Exploiting small leakages in masks to turn a second-order attack into a first-order attack

Alexander Detrano, Sylvain Guilley, Xiaofei Guo, Naghmeh Karimi, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.

Original languageEnglish (US)
Title of host publicationHardware and Architectural Support for Security and Privacy, HASP 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450334839
DOIs
StatePublished - Jun 14 2015
Event4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015 - Portland, United States
Duration: Jun 14 2015 → …

Publication series

NameACM International Conference Proceeding Series
Volume14-June-2015

Other

Other4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015
Country/TerritoryUnited States
CityPortland
Period6/14/15 → …

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Exploiting small leakages in masks to turn a second-order attack into a first-order attack'. Together they form a unique fingerprint.

Cite this