Papers by Mehdi-Laurent Akkar
Lecture Notes in Computer Science, 2001
Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have ... more Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.
Cryptographic Hardware and Embedded Systems — CHES 2001, 2001
Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have ... more Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.
Abstract. This paper describes a technology aiming at enforcing semiautomatically counter-measure... more Abstract. This paper describes a technology aiming at enforcing semiautomatically counter-measures against fault injection attacks of smart cards. This technology addresses in a generic way the whole software embedded on the card. In particular, it addresses threats going beyond cryptography-related parts of the embedded software, like threats against the firewall of the Java Card embedded virtual machine, the PIN code verification, etc. Counter-measures are automatically integrated to the source code at the pre-compilation step, according to a guideline defined by the programmer under the form of a set of directives included into the
En 1998, les attaques par consommation de courant et par injection de fautes commencaient a peine... more En 1998, les attaques par consommation de courant et par injection de fautes commencaient a peine a apparaitre. C'est ainsi que j'ai eu la chance de suivre,et de participer parfois, aux innovations qui ont conduit tant a mettre en oeuvre de nouvelles attaques, qu'a elaborer de nouvelles contre-mesures. Ce memoire de these presente mon travail tant d'un point de vue assez theorique (modele de consommation de la carte, protections theoriques, principes generaux de scenarios d'attaques) que pratique (verification de la theorie, implementations securisees, attaques reelles) sur les algorithmes usuels tels que le DES, l'AES ou le RSA. La plupart de ces resultats ont ete publies dans plusieurs conferences (Asiacrypt, CHES, FSE, PKC) et brevetes.
La presente invention concerne un systeme (100) comprenant un processeur (102) et une memoire viv... more La presente invention concerne un systeme (100) comprenant un processeur (102) et une memoire vive (RAM) (108) couplee au processeur. La RAM est divisee en une RAM non securisee (110) et une RAM securisee (112). Le systeme comprend aussi une memoire systeme (106) couplee au processeur. Ladite memoire systeme enregistre les instructions de redimensionnement de RAM (120) lesquelles, lors de leur execution, permettent un redimensionnement dynamique de la RAM non securisee et de la RAM securisee. La memoire systeme peut aussi enregistrer/restaurer les instructions de la RAM securisee (122) lesquelles, lors de leur execution, effectuent une operation d'enregistrement de la RAM securisee en memoire remanente et une operation de restauration de la RAM securisee a partir de la memoire remanente. La memoire systeme peut aussi enregistrer des instructions d'arbitrage (124) lesquelles, lors de leur execution, activent le partage d'un accelerateur cryptographique materiel (HWA) (130...
This paper describes a technology aiming at enforcing semiautomatically counter-measures against ... more This paper describes a technology aiming at enforcing semiautomatically counter-measures against fault injection attacks of smart cards. This technology addresses in a generic way the whole software embedded on the card. In particular, it addresses threats going beyond cryptography-related parts of the embedded software, like threats against the firewall of the Java Card embedded virtual machine, the PIN code verification, etc. Counter-measures are automatically integrated to the source code at the pre-compilation step, according to a guideline defined by the programmer under the form of a set of directives included into the source code.
Lecture Notes in Computer Science, 2002
Sflash is a multivariate signature scheme, and a candidate for standardisation, currently evaluat... more Sflash is a multivariate signature scheme, and a candidate for standardisation, currently evaluated by the European call for primitives Nessie. The present paper is about the design of a highly optimized implementation of Sflash on a low-cost 8-bit smart card (without coprocessor). On top of this, we will also present a method to protect the implementation protection against power attacks such as Differential Power Analysis. Our fastest implementation of Sflash takes 59 ms on a 8051 based CPU at 10MHz. Though the security of Sflash is not as well understood as for example for RSA, Sflash is apparently the fastest signature scheme known. It is suitable to implement PKI on low-cost smart card, token or palm devices. It allows also to propose secure low-cost payment/banking solutions.
Lecture Notes in Computer Science, 2003
Abstract. Differential Power Analysis (DPA) on smart-cards was intro-duced by Paul Kocher [11] in... more Abstract. Differential Power Analysis (DPA) on smart-cards was intro-duced by Paul Kocher [11] in 1998. Since, many countermeasures have been introduced to protect cryptographic algorithms from DPA attacks. Unfortunately these features are known not to be efficient against high ...
Lecture Notes in Computer Science, 2004
In order to protect a cryptographic algorithm against Power Analysis attacks, a well-known method... more In order to protect a cryptographic algorithm against Power Analysis attacks, a well-known method consists in hiding all the internal data with randomly chosen masks. Following this idea, an AES implementation can be protected against Differential Power Analysis (DPA) by the "Transformed Masking Method", proposed by Akkar and Giraud at CHES'2001, requiring two distinct masks. At CHES'2002, Trichina, De Seta and Germani suggested the use of a single mask to improve the performances of the protected implementation. We show here that their countermeasure can still be defeated by usual first-order DPA techniques. In another direction, Akkar and Goubin introduced at FSE'2003 a new countermeasure for protecting secret-key cryptographic algorithms against high-order differential power analysis (HO-DPA). As particular case, the "Unique Masking Method" is particularly well suited to the protection of DES implementations. However, we prove in this paper that this method is not sufficient, by exhibiting a (first-order) enhanced differential power analysis attack. We also show how to avoid this new attack.
Lecture Notes in Computer Science, 2000
Since Power Analysis on smart-cards was introduced by Paul Kocher [KJJ98], the validity of the mo... more Since Power Analysis on smart-cards was introduced by Paul Kocher [KJJ98], the validity of the model used for smart-cards has not been given much attention. In this paper, we first describe and analyze some different possible models. Then we apply these models to real components and clearly define what can be detected by power analysis (simple, differential, code reverse engineering...). We also study, from a statistical point of view, some new ideas to exploit these models to attack the card by power analysis. Finally we apply these ideas to set up real attacks on cryptographic algorithms or enhance existing ones.
Lecture Notes in Computer Science, 2001
Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have ... more Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.
Uploads
Papers by Mehdi-Laurent Akkar