TY - GEN
T1 - Exploiting small leakages in masks to turn a second-order attack into a first-order attack
AU - Detrano, Alexander
AU - Guilley, Sylvain
AU - Guo, Xiaofei
AU - Karimi, Naghmeh
AU - Karri, Ramesh
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/6/14
Y1 - 2015/6/14
N2 - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.
AB - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.
UR - http://www.scopus.com/inward/record.url?scp=84962572266&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962572266&partnerID=8YFLogxK
U2 - 10.1145/2768566.2768573
DO - 10.1145/2768566.2768573
M3 - Conference contribution
AN - SCOPUS:84962572266
T3 - ACM International Conference Proceeding Series
BT - Hardware and Architectural Support for Security and Privacy, HASP 2015
PB - Association for Computing Machinery
T2 - 4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015
Y2 - 14 June 2015
ER -