a crucial prerequisite
for cryptographic implementations running on devices
that may be physically exposed to attackers. The main threat is
either Side-Channel Analysis (SCA) or Fault Injection Analysis
(FIA). Additionally, combined attacks that use both SCA and
FIA simultaneously are becoming increasingly prevalent due to
their potency. One of the most recent combined attacks is the socalled
SCA-NFA. The SCA-NFA method is capable to overcome
DOMREP, which is a recently proposed countermeasure offering
individual protection against SCA and FIA. In this work, we
present an extension of the previous DOMREP protection scheme
that can withstand an adversary with SCA-NFA capabilities. To
overcome the shortfalls of DOMREP, we extend the classical
DOM-AND gate to provide security even in the presence of
faults. Furthermore, we developed a protected error-correction
gate that is also secure in the presence of faults. We provide proof
based on the glitch-extended probing model to verify the security
claims of our DOMREP extension. Furthermore, we demonstrate
the effectiveness with measurements of a protected software
implementation of a DOM-AND gate running on an STM32F071
microcontroller. According to these measurements, our DOMAND
gate implementation achieves the expected security level.
«
Protection against hardware attacks is a crucial prerequisite
for cryptographic implementations running on devices
that may be physically exposed to attackers. The main threat is
either Side-Channel Analysis (SCA) or Fault Injection Analysis
(FIA). Additionally, combined attacks that use both SCA and
FIA simultaneously are becoming increasingly prevalent due to
their potency. One of the most recent combined attacks is the socalled
SCA-NFA. The SCA-NFA method is capable to overcome
DOMREP...
»