Page 286 - AWSAR 2.0
P. 286

262 || AWSAR Awarded Popular Science Stories - 2019
“That means anyone can take my card, induce fault and retrieve the information?” he was anxious to know more, “I can’t understand why the bank authorities and the government keeps insisting on using smart cards then?” he added.
“It’s not exactly that bad. All the faults induced by the attacker may not be successful. And in some cases, these tampering techniques such as electromagnetic rays and ion-beams are very costly. And not all random faults that happen during the execution of these algorithms will give you the secret information. Therearespecificlocationsintheseblack- box algorithms, where fault injection can successfully retrieve some information about the secret, and that too with specific attack complexity,” I explained.
“We are researching this aspect in our labs. We work on these cryptographic models both at a theoretical and implementation level, and determine all the possible
locations of these algorithms,
where the attacker can make
some assumptions about the
key, which we call as vulnerable
locations,” I added.
“How will these studies help the end-users like me, who are unaware of what happens at the rear end?” he asked doubtfully.
“Studying all
cryptographic models used in
the real world need in-depth
mathematical analysis. Manual
analysis requires more effort and time. For example, you may need to consider around 2128 to 22048 inputs and the corresponding intermediate steps of the model. Think of the effort that you may need to put in to ‘count the number of leaves on a peepal tree’,” he said.
Hence, we have developed automated tools that take these cryptographic models
along with their specifications as inputs, create mathematical equations for all the rounds and determine all the vulnerable locations in these models. Even though the problem looks straight forward, this part of the work relies more on the theoretical aspects of these models. You can even relate this to the method that can determine all possible leaves that pests may eat, which need complex analysis.
Moving to the practical side, that helps the end-users, we consider these vulnerable locations and protect these locations by adding some countermeasures. Some of the countermeasures that we consider to thwart fault attacks are redundancy, scrambling, masking, and parity. Here, we also need to determine how effective these countermeasures are and to what probability it can thwart from fault attacks. Similar to some techniques to protect leaves from pest attack like covering the leaves with polyester row
cover, using sprays, and plant herbs. Hence the research helps to design and protect the implementations from fault attacks, which can be used for manufacturing smart cards with better security,” I added.
“Then, why can’t we replace all the existing models with the newly designed secured ones, like remove infested plants to prevent the pests from spreading to other plants?” he directly jumped to the safest option.
I smiled, “Since the threat of fault attacks is real, both bank and hardware manufacturers are looking for secure methods. This is a question of research. It is a tedious task to replace all the existing cryptographic models, as they have a strong mathematical background and are difficult to compute using direct methods. Also, fault can be injected
   “Studying all cryptographic models used in the real world need in-depth mathematical analysis. Manual analysis requires more effort and time. For example, you may need to consider around 2128 to 22048 inputs and the corresponding intermediate steps of the model.
  












































































   284   285   286   287   288