@article{oai:ipsj.ixsq.nii.ac.jp:00098524,
author = {Kazuo, Sakiyama and Yang, Li and Shigeto, Gomisawa and Yu-ichiHayashi and Mitsugu, Iwamoto and Naofumi, Homma and Takafumi, Aoki and Kazuo, Ohta and Kazuo, Sakiyama and Yang, Li and Shigeto, Gomisawa and Yu-ichi, Hayashi and Mitsugu, Iwamoto and Naofumi, Homma and Takafumi, Aoki and Kazuo, Ohta},
issue = {2},
journal = {情報処理学会論文誌},
month = {Feb},
note = {Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.

------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.22(2014) No.2 (online)
DOI http://dx.doi.org/10.2197/ipsjjip.22.142
------------------------------, Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.