Remote fault injection attack against cryptographic modules via intentional electromagnetic interference from an antenna

Remote fault injection attack against cryptographic modules via intentional electromagnetic interference from an antenna

연구 분야: Infrastructure

학회: Journal of Cryptographic Engineering

Fault injection attacks on cryptographic modules pose significant threats. However, conventional fault injection methods typically require physical access to the target device. This study proposes a novel fault injection method utilizing intentional electromagnetic interference (IEMI) to induce temporary faults in cryptographic modules without intrusion, proximity, or synchronization with the encryption process. The proposed method carefully selected a frequency that could induce faults sorely in the target cryptographic modules without disrupting other modules in the device. Furthermore, faults suitable for secret key analysis were efficiently generated even when EM waves were injected asynchronously into the cryptographic operation. To demonstrate the effectiveness of the proposed method, an experiment was conducted in which EM waves were irradiated from an antenna positioned 2 m from a cryptographic device with an advanced encryption standard (AES) implementation, inducing faults. The secret key was successfully retrieved by applying differential fault analysis (DFA) to the obtained faulty ciphertexts. In addition, the fault occurrence mechanism was elucidated by monitoring the electrical variations in the cryptographic module caused by IEMI. The proposed method can be applied to devices previously believed to be immune to fault injection attack threats owing to challenges associated with conventional scenarios. This suggests a wider range of applicability for addressing security concerns in such devices. Consequently, even devices already in circulation could become susceptible to these threats, highlighting the need to implement measures to protect such equipment against potential attacks. In our strategy to counteract this threat, we suggest and showcase the capability to significantly reduce the transmission efficiency of EM waves by broadening the concept of EM shielding. This, in turn, significantly decreases the occurrence rate of faults. Finally, we delve into the applicability of the proposed fault injection method to different secret key analysis methods and the limitations of the method in alternative attack scenarios.