Attacking Hardware AES with DFA
This work addresses the security of hardware AES implementations for embedded systems, demonstrating a practical attack that could compromise secure computing systems.
The authors tackled the problem of attacking a hardware AES accelerator with 256-bit keys using differential fault analysis (DFA), and they successfully recovered 278 real-world AES-256 keys from a secure computing system in hours with minimal cost.
We present the first practical attack on a hardware AES accelerator with 256 bit embedded keys using DFA. We identify the challenges of adapting well-known theoretical AES DFA models to hardware under attack from voltage fault injection and present solutions to those challenges. As a result, we managed to recover 278 real-world AES-256 keys from a secure computing system in a matter of hours with minimal cost.