Two Power Analysis Attacks against One-Mask Methods
Mehdi-Laurent Akkar2004, Lecture Notes in Computer Science
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In order to protect a cryptographic algorithm against Power Analysis attacks, a well-known method consists in hiding all the internal data with randomly chosen masks. Following this idea, an AES implementation can be protected against Differential Power Analysis (DPA) by the "Transformed Masking Method", proposed by Akkar and Giraud at CHES'2001, requiring two distinct masks. At CHES'2002, Trichina, De Seta and Germani suggested the use of a single mask to improve the performances of the protected implementation. We show here that their countermeasure can still be defeated by usual first-order DPA techniques. In another direction, Akkar and Goubin introduced at FSE'2003 a new countermeasure for protecting secret-key cryptographic algorithms against high-order differential power analysis (HO-DPA). As particular case, the "Unique Masking Method" is particularly well suited to the protection of DES implementations. However, we prove in this paper that this method is not sufficient, by exhibiting a (first-order) enhanced differential power analysis attack. We also show how to avoid this new attack.
Related papers
A Low-Overhead Countermeasure against Differential Power Analysis for AES Block Cipher
Applied Sciences
This paper presents the employment of a DPA attack on the NIST (National Institute of Standards and Technology) standardized AES (advance encryption standard) protocol for key retrieval and prevention. Towards key retrieval, we applied the DPA attack on AES to obtain a 128-bit secret key by measuring the power traces of the computations involved in the algorithm. In resistance to the DPA attack, we proposed a countermeasure, or a new modified masking scheme, comprising (i) Boolean and (ii) multiplicative masking, for linear and non-linear operations of AES, respectively. Furthermore, we improved the complexity involved in Boolean masking by introducing Rebecca’s approximation. Moreover, we provide a novel solution to tackle the zero mask problem in multiplicative masking. To evaluate the power traces, we propose our custom correlation technique, which results in a decrease in the calculation time. The synthesis results for original implementation (without countermeasure) and inclusi...
On Boolean and Arithmetic Masking against Differential Power Analysis
Lecture Notes in Computer Science, 2000
Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, Thomas Messerges recently proposed a general method that "masks" all the intermediate data. This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA. However, for algorithms that combine Boolean and arithmetic functions, such as IDEA or several of the AES candidates, two different kinds of masking have to be used. There is thus a need for a method to convert back and forth between Boolean masking and arithmetic masking. In the present paper, we show that the 'BooleanToArithmetic' algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis. In a similar way, the 'ArithmeticToBoolean' algorithm is not secure either.
A Generic Protection against High-Order Differential Power Analysis
Fast Software Encryption, 2003
Differential Power Analysis (DPA) on smart-cards was introduced by Paul Kocher [11] in 1998. Since, many countermeasures have been introduced to protect cryptographic algorithms from DPA attacks. Unfortunately these features are known not to be efficient against high order DPA (even of second order). In these paper we will first describe new specialized first order attack and remind how are working high order DPA attacks. Then we will show how these attacks can be applied to two usual actual countermeasures. Eventually we will present a method of protection (and apply it to the DES) which seems to be secure against any order DPA type attacks. The figures of a real implementation of this method will be given too.
On the masking countermeasure and higher-order power analysis attacks
2005
Masking is a general method used to thwart Differential Power Analysis, in which all the intermediate data inside an implementation are XORed with random Boolean values. As a consequence, the power consumption of the running implementation becomes unpredictable, making first-order power analysis attacks unpractical. Several recent works have shown that such protected designs are still susceptible to higher-order power analysis attacks. In this paper, we propose an extension of the previously introduced higher-order techniques, based on a more general power consumption model, and evaluate its actual feasibility. In particular, we discuss the number of power traces required to mount successful attacks. We also illustrate how this number is affected by parallel computations, making certain implementation contexts (e.g. smart cards, 8-bit processors) more susceptible than others (e.g. FPGAs, ASICs).
