Lab 1_1B - AES Loop Skip Fault Attack in Practice explanation

Madhumitha · April 5, 2024, 6:43am

Hi,

Can someone explain what exactly is being done in this Notebook? At which round of the encryption algorithm is the glitch being added, and what do they mean by AES loop skip fault attack?
Finally, what is the difference between what is being done in this notebook and what is done in Lab 1_2 - 1.5 Round AES Attack?
I would be grateful if someone could explain.

Thanks in advance.

Alex_Dewar · April 5, 2024, 3:37pm

Hi,

The basic idea of those labs is to glitch the target such that it only does the first AddRoundKey and the final round of AES instead of the full algorithm. In the first case, it becomes pretty trivial to use the plaintext and the faulty ciphertext to recover the key, as the 16 bytes of the key are treated entirely separately. This is a bit like Lab 2_1B in sca101, where you can check each byte of the password by itself; essentially you can think of it as breaking 16 1 byte passwords instead of a single 16 byte password.

The second attack is a lot trickier, as you end up doing the full first round in addition to the above. This notably includes the MixColumns operation, which combines bytes of the internal state, taking a trivial attack to 4 32 byte keys. A smarter attack can do a lot better. I ended up using GitHub - cbouilla/AES-attacks-finder: Automatic tool from 2011 to find low-data complexity MitM attacks on the AES to generate the attack code, as my cryptography skills aren’t strong enough to figure out an attack for that.

Alex

Madhumitha · April 8, 2024, 10:49am

Thanks a lot, this explanation really helped!

Madhumitha · April 10, 2024, 10:06am

Hi

I have few other questions related to these 2 notebooks.

How exactly are the glitches being inserted, I mean in what way is the glitch being added such that only 1 or 1.5 rounds are executed in the AES encryption. Is it an exor operation with the clock in this context or something else?
In the Lab 1_1B where only 1 round is being performed, the glitch is being added from 300 to 340. How does an attacker know that a glitch being added at this range performs the required operation i.e. skip the AES rounds and jumping to the last.
What does it mean when the glitch range is from 300 to 340? I get an output saying glitched at 339? Is it glitching throughout this range or only at 339?
in [Lab 1_1B - AES Loop Skip Fault Attack in Practice] In the first case, 16 bytes of 0s are being sent to the target board for encryption, for which we don’t get any waveform even if the glitch is being is inserted, why so? According to the code the waveform is not being displayed because the glitched_ct0 = gold_ct, which is the original cipher text (without the glitch being added). Why isn’t the inserted glitch not changing plain text containing 0s, or am I getting it wrong?

Please excuse me if my doubts are trivial.

Thanks in advance.

Alex_Dewar · April 10, 2024, 7:09pm

We’re using clock glitching for these labs

That something that you, as an attacker, will have to figure out. In this case, we can look at the assembly running on the target, but if you don’t have that you can make reasonable guesses about things the target is doing.

We’re trying glitches with various settings. In your case, something 339 cycles after the trigger happened, a glitch succeeded.

We don’t plot for every glitch because it’s not useful. If you get the same ciphertext as without a glitch, then you didn’t affect the target in a useful way (or at all).

Alex

Madhumitha · April 15, 2024, 11:33am

Hi,

Could you please elaborate on the 3rd solution.

As for the 4th question I’m getting the same result even in the notebook which does attack in 1.5 rounds when I send 16 bytes of 0. Please find attached the screenshots.

I haven’t changed anything in the code. I was just running what was already present. Could you give a solution for this.

Thank you very much