Advertisement

Detecting Hidden Leakages

  • Amir Moradi
  • Sylvain Guilley
  • Annelie Heuser
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8479)

Abstract

Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

Keywords

Side-channel analysis leakage detection variance test NICV correlation-collision CPA hidden models linear regression 

References

  1. 1.
    Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential Cluster Analysis. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 112–127. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual Information Analysis: a Comprehensive Study. J. Cryptology 24(2), 269–291 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Belgarric, P., Bhasin, S., Bruneau, N., Danger, J.-L., Debande, N., Guilley, S., Heuser, A., Najm, Z., Rioul, O.: Time-Frequency Analysis for Second-Order Attacks. In: CARDIS 2013. LNCS. Springer (2013)Google Scholar
  4. 4.
    Bhasin, S., Carlet, C., Guilley, S.: Theory of masking with codewords in hardware: low-weight dth-order correlation-immune Boolean functions. Cryptology ePrint Archive, Report 2013/303 (2013), http://eprint.iacr.org/2013/303/
  5. 5.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: Normalized Inter-Class Variance for Detection of Side-Channel Leakage. In: International Symposium on Electromagnetic Compatibility (EMC 2014), Tokyo, May 12-16. IEEE (2014); Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, Tokyo, JapanGoogle Scholar
  6. 6.
    Bogdanov, A.: Improved Side-Channel Collision Attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A.: Multiple-Differential Side-Channel Collision Attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 30–44. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved Collision-Correlation Power Analysis on First Order Protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S.: Higher Order Masking of Look-up Tables. Cryptology ePrint Archive, Report 2013/700 (2013), http://eprint.iacr.org/
  12. 12.
    Coron, J.-S., Goubin, L.: On Boolean and Arithmetic Masking against Differential Power Analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Coron, J.-S., Prouff, E., Rivain, M.: Side Channel Cryptanalysis of a Higher Order Masking Scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Courtois, N., Goubin, L.: An Algebraic Masking Method to Protect AES Against Power Attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 199–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Dabosville, G., Doget, J., Prouff, E.: A New Second-Order Side Channel Attack Based on Linear Regression. IEEE Trans. Computers 62(8), 1629–1640 (2013)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 167–182. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 221–234. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Golic, J.D., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop (September 2011), http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf
  21. 21.
    Grosso, V., Standaert, F.-X., Prouff, E.: Leakage Squeezing, Revisited. In: CARDIS 2013. LNCS. Springer (2013)Google Scholar
  22. 22.
    Kardaun, O.: Classical Methods of Statistics. Springer (2005)Google Scholar
  23. 23.
    Lerman, L., Medeiros, S.F., Bontempi, G., Markowitch, O.: A Machine Learning Approach Against a Masked AES. In: CARDIS 2013. LNCS, Springer (2013)Google Scholar
  24. 24.
    Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage Squeezing Countermeasure Against High-Order Attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 208–223. Springer, Heidelberg (2011), doi:10.1007/978-3-642-21040-2_14.CrossRefGoogle Scholar
  25. 25.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer (2007)Google Scholar
  26. 26.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Messerges, T.S.: Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois at Chicago, USA, 468 pages (2000)Google Scholar
  28. 28.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. 29.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-Enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Nassar, M., Guilley, S., Danger, J.-L.: Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 22–39. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  31. 31.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: DATE 2012, pp. 1173–1178. IEEE (2012)Google Scholar
  32. 32.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J. Cryptology 24(2), 292–321 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  33. 33.
    NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197 (November 2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  34. 34.
    Pan, J., den Hartog, J.I., Lu, J.: You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 178–192. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  35. 35.
    Prouff, E., Giraud, C., Aumônier, S.: Provably Secure S-Box Implementation Based on Fourier Transform. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 216–230. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  36. 36.
    Prouff, E., Rivain, M.: A Generic Method for Secure SBox Implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  37. 37.
    Prouff, E., Rivain, M., Bevan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Computers 58(6), 799–811 (2009)CrossRefMathSciNetGoogle Scholar
  38. 38.
    Prouff, E., Roche, T.: Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  39. 39.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  40. 40.
    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  41. 41.
    Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  42. 42.
    Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  43. 43.
    TELECOM ParisTech SEN research group, 4th edn. DPA Contest (2013-2014), http://www.DPAcontest.org/v4/
  44. 44.
    Tunstall, M., Whitnall, C., Oswald, E.: Masking Tables - An Underestimated Security Risk. In: FSE 2013. LNCS, vol. 8424, Springer (2014), http://eprint.iacr.org/2013/735
  45. 45.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  46. 46.
    Ye, X., Eisenbarth, T.: On the Vulnerability of Low Entropy Masking Schemes. In: CARDIS 2013. LNCS. Springer (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Amir Moradi
    • 1
  • Sylvain Guilley
    • 2
    • 3
  • Annelie Heuser
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany
  2. 2.TELECOM-ParisTech, Crypto Group (COMELEC dpt)ParisFrance
  3. 3.Secure-IC S.A.S.RennesFrance

Personalised recommendations