Differential Power Analysis in AES: A Crypto Anatomy
International Journal of Engineering and Industries, 2011
Embedded systems are ubiquitous and are utilised for secure transactions. It is apparent that cashless wallets are the only future forward as handheld devices are already popular for payments. Side channel attacks are a significant threat to the deployment of secure embedded systems. Differential Power Analysis is one of the powerful power analysis attacks, which can be exploited in secure devices such as smart cards, PDAs and mobile phones. Several researchers in the past have presented experiments and countermeasures for Differential Power Analysis in AES cryptography, though none of them have described the attack in a step by step manner, covering all the aspects of the attack. Some of the important missing segments are the consideration of pipelines, analysis of the power profile to locate the points of attack, the correspondence of the source code, its assembly representation, and the point of attack. In this journal we describe in detail a step-wise explanation of the Differential Power Analysis of an AES implementation, with all of the aspects identified above.
One for all – all for one: unifying standard differential power analysis attacks
IET Information Security, 2011
In this study, the authors examine the relationship between and the efficiency of different approaches to standard (univariate) differential power analysis (DPA) attacks. The authors first show that, when fed with the same assumptions about the target device (i.e. with the same leakage model), the most popular approaches such as using a distance-of-means test, correlation analysis and Bayes attacks are essentially equivalent in this setting. Differences observed in practice are not because of differences in the statistical tests but because of statistical artefacts. Then, the authors establish a link between the correlation coefficient and the conditional entropy in side-channel attacks. In a first-order attack scenario, this relationship allows linking currently used metrics to evaluate standard DPA attacks (such as the number of power traces needed to perform a key recovery) with an information theoretic metric (the mutual information). The authors results show that in the practical scenario defined formally in this study, both measures are equally suitable to compare devices with respect to their susceptibility to DPA attacks. Together with observations regarding key and algorithm independence the authors consequently extend theoretical strategies for the sound evaluation of leaking devices towards the practice of side-channel attacks.
Modified Current Mask Generation (M-CMG): An Improved Countermeasure Against Differential Power Analysis Attacks
The cryptographic devices have found their way into a wide range of application, and their security has reached great research importance. It has been proved that encryption device leaks some information, which can be exploited by various attacks such as differential power analysis (DPA). To protect an Advanced Encryption Standard (AES) implementation from DPA without any modification of the cryptographic algorithm implemented, we can use the Current Masking Generation (CMG). The CMG countermeasure consists of stabilizing the power consumption, but she cannot resist to the problems temperature variations and early effect. The goal of this paper is to update the CMG with the Modified-Current Masking Generation (M-CMG) taking into account the old problem.
An Implementation of DES and AES, Secure against Some Attacks
Lecture Notes in Computer Science, 2001
Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.
A new dynamic differential logic style as a countermeasure to power analysis attacks
Proceedings of the 15th IEEE International Conference on Electronics, Circuits and Systems, ICECS 2008, 2008
Power analysis attacks exploit the existence of "side channels" in implementations of cryptographic algorithms to extract secret data. The scientific literature reports consolidated methods -such as Differential Power Analysis (DPA) and Simple Power Analysis (SPA) -for extracting a secret cryptographic key through the sensing of the hardware power consumption. We propose a novel dynamic and differential CMOS logic style as a countermeasure against power attacks on cryptographic devices. The proposed logic family exploits the idea of using signals with 3 possible states and operates with power consumption ideally independent on both the logic values and the sequence of data. We have designed a set of logic gates, flip flops and a simple S-BOX, and compared the S-BOX against previously published secure logic styles in terms of transistor count, power consumption and correlation between data and power dissipation.
Invariant of Enhanced AES Algorithm Implementations Against Power Analysis Attacks
Computers, Materials & Continua, 2022
The security of Internet of Things (IoT) is a challenging task for researchers due to plethora of IoT networks. Side Channel Attacks (SCA) are one of the major concerns. The prime objective of SCA is to acquire the information by observing the power consumption, electromagnetic (EM) field, timing analysis, and acoustics of the device. Later, the attackers perform statistical functions to recover the key. Advanced Encryption Standard (AES) algorithm has proved to be a good security solution for constrained IoT devices. This paper implements a simulation model which is used to modify the AES algorithm using logical masking properties. This invariant of the AES algorithm hides the array of bits during substitution byte transformation of AES. This model is used against SCA and particularly Power Analysis Attacks (PAAs). Simulation model is designed on MATLAB simulator. Results will give better solution by hiding power profiles of the IoT devices against PAAs. In future, the lightweight AES algorithm with false key mechanisms and power reduction techniques such as wave dynamic differential logic (WDDL) will be used to safeguard IoT devices against side channel attacks by using Arduino and field programmable gate array (FPGA).
Related papers
1On the Masking Countermeasure and Higher-Order Power Analysis Attacks
2016
— Masking is a general method used to thwart Dif-ferential Power Analysis, in which all the intermediate data inside an implementation are XORed with random Boolean values. As a consequence, the power consumption of the running implementation becomes unpredictable, making first-order power analysis attacks unpractical. Several recent works have shown that such protected designs are still susceptible to higher-order power analysis attacks. In this paper, we propose an extension of the previously introduced higher-order techniques, based on a more general power consumption model, and evaluate its actual feasibility. In particular, we discuss the number of power traces required to mount successful attacks. We also illustrate how this number is affected by parallel computations, making certain implementation contexts (e.g. smart cards, 8-bit processors) more susceptible than others (e.g. FPGAs, ASICs). I.
DES and Differential Power Analysis The “Duplication” Method
Cryptographic Hardware and Embedded Systems, 1999
Paul Kocher recently developped attacks based on the electric consumption of chips that perform cryptographic computations. Among those attacks, the "Differential Power Analysis" (DPA) is probably one of the most impressive and most difficult to avoid. In this paper, we present several ideas to resist this type of attack, and in particular we develop one of them which leads, interestingly, to rather precise mathematical analysis. Thus we show that it is possible to build an implementation that is provably DPA-resistant, in a "local" and restricted way (i.e. when-given a chip with a fixed key-the attacker only tries to detect predictable local deviations in the differentials of mean curves). We also briefly discuss some more general attacks, that are sometimes efficient whereas the "original" DPA fails. Many measures of consumption have been done on real chips to test the ideas presented in this paper, and some of the obtained curves are printed here.
An Algebraic Masking Method to Protect AES Against Power Attacks
Lecture Notes in Computer Science, 2006
The central question in constructing a secure and efficient masking method for AES is to address the interaction between additive masking and the inverse S-box of Rijndael. All recently proposed methods to protect AES against power attacks try to avoid this problem and work by decomposing the inverse in terms of simpler operations that are more easily protected against DPA by generic methods. In this paper, for the first time, we look at the problem in the face, and show that this interaction is not as intricate as it seems. In fact, any operation, even complex, can be directly protected against DPA of any given order, if it can be embedded in a group that has a compact representation. We show that a secure computation of a whole masked inverse can be done directly in this way, using the group of homographic transformations over the projective space (but not exactly, with some non-trivial technicalities). This is used to propose a general high-level algebraic method to protect AES against power attacks of any given order.
First-Order Differential Power Analysis on the Duplication Method
Lecture Notes in Computer Science
Cryptographic embedded systems are vulnerable to Differential Power Analysis (DPA). In particular, the S-boxes of a block cipher are known to be the most sensitive parts with respect to this very kind of attack. While many sound countermeasures have been proposed to withstand this weakness, most of them are too costly to be adopted in real-life implementations of cryptographic algorithms. In this paper, we focus on a widely adopted lightweight variation on the well-known Duplication Method. While it is known that this design is vulnerable to higher-order DPA attacks, we show that it can also be efficiently broken by first-order DPA attacks. Finally, we point out ad hoc costless countermeasures that circumvent our attacks.
On Second-Order Differential Power Analysis
Lecture Notes in Computer Science, 2005
Differential Power Analysis (DPA) is a powerful cryptanalytic technique aiming at extracting secret data from a cryptographic device by collecting power consumption traces and averaging over a series of acquisitions. In order to prevent the leakage, hardware designers and software programmers make use of masking techniques (a.k.a. data whitening methods). However, the resulting implementations may still succumb to second-order DPA. Several recent papers studied secondorder DPA but, although the conclusions that are drawn are correct, the analysis is not. This paper fills the gap by providing an exact analysis of second-order DPA as introduced by Messerges. It also considers several generalizations, including an extended analysis in the more general Hammingdistance model.
Anatomy of Differential Power Analysis for AES
2008
Abstract Side channel attacks are a significant threat to the deployment of secure embedded systems. Differential power analysis is one of the powerful power analysis attacks, which can be exploited in secure devices such as smart cards, PDAs and mobile phones. Several researchers in the past have presented experiments and countermeasures for differential power analysis in AES cryptography, though none of them have described the attack in a step by step manner, covering all the aspects of the attack.
An Efficient Hardware Countermeasure against Differential Power Analysis Attack
… and Hybrid Information …, 2011
Extensive research on modern cryptography ensures significant mathematical immunity to conventional cryptographic attacks. However, power consumption in cryptographic hardware leak secret information. Differential power analysis attack (DPA) is such a powerful tool to extract the secret key from cryptographic devices. To defend against these DPA attacks, hiding and masking methods are widely used. But these methods increase high area overhead and performance degradation in hardware implementation. In this aspect, this paper proposes a hardware countermeasure circuit, which, is integrated hardware module with the intermediate stages in S-Box. The countermeasure circuit utilizes the dynamic power dissipation characteristics of CMOS and provides countermeasure against DPA attacks.
Multi-Linear cryptanalysis in Power Analysis Attacks MLPA
Computing Research Repository - CORR, 2009
Power analysis attacks against embedded secret key cryptosystems are widely studied since the seminal paper of Paul Kocher, Joshua Ja, and Benjamin Jun in 1998 where has been introduced the powerful Differential Power Analysis. The strength of DPA is such that it became necessary to develop sound and efficient countermeasures. Nowadays embedded cryptographic primitives usually integrate one or several of these countermeasures (e.g. masking techniques, asynchronous designs, balanced dynamic dual-rail gates designs, noise adding, power consumption smoothing, etc. ...). This document presents a simple, yet interesting, countermeasure to DPA and HO-DPA attacks, called brutal countermeasure and new power analysis attacks using multi-linear approximations (MLPA attacks) based on very recent and still unpublished results of Tavernier et al..
Increasing Resistance Against Power Analysis Attacks Using Dual Key Scheme
Pakistan Journal of Engineering and Applied Sciences, 2016
Execution of a mathematically secure encryption algorithm on hardware is known to leak certain information to the side channels of the hardware. These side channels include current consumed from power supply and electromagnetic radiation emitted from cryptographic hardware. The information thus leaked can be utilized to mount an attack to reveal secret information about the algorithm (e.g. encryption key). This method of extracting the information is broadly classified as “Side Channel Attacks”. A type of side channel attack called “Power Analysis” utilizes the power/current consumed information as a source of information leakage. Several measures including “hiding” have been proposed to counter these attacks. These counter measures are based upon inserting randomness or consuming nearly constant current thus reducing the value of this information. In this research, we propose a new hiding countermeasure which uses dual keys to perform cryptographic operations. This method cannot be...
On Practical Second-Order Power Analysis Attacks for Block Ciphers
Lecture Notes in Computer Science, 2010
We propose a variant for a published second-order power analysis attack [1] on a software masked implementation of AES-128 [2]. Our approach can, with reduced complexity, produce the same result as the original one, without requiring any additional tool. The validity of the proposed variant is confirmed by experiments, whose results allow for a comparison between the two approaches.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.