부산대학교 도서관

In the fault injection method, an electromagnetic (EM) wave is injected to temporarily cause a fault at a specific time of the encryption process, the faulty outputs are obtained from the cryptographic device, and the secret key is extracted by analyzing the faulty outputs. In the conventional method, the intentional electromagnetic interference (IEMI) wave is injected at a random time because it is difficult to obtain information on the start time of the encryption process. Thus, a cryptographic module must execute a large number of encryption trials before the occurrence of a fault that enables the secret key to be extracted. In this article, we propose a fault injection method that can generate the faults at a specific time with high probability, which is like the method of injecting an IEMI wave synchronized with the start time of the encryption process. The proposed method inserts glitches into the encryption process at fixed times by injecting a continuous sinusoidal wave of a specific frequency while controlling the amplitude and phase. This generates faults required for the secret key analysis method with a high probability even when the start time of the encryption process cannot be obtained. We experimentally demonstrate the impact of the aforementioned IEMI using the advanced encryption standard, which is an ISO/IEC 18033 block cipher, implemented as a module on a standard evaluation board. The conventional method requires more than 30 000 encryption processes to obtain the secret key. In contrast, the results indicate that we can obtain the secret key with approximately 22 encryption processes which is almost three orders of magnitude less than that with the conventional method. This confirms that secret keys can be extracted in a brief period of time. Moreover, devices previously excluded from IEMI-based fault injection because they can only be accessed for a brief period because their physical access was surveilled, may now be the target of the threat.