Detail publikace

Crucial pitfall of DPA Contest V4.2 Implementation

Originální název

Crucial pitfall of DPA Contest V4.2 Implementation

Anglický název

Crucial pitfall of DPA Contest V4.2 Implementation

Jazyk

en

Originální abstrakt

Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation. In this article, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.

Anglický abstrakt

Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation. In this article, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.

BibTex


@article{BUT136730,
  author="Zdeněk {Martinásek} and Felix {Iglesias} and Lukáš {Malina} and Josef {Martinásek}",
  title="Crucial  pitfall of DPA Contest V4.2 Implementation",
  annote="Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations.
In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques.
DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions.
The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card.
The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4.
Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation.
In this article, we investigate the security of this new implementation in practice.
Our analysis, focused on exploiting the first-order leakage, discovered important lacks.
The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used.
We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.
",
  address="Wiley",
  chapter="136730",
  doi="10.1002/sec.1760",
  howpublished="online",
  institution="Wiley",
  number="18",
  volume="9",
  year="2017",
  month="january",
  pages="1--17",
  publisher="Wiley",
  type="journal article"
}