Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets

Alexander DeTrano, Naghmeh Karimi, Ramesh Karri, Xiaofei Guo, Claude Carlet, Sylvain Guilley

Research output: Contribution to journalArticlepeer-review

Abstract

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box recomputation schemes but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second-order attack. Moreover, we show that this attack remains viable in a noisy environment or with a reduced number of leakage points. Eventually, we specify a method to enhance the countermeasure by selecting a suitable coset of the masks set.

Original languageEnglish (US)
Article number743618
JournalScientific World Journal
Volume2015
DOIs
StatePublished - 2015

ASJC Scopus subject areas

  • General Biochemistry, Genetics and Molecular Biology
  • General Environmental Science

Fingerprint

Dive into the research topics of 'Exploiting small leakages in masks to turn a second-order attack into a first-order attack and improved rotating substitution box masking with linear code cosets'. Together they form a unique fingerprint.

Cite this