Skip to main content
SpringerLink
Log in

Physical Security Versus Masking Schemes

  • Chapter
Book cover Cyber-Physical Systems Security

Abstract

Numerous masking schemes have been designed as provable countermeasures against side-channel attacks. However, currently, several side-channel attack models coexist, such as “probing” and “bounded moment” models, at bit or word levels. From a defensive standpoint, it is thus unclear which protection strategy is the most relevant to adopt.

In this survey article, we review adversarial hypotheses and challenge masking schemes with respect to practical attacks. In a view to explain in a pedagogical way how to secure implementations, we highlight the key aspects to be considered when implementing a masking scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This highlights a very paradoxical modelization of software, even when is it straight line. A straight-line code is seen as sequential in software where it indeed consists in looping of the hardware accumulator register into itself when operations are chained in series. Obviously, the looping of the accumulator into itself only holds for basic controllers. Performance-oriented processors may behave in a more complex way—typically, the pipeline in a processor can break those loops.

  2. 2.

    We quote [12, p. 464]: “at-limited adversary is one that can observe at most t wires of the circuit within a certain time period (such as during one clock cycle).”

  3. 3.

    We quote footnote 6 page 464 of [12]: “By default, we allow the adversary to adaptively move its t probes between time periods, but not within a time period.” See also the complement given in [12, pp. 466–467]; we quote next: “Prior to each invocation, the adversary may fix an arbitrary set of t internal wires to which it will gain access in that invocation. We stress that while this choice may be adaptive between invocations, i.e., may depend on the outputs and on wire values observed in previous invocations, the adversary is assumed to be too slow to move its probes while the values propagate through the circuit.”

  4. 4.

    Notice that Fig. 4b purposely represents an incorrect masking scheme for an iterative block cipher (for the sake of counterexample) and shall not be implemented this way. Rather, in a secure version, the XOR demasking gate shall be enabled only for the last round (i.e., when round counter ω is equal to its maximal value Ω).

References

  1. J. Balasch, S. Faust, B. Gierlichs, Inner product masking revisited, in Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I, ed. by E. Oswald, M. Fischlin. Lecture Notes in Computer Science, vol. 9056 (Springer, Berlin, 2015), pp. 486–510

    Google Scholar 

  2. J. Balasch, S. Faust, B. Gierlichs, C. Paglialonga, F.-X. Standaert, Consolidating inner product masking, in Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part I, ed. by T. Takagi, T. Peyrin. Lecture Notes in Computer Science, vol. 10624 (Springer, Berlin, 2017), pp. 724–754

    Chapter  Google Scholar 

  3. S. Bhasin, S. Guilley, L. Sauvage, J.-L. Danger, Unrolling cryptographic circuits: a simple countermeasure against side-channel attacks, in Topics in Cryptology - CT-RSA 2010, The Cryptographers’ Track at the RSA Conference 2010, San Francisco, CA, USA, March 1–5, 2010. Proceedings, ed. by J. Pieprzyk. Lecture Notes in Computer Science, vol. 5985 (Springer, Berlin, 2010), pp. 195–207

    Chapter  Google Scholar 

  4. S. Bhasin, J.-L. Danger, S. Guilley, Z. Najm, Side-channel leakage and trace compression using normalized inter-class variance, in Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP ’14 (ACM, New York, 2014), pp. 7:1–7:9

    Google Scholar 

  5. J. Blömer, J. Guajardo, V. Krummel, Provably secure masking of AES, in Selected Areas in Cryptography, ed. by H. Handschuh, M.A. Hasan. Lecture Notes in Computer Science, vol. 3357 (Springer, Berlin, 2004), pp. 69–83

    Chapter  Google Scholar 

  6. J. Bringer, C. Carlet, H. Chabanne, S. Guilley, H. Maghrebi, Orthogonal direct sum masking: a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks. Cryptology ePrint Archive, Report 2014/665, 2014. http://eprint.iacr.org/2014/665/ (extended version of conference paper (J. Bringer, C. Carlet, H. Chabanne, S. Guilley, H. Maghrebi, Orthogonal direct sum masking – a smartcard friendly computation paradigm in a code, with builtin protection against side-channel and fault attacks, in WISTP International Conference on Information Security Theory and Practice. Lecture Notes in Computer Science, vol. 8501 (Springer, Berlin, 2014), pp. 40–56. Heraklion, Greece))

    Google Scholar 

  7. C. Carlet, S. Guilley, Statistical properties of side-channel and fault injection attacks using coding theory. Cryptogr. Commun. 10(5), 909–933 (2018). https://doi.org/10.1007/s12095-017-0271-4

    Article  MathSciNet  Google Scholar 

  8. J.-S. Coron, Higher order masking of look-up tables, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT, ed. by P.Q. Nguyen, E. Oswald. Lecture Notes in Computer Science, vol. 8441 (Springer, Berlin, 2014), pp. 441–458

    Chapter  Google Scholar 

  9. J.-L. Danger, S. Guilley, P. Nguyen, R. Nguyen, Y. Souissi, Analyzing security breaches of countermeasures throughout the refinement process in hardware design flow, in Design, Automation & Test in Europe Conference & Exhibition, DATE 2017, Lausanne, Switzerland, March 27–31, 2017, ed. by D. Atienza, G. Di Natale (IEEE, Piscataway, 2017), pp. 1129–1134

    Google Scholar 

  10. R.J. Easter, J.-P. Quemard, J. Kondo, Text for ISO/IEC 1st CD 17825 – Information technology – Security techniques – Non-invasive attack mitigation test metrics for cryptographic modules, March 22 2014. Prepared within ISO/IEC JTC 1/SC 27/WG 3. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=60612

  11. S. Guilley, A. Heuser, O. Rioul, Codes for side-channel attacks and protections, in Codes, Cryptology and Information Security - Second International Conference, C2SI 2017, Rabat, Morocco, April 10–12, 2017, Proceedings - In Honor of Claude Carlet, ed. by S. El Hajji, A. Nitaj, E.M. Souidi. Lecture Notes in Computer Science, vol. 10194 (Springer, Berlin, 2017), pp. 35–55

    Chapter  Google Scholar 

  12. Y. Ishai, A. Sahai, D. Wagner, Private circuits: securing hardware against probing attacks, in Annual International Cryptology Conference, CRYPTO. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 463–481. Santa Barbara, California

    Chapter  Google Scholar 

  13. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (Springer, Berlin, 2006). http://www.springer.com/. ISBN 0-387-30857-1, http://www.dpabook.org/

  14. A. Moradi, S. Guilley, A. Heuser, Detecting hidden leakages, in Applied Cryptography and Network Security, ed. by I. Boureanu, P. Owesarski, S. Vaudenay, vol. 8479 (Springer, Berlin, 2014). 12th International Conference on Applied Cryptography and Network Security, Lausanne, Switzerland

    Google Scholar 

  15. NIST/ITL/CSD, Data Encryption Standard. FIPS PUB 46-3, Oct 1999. http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  16. NIST/ITL/CSD, Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf (also ISO/IEC 18033-3:2010)

  17. K. Papagiannopoulos, N. Veshchikov, Mind the gap: towards secure 1st-order masking in software, in Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, Paris, France, COSADE (Springer, Berlin, 2017)

    Google Scholar 

  18. R. Poussier, Q. Guo, F.-X. Standaert, C. Carlet, S. Guilley, Connecting and improving direct sum masking and inner product masking, in Smart Card Research and Advanced Applications - 16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, ed. by Y. Teglia, T. Eisenbarth. Lecture Notes in Computer Science (Springer, Berlin, 2017)

    Google Scholar 

  19. R. Poussier, Q. Guo, F.-X. Standaert, C. Carlet, S. Guilley, Connecting and improving direct sum masking and inner product masking, in Smart Card Research and Advanced Applications - 16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, ed. by T. Eisenbarth, Y. Teglia. Lecture Notes in Computer Science, vol. 10728 (Springer, Berlin, 2017), pp. 123–141

    Chapter  Google Scholar 

  20. E. Prouff, M. Rivain, A generic method for secure SBox implementation, in International Workshop on Information Security Applications WISA, ed. by Sehun Kim, Moti Yung, and Hyung-Woo Lee. Lecture Notes in Computer Science, vol. 4867 (Springer, Berlin, 2007), pp. 227–244

    Chapter  Google Scholar 

  21. E. Prouff, M. Rivain, Masking against side-channel attacks: a formal security proof, in Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Proceedings, ed. by T. Johansson, P.Q. Nguyen. Lecture Notes in Computer Science, vol. 7881 (Springer, Berlin, 2013), pp. 142–159

    Google Scholar 

  22. M. Rivain, E. Prouff, Provably secure higher-order masking of AES, in International Workshop on Cryptographic Hardware and Embedded Systems, CHES, ed. by S. Mangard, F.-X. Standaert. Lecture Notes in Computer Science, vol. 6225 (Springer, Berlin, 2010), pp. 413–427

    Chapter  Google Scholar 

  23. W. Wang, F.-X. Standaert, Y. Yu, S. Pu, J. Liu, Z. Guo, D. Gu, Inner product masking for bitslice ciphers and security order amplification for linear leakages, in Smart Card Research and Advanced Applications - 15th International Conference, CARDIS 2016, Cannes, France, November 7–9, 2016, Revised Selected Papers, ed. by K. Lemke-Rust, M. Tunstall. Lecture Notes in Computer Science, vol. 10146 (Springer, Berlin, 2016), pp. 174–191

    Chapter  Google Scholar 

  24. V. Yli-Mäyry, N. Homma, T. Aoki, Improved power analysis on unrolled architecture and its application to PRINCE block cipher, in Lightweight Cryptography for Security and Privacy - 4th International Workshop, LightSec 2015, Bochum, Germany, September 10–11, 2015, Revised Selected Papers, ed. by T. Güneysu, G. Leander, A. Moradi. Lecture Notes in Computer Science, vol. 9542 (Springer, Berlin, 2015), pp. 148–163

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China under Grant (61472292, 61332019) and by the key technology research of new-generation high-speed and high-level security chip for smart grid (526816160015).

Author information

Authors and Affiliations

  1. Télécom ParisTech, Paris, France

    Jean-Luc Danger & Sylvain Guilley

  2. Secure-IC S.A.S., Cesson-Sévigné, France

    Jean-Luc Danger

  3. Secure-IC, Paris, France

    Sylvain Guilley

  4. École normale supérieure, Paris, France

    Sylvain Guilley

  5. CNRS, IRISA, Rennes, France

    Annelie Heuser

  6. INRIA, IRISA, Rennes, France

    Axel Legay

  7. Wuhan University, Wuhan, China

    Tang Ming

Authors
  1. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Annelie Heuser
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Axel Legay
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tang Ming
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Luc Danger .

Editor information

Editors and Affiliations

  1. İstinye University, İstanbul, Turkey

    Çetin Kaya Koç

  2. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Çetin Kaya Koç

  3. University of California Santa Barbara, Santa Barbara, CA, USA

    Çetin Kaya Koç

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Cite this chapter

Danger, JL., Guilley, S., Heuser, A., Legay, A., Ming, T. (2018). Physical Security Versus Masking Schemes. In: Koç, Ç.K. (eds) Cyber-Physical Systems Security. Springer, Cham. https://doi.org/10.1007/978-3-319-98935-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98935-8_13

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98934-1

  • Online ISBN: 978-3-319-98935-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation