. home.aspx



Protecting applications against DFA attacks

March 14, 2019 / Sam Kerr

2001 was an exciting time for cryptography, as the new Advanced Encryption Standard (AES) specification was finalized, making a mathematically secure and performant encryption algorithm available to the public. Designed to replace older cryptographic algorithms that were starting to show weaknesses in their math and being vulnerable to the increasing computing power available to attackers, AES put the power back in the hands of the those trying to protect their data. Attackers quickly recognized that brute force attacks and attacks on the math of AES were going to be ineffective and that they instead needed a new approach. With the first research paper on the topic published in 2002, Differential Fault Analysis, or DFA, is an attack technique that is designed to recover cryptographic keys from apps by injecting “faults” into the app’s crypto code at runtime and observing changes in the app’s behavior. A fault is essentially flipping a bit inside an internal calc...