Exploiting small leakages in masks to turn a second-order attack into a first-order attack

Alexander Detrano; Sylvain Guilley; Xiaofei Guo; Naghmeh Karimi; Ramesh Karri

doi:10.1145/2768566.2768573

Exploiting small leakages in masks to turn a second-order attack into a first-order attack

Alexander Detrano, Sylvain Guilley, Xiaofei Guo, Naghmeh Karimi, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.

Original language	English (US)
Title of host publication	Hardware and Architectural Support for Security and Privacy, HASP 2015
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450334839
DOIs	https://doi.org/10.1145/2768566.2768573
State	Published - Jun 14 2015
Event	4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015 - Portland, United States Duration: Jun 14 2015 → …

Publication series

Name	ACM International Conference Proceeding Series
Volume	14-June-2015

Other

Other	4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015
Country/Territory	United States
City	Portland
Period	6/14/15 → …

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/2768566.2768573

Cite this

Detrano, A., Guilley, S., Guo, X., Karimi, N., & Karri, R. (2015). Exploiting small leakages in masks to turn a second-order attack into a first-order attack. In Hardware and Architectural Support for Security and Privacy, HASP 2015 Article a7 (ACM International Conference Proceeding Series; Vol. 14-June-2015). Association for Computing Machinery. https://doi.org/10.1145/2768566.2768573

Exploiting small leakages in masks to turn a second-order attack into a first-order attack. / Detrano, Alexander; Guilley, Sylvain; Guo, Xiaofei et al.
Hardware and Architectural Support for Security and Privacy, HASP 2015. Association for Computing Machinery, 2015. a7 (ACM International Conference Proceeding Series; Vol. 14-June-2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Detrano, A, Guilley, S, Guo, X, Karimi, N & Karri, R 2015, Exploiting small leakages in masks to turn a second-order attack into a first-order attack. in Hardware and Architectural Support for Security and Privacy, HASP 2015., a7, ACM International Conference Proceeding Series, vol. 14-June-2015, Association for Computing Machinery, 4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015, Portland, United States, 6/14/15. https://doi.org/10.1145/2768566.2768573

@inproceedings{689c4d0f2da0483d8166ba9c685d1c16,

title = "Exploiting small leakages in masks to turn a second-order attack into a first-order attack",

abstract = "Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.",

author = "Alexander Detrano and Sylvain Guilley and Xiaofei Guo and Naghmeh Karimi and Ramesh Karri",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; 4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015 ; Conference date: 14-06-2015",

year = "2015",

month = jun,

day = "14",

doi = "10.1145/2768566.2768573",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "Hardware and Architectural Support for Security and Privacy, HASP 2015",

}

TY - GEN

T1 - Exploiting small leakages in masks to turn a second-order attack into a first-order attack

AU - Detrano, Alexander

AU - Guilley, Sylvain

AU - Guo, Xiaofei

AU - Karimi, Naghmeh

AU - Karri, Ramesh

PY - 2015/6/14

Y1 - 2015/6/14

N2 - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.

AB - Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.

UR - http://www.scopus.com/inward/record.url?scp=84962572266&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962572266&partnerID=8YFLogxK

U2 - 10.1145/2768566.2768573

DO - 10.1145/2768566.2768573

M3 - Conference contribution

AN - SCOPUS:84962572266

T3 - ACM International Conference Proceeding Series

BT - Hardware and Architectural Support for Security and Privacy, HASP 2015

PB - Association for Computing Machinery

T2 - 4th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2015

Y2 - 14 June 2015

ER -

Exploiting small leakages in masks to turn a second-order attack into a first-order attack

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this