Template attack on masking AES based on fault sensitivity analysis

Fault Sensitivity Analysis (FSA) is an emerging fault based attack that utilizes the sensitive circuit delay information to retrieve keys. However, one of the major limitations of the existing FSA methods is that they are restricted to specific implementation of the AES S-box. In this paper, we introduce the notion of right or wrong collision rate to replace the current Hamming weight model. Based on this, we propose a novel template attack by injecting glitches simultaneously to two parallel S-boxes in AES. The proposed attack is independent of the implementation of the S-boxes. It expands the projections from 8 Hamming Weights to 256 different inputs of the S-box. Thus we eliminate the time consuming calculation process in the brute force searching for the same Hamming Weight. We implement the proposed attack and design experiments to verify these claims. Our template based FSA attack successfully breaks the AES algorithm with mask countermeasure. Furthermore, the number of plaintexts and the calculations are reduced in our method.