Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets
Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Bo...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2015-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2015/743618 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832554225723244544 |
|---|---|
| author | Alexander DeTrano Naghmeh Karimi Ramesh Karri Xiaofei Guo Claude Carlet Sylvain Guilley |
| author_facet | Alexander DeTrano Naghmeh Karimi Ramesh Karri Xiaofei Guo Claude Carlet Sylvain Guilley |
| author_sort | Alexander DeTrano |
| collection | DOAJ |
| description | Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set. |
| format | Article |
| id | doaj-art-79b59cda8a2b44f9bfd9fed100246d15 |
| institution | Kabale University |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2015-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-79b59cda8a2b44f9bfd9fed100246d152025-02-03T05:52:07ZengWileyThe Scientific World Journal2356-61401537-744X2015-01-01201510.1155/2015/743618743618Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code CosetsAlexander DeTrano0Naghmeh Karimi1Ramesh Karri2Xiaofei Guo3Claude Carlet4Sylvain Guilley5New York University, New York, NY 10012, USARutgers University, New Brunswick, NJ 08901, USANew York University, New York, NY 10012, USASecurity Center of Excellence, Intel Corporation, Hillsboro, OR 97124, USAParis 8 University, 93526 Saint-Denis, FranceTélécom ParisTech, 75634 Paris, FranceMasking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.http://dx.doi.org/10.1155/2015/743618 |
| spellingShingle | Alexander DeTrano Naghmeh Karimi Ramesh Karri Xiaofei Guo Claude Carlet Sylvain Guilley Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets The Scientific World Journal |
| title | Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets |
| title_full | Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets |
| title_fullStr | Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets |
| title_full_unstemmed | Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets |
| title_short | Exploiting Small Leakages in Masks to Turn a Second-Order Attack into a First-Order Attack and Improved Rotating Substitution Box Masking with Linear Code Cosets |
| title_sort | exploiting small leakages in masks to turn a second order attack into a first order attack and improved rotating substitution box masking with linear code cosets |
| url | http://dx.doi.org/10.1155/2015/743618 |
| work_keys_str_mv | AT alexanderdetrano exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets AT naghmehkarimi exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets AT rameshkarri exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets AT xiaofeiguo exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets AT claudecarlet exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets AT sylvainguilley exploitingsmallleakagesinmaskstoturnasecondorderattackintoafirstorderattackandimprovedrotatingsubstitutionboxmaskingwithlinearcodecosets |