Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets

Alexander DeTrano, Naghmeh Karimi, Ramesh Karri, Xiaofei Guo, Claude Carlet, Sylvain Guilley

Research output: Contribution to journalArticle

Abstract

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.

Original languageEnglish (US)
Article number743618
JournalThe Scientific World Journal
Volume2015
DOIs
StatePublished - 2015

Fingerprint

Masks
leakage
substitution
Substitution reactions
targeting
Cryptography
entropy
software
Entropy
Software
Data storage equipment
code
rate
method
state of the art

ASJC Scopus subject areas

  • Biochemistry, Genetics and Molecular Biology(all)
  • Environmental Science(all)
  • Medicine(all)

Cite this

Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets. / DeTrano, Alexander; Karimi, Naghmeh; Karri, Ramesh; Guo, Xiaofei; Carlet, Claude; Guilley, Sylvain.

In: The Scientific World Journal, Vol. 2015, 743618, 2015.

Research output: Contribution to journalArticle

@article{461bcb352a064829bc74329c878aa209,
title = "Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets",
abstract = "Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91{\%} success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.",
author = "Alexander DeTrano and Naghmeh Karimi and Ramesh Karri and Xiaofei Guo and Claude Carlet and Sylvain Guilley",
year = "2015",
doi = "10.1155/2015/743618",
language = "English (US)",
volume = "2015",
journal = "The Scientific World Journal",
issn = "1537-744X",
publisher = "Hindawi Publishing Corporation",

}

TY - JOUR

T1 - Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets

AU - DeTrano, Alexander

AU - Karimi, Naghmeh

AU - Karri, Ramesh

AU - Guo, Xiaofei

AU - Carlet, Claude

AU - Guilley, Sylvain

PY - 2015

Y1 - 2015

N2 - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.

AB - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.

UR - http://www.scopus.com/inward/record.url?scp=84944472913&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84944472913&partnerID=8YFLogxK

U2 - 10.1155/2015/743618

DO - 10.1155/2015/743618

M3 - Article

VL - 2015

JO - The Scientific World Journal

JF - The Scientific World Journal

SN - 1537-744X

M1 - 743618

ER -