Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Bo...

Descripción completa

Detalles Bibliográficos
Autores principales: DeTrano, Alexander, Karimi, Naghmeh, Karri, Ramesh, Guo, Xiaofei, Carlet, Claude, Guilley, Sylvain
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Hindawi Publishing Corporation 2015
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4601566/
https://www.ncbi.nlm.nih.gov/pubmed/26491717
http://dx.doi.org/10.1155/2015/743618
_version_ 1782394567542177792
author DeTrano, Alexander
Karimi, Naghmeh
Karri, Ramesh
Guo, Xiaofei
Carlet, Claude
Guilley, Sylvain
author_facet DeTrano, Alexander
Karimi, Naghmeh
Karri, Ramesh
Guo, Xiaofei
Carlet, Claude
Guilley, Sylvain
author_sort DeTrano, Alexander
collection PubMed
description Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.
format Online
Article
Text
id pubmed-4601566
institution National Center for Biotechnology Information
language English
publishDate 2015
publisher Hindawi Publishing Corporation
record_format MEDLINE/PubMed
spelling pubmed-46015662015-10-21 Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets DeTrano, Alexander Karimi, Naghmeh Karri, Ramesh Guo, Xiaofei Carlet, Claude Guilley, Sylvain ScientificWorldJournal Research Article Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set. Hindawi Publishing Corporation 2015 2015-09-28 /pmc/articles/PMC4601566/ /pubmed/26491717 http://dx.doi.org/10.1155/2015/743618 Text en Copyright © 2015 Alexander DeTrano et al. https://creativecommons.org/licenses/by/3.0/ This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
spellingShingle Research Article
DeTrano, Alexander
Karimi, Naghmeh
Karri, Ramesh
Guo, Xiaofei
Carlet, Claude
Guilley, Sylvain
Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title_full Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title_fullStr Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title_full_unstemmed Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title_short Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
title_sort exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4601566/
https://www.ncbi.nlm.nih.gov/pubmed/26491717
http://dx.doi.org/10.1155/2015/743618
work_keys_str_mv AT detranoalexander exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets
AT kariminaghmeh exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets
AT karriramesh exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets
AT guoxiaofei exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets
AT carletclaude exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets
AT guilleysylvain exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets

Ejemplares similares