Advertisement

Counteracting Power Analysis Attacks by Masking

  • Elisabeth Oswald
  • Stefan Mangard
Chapter
Part of the Integrated Circuits and Systems book series (ICIR)

Abstract

The publication of power analysis attacks [12] has triggered a lot of research activities. On the one hand these activities have been dedicated toward the development of secure and efficient countermeasures. On the other hand also new and improved attacks have been developed. In fact, there has been a continuous arms race between designers of countermeasures and attackers. This chapter provides a brief overview of the state-of-the art in the arms race in the context of a countermeasure called masking. Masking is a popular countermeasure that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking and that analyze weaknesses of this countermeasure.

Keywords

Smart Card Clock Cycle Block Cipher Cryptographic Algorithm Power Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M.-L. Akkar and C. Giraud. An implementation of DES and AES, secure against some attacks. In Ç. K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pages 309–318. Springer, 2001.Google Scholar
  2. 2.
    L. Benini, A. Galati, A. Macii, E. Macii, and M. Poncino. Energy-efficient data scrambling on memory-processor interfaces. In I. Verbauwhede and H. Roh, editors, International Symposium on Low Power Electronics and Design, 2003, Seoul, Korea, August 25–27, 2003, Proceedings, pages 26–29. ACM Press, 2003.Google Scholar
  3. 3.
    M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti. A power consumption randomization countermeasure for DPA-resistant cryptographic processors. In E. Macii, O. G. Koufopavlou, and V. Paliouras, editors, 14th International Workshop on Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation, PATMOS 2004, Santorini, Greece, September 15–17, 2004, Proceedings, volume 3254 of Lecture Notes in Computer Science, pages 481–490. Springer, 2004.Google Scholar
  4. 4.
    S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. A cautionary note regarding evaluation of AES candidates on smart-cards. In Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy, 1999.Google Scholar
  5. 5.
    J.-S. Coron and L. Goubin. On boolean and arithmetic masking against differential power analysis. In Ç. K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2000, Second International Workshop, Worcester, MA, USA, August 17–18, 2000, Proceedings, volume 1965 of Lecture Notes in Computer Science, pages 231–237. Springer, 2000.Google Scholar
  6. 6.
    R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille, M. Bardouillet, C. Buatois, and J.-B. Rigaud. Hardware engines for bus encryption: a survey of existing techniques. In 2005 Design, Automation and Test in Europe Conference and Exposition (DATE 2005), 7–11 March 2005, Munich, Germany, pages 40–45. IEEE Computer Society, 2005.Google Scholar
  7. 7.
    W. Fischer and B. M. Gammel. Masking at gate level in the presence of glitches. In J. R. Rao and B. Sunar, editors, Cryptographic Hardware and Embedded Systems – CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings, volume 3659 of Lecture Notes in Computer Science, pages 187–200. Springer, 2005.Google Scholar
  8. 8.
    J. D. Golić. DeKaRT: a new paradigm for key-dependent reversible circuits. In C. D. Walter, Ç. K. Koç, and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2003, 5th International Workshop, Cologne, Germany, September 8–10, 2003, Proceedings, volume 2779 of Lecture Notes in Computer Science, pages 98–112. Springer, 2003.Google Scholar
  9. 9.
    L. Goubin. A sound method for switching between boolean and arithmetic masking. In Ç. K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pages 3–15. Springer, 2001.Google Scholar
  10. 10.
    C. Herbst, E. Oswald, and S. Mangard. An AES smart card implementation resistant to power analysis attacks. In J. Zhou, M. Yung, and F. Bao, editors, Applied Cryptography and Network Security, Second International Conference, ACNS 2006, volume 3989 of Lecture Notes in Computer Science, pages 239–252. Springer, 2006.Google Scholar
  11. 11.
    S. M. Kay. Fundamentals of Statistical Signal Processing - Detection Theory. Signal Processing Series. Prentice Hall, 1st edition, 1998. ISBN 0-13-504135-X.Google Scholar
  12. 12.
    P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer, 1999.Google Scholar
  13. 13.
    S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer, 2007. ISBN 978-0-387-30857-9.Google Scholar
  14. 14.
    S. Mangard, T. Popp, and B. M. Gammel. Side-channel leakage of masked CMOS gates. In A. Menezes, editor, Topics in Cryptology - CT-RSA 2005, The Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, February 14–18, 2005, Proceedings, volume 3376 of Lecture Notes in Computer Science, pages 351–365. Springer, 2005.Google Scholar
  15. 15.
    D. May, H. L. Muller, and N. P. Smart. Random register renaming to foil DPA. In Ç. K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science Lecture Notes in Computer Science, pages 28–38. Springer, 2001.Google Scholar
  16. 16.
    E. Oswald and S. Mangard. Template attacks on masking–-resistance is futile. In Topics in Cryptology - CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, San Francisco, CA, USA, February 5–9, 2007, Proceedings, Lecture Notes in Computer Science. Springer, 2007.Google Scholar
  17. 17.
    E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen. A side-channel analysis resistant description of the AES S-box. In H. Gilbert and H. Handschuh, editors, Fast Software Encryption, 12th International Workshop, FSE 2005, Paris, France, February 21–23, 2005, Revised Selected Papers, volume 3557 of Lecture Notes in Computer Science, pages 413–423. Springer, 2005.Google Scholar
  18. 18.
    T. Popp and S. Mangard. Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In J. R. Rao and B. Sunar, editors, Cryptographic Hardware and Embedded Systems – CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 – September 1, 2005, Proceedings, volume 3659 of Lecture Notes in Computer Science, pages 172–186. Springer, 2005.Google Scholar
  19. 19.
    N. Pramstaller, E. Oswald, S. Mangard, F. K. Gürkaynak, and S. Haene. A masked AES ASIC implementation. In E. Ofner and M. Ley, editors, Austrochip 2004, Villach, Austria, October 8th, 2004, Proceedings, pages 77–82, 2004. ISBN 3-200-00211-5.Google Scholar
  20. 20.
    P. Schaumont and K. Tiri. Masking and dual-rail logic don’t add up. In P. Paillier and I. Verbauwhede, editors, Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10–13, 2007, Proceedings, volume 4727 of Lecture Notes in Computer Science, pages 95–106. Springer, 2007.Google Scholar
  21. 21.
    D. Suzuki and M. Saeki. Security evaluation of DPA countermeasures using dual-Rail pre-charge logic style. In Cryptographic Hardware and Embedded Systems – CHES 2006, 8th International Workshop,Yokohama, Japan, October 10–13, 2006, Proceedings, Lecture Notes in Computer Science. Springer, 2006.Google Scholar
  22. 22.
    D. Suzuki, M. Saeki, and T. Ichikawa. Random switching logic: a countermeasure against DPA based on transition probability. Cryptology ePrint Archive (http://eprint.iacr.org/), Report 2004/346, 2004.
  23. 23.
    K. Tiri and P. Schaumont. Changing the odds against masked logic. In Selected Areas in Cryptography, 13th International Workshop, SAC 2006, Montreal, Quebec, Canada, August 17–18, 2006, Lecture Notes in Computer Science. Springer, 2006. Available online at http://rijndael.ece.vt.edu/schaum/papers/2006sac.pdf.
  24. 24.
    J. Wolkerstorfer, E. Oswald, and M. Lamberger. An ASIC implementation of the AES SBoxes. In B. Preneel, editor, Topics in Cryptology - CT-RSA 2002, The Cryptographers’ Track at the RSA Conference 2002, San Jose, CA, USA, February 18–22, 2002, Proceedings, volume 2271 of Lecture Notes in Computer Science, pages 67–78. Springer, 2002.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Computer Science DepartmentUniversity of BristolBristolUK
  2. 2.Institute for Applied Information Processing and Communication, Graz University of TechnologyGrazAustria
  3. 3.Infineon Technologies AG, Security InnovationNeubibergGermany

Personalised recommendations