Differential Power Analysis in AES: A Crypto Anatomy

2008

Abstract Side channel attacks are a significant threat to the deployment of secure embedded systems. Differential power analysis is one of the powerful power analysis attacks, which can be exploited in secure devices such as smart cards, PDAs and mobile phones. Several researchers in the past have presented experiments and countermeasures for differential power analysis in AES cryptography, though none of them have described the attack in a step by step manner, covering all the aspects of the attack.

TELKOMNIKA Telecommunication Computing Electronics and Control, 2019

Cryptography is a science of creating a secret message and it is constantly developed. The development consists of attacking and defending the cryptography itself. Power analysis is one of many Side-Channel Analysis (SCA) attack techniques. Power analysis is an attacking technique that uses the information of a cryptographic hardware's power consumption. Power analysis is carried on by utilizing side-channel information to a vulnerability in a cryptographic algorithm. Power analysis also uses a mathematical model to recover the secret key of the cryptographic device. This research uses design research methodology as a research framework started from research clarification to descriptive study. In this research, power analysis attack is implemented to three symmetrical cryptographic algorithms: DES (Data Encryption Standard), AES (Advanced Encryption Standard), and BC3 (Block Cipher 3). The attack has successfully recovered 100% of AES secret key by using 500 traces and 75% DES secret key by using 320 traces. The research concludes that the power analysis attack using Pearson Correlation Coefficient (PCC) method produces more optimal result compared to a difference of means method.

2012 Second International Conference on Digital Information Processing and Communications (ICDIPC), 2012

Correlation power analysis, a method aiming to reveal the secrets of a cryptosystem, is