To Exploit Fault Injection on Non-injective Sboxes

Differential Fault Analysis (DFA) attacks are well known to cryptanalyse embedded cryptographic algorithms. However, efficient countermeasures exist and most devices are now secured against this kind of attacks. In the same way, Safe Error attacks avoid most of DFA countermeasures but they can not break a masked implementation. In this paper, we introduce a new fault attack which takes advantage of both kinds of attack and which is efficient with all countermeasures detecting the fault. We illustrate this attack on the DES Sboxes, even if it applies on all non-injective Sboxes. First, we provide a short reminder of DES, we introduce previous attacks performed on it and we present some existing mechanisms to defend it against these threats. Then, we introduce our attack which consists in injecting faults that nullify after passing in the SBoxes of the first round and allows retrieving the key of a secure DES implementation. We continue by presenting the simulated results of our attack. Finally, we detail the results of our attack realised on a DES implemented on a smart card thus confirming its practical feasibility.