You can detect but you cannot hide: Fault Assisted Side Channel Analysis on Protected Software-based Block Ciphers

Cryptographic implementations are prune to Side Channel Analysis (SCA) attacks and Fault Injection (FI) attacks at the same time. Therefore, countermeasures protecting an implementation need to be evaluated against both attacks. The main contribution of this work is twofold. First, we propose an evaluation platform capable to perform emulated fault injection campaigns against modern MCUs and at the same time able to acquire experimental electromagnetic EM emissions and power traces of cryptographic computations to be used for SCA attacks. Second, we perform experimental evaluations of countermeasures protecting against both SCA and FI attacks which show that the injections of faults can dramatically reduce the effectiveness of SCA countermeasures. We evaluate two cryptographic algorithms, an AES and a PRESENT-Sbox implementation, which are protected employing different countermeasures protecting in parallel against FI and SCA attacks. The AES secure implementation is protected by hiding-based SCA countermeasures, while it uses a redundancy-based technique against FI attacks. On the other hand, the PRESENT Sbox is protected by a software implementation of a Dual-rail with Precharge Logic (DPL) countermeasure including fault detection capabilities. We present extensive experimental evaluations for the AES implementation and first results for PRESENT-Sbox showing that for both implementations the fault injections increase the efficiency of the SCA attacks and lead to very fast recoveries of the secret keys.