A new zero value attack combined fault sensitivity analysis on masked AES

Recently, a new kind of fault-based attacks called fault sensitivity analysis (FSA) has been proposed, which has significant advantage over the traditional Differential Fault Attacks (DFA). However, the masking countermeasure could resist original FSA attack. In this paper, we first find the zero value sensitivity model in masked AES, and propose a new FSA method combined with zero value attack, which could break the masked AES S-box. To further verify our zero value method, successful attack experiments were conducted on a masked AES implemented in hardware. Experimental results and comparisons confirm that the zero value attack method is more efficient than other FSA methods because of retrieving the secret key by set up the experiment once with only one clock frequency. Moreover, the offline calculation of our zero value method is saved by eliminating the correlation coefficient calculations, and the 28 times searches in key guess process are also omitted in our method.