Publication detail

Crucial pitfall of DPA Contest V4.2 Implementation

MARTINÁSEK, Z. IGLESIAS, F. MALINA, L. MARTINÁSEK, J.

Original Title

Crucial pitfall of DPA Contest V4.2 Implementation

English Title

Crucial pitfall of DPA Contest V4.2 Implementation

Type

journal article in Web of Science

Language

en

Original Abstract

Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation. In this article, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.

English abstract

Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation. In this article, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.

Keywords

Power analysis; DPA Contest; Masking; RSM; DPA

Released

24.01.2017

Publisher

Wiley

ISBN

1939-0122

Periodical

Security and Communication Networks (online)

Year of study

9

Number

18

State

GB

Pages from

1

Pages to

17

Pages count

17

URL

Documents

BibTex


@article{BUT136730,
  author="Zdeněk {Martinásek} and Felix {Iglesias} and Lukáš {Malina} and Josef {Martinásek}",
  title="Crucial  pitfall of DPA Contest V4.2 Implementation",
  annote="Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations.
In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques.
DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions.
The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card.
The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4.
Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation.
In this article, we investigate the security of this new implementation in practice.
Our analysis, focused on exploiting the first-order leakage, discovered important lacks.
The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used.
We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.
",
  address="Wiley",
  chapter="136730",
  doi="10.1002/sec.1760",
  howpublished="online",
  institution="Wiley",
  number="18",
  volume="9",
  year="2017",
  month="january",
  pages="1--17",
  publisher="Wiley",
  type="journal article in Web of Science"
}