Single-Byte Error-Based Practical Differential Fault Attack on Bit-Sliced Lightweight Block Cipher PIPO

With the recent development of the Internet of Things (IoT), related device use is increasing rapidly. As a result, accessing and hijacking the devices is an increasing security threat. The challenges of side-channel security of IoT devices are having a way of coming to the surface due to this physical accessibility. Accordingly, there is active research on lightweight block ciphers to provide security even in resource-scarce environments situations such as IoT. The bit-sliced structure increases memory and time efficiency using an implementation method that replaces a lookup table with a bit-wise operation. Therefore, it is a widely-used design technique for lightweight block ciphers. In this paper, we show a differential fault attack study, a type of side-channel analysis, targeting bit-sliced block ciphers. In particular, it proposes a novel attack rationale on the recently proposed lightweight block cipher PIPO and shows that it applies sufficiently to other bit-sliced block ciphers. The proposed attack is based on a more alleviated attacker's assumption than the previously proposed attack, and it shows that less than 32 fewer fault ciphertext may fully recover the 128-bit of the PIPO 64/128 secret key. It proves that the attack is practical by verifying the attack through the actual electromagnetic fault injection. It also discusses the applicability of various bit-sliced block ciphers and shows how redundancy-based countermeasures might improve fault-robustness. Therefore, when using the bit-sliced block ciphers on IoT devices, we recommend applying appropriate countermeasures against fault injection attacks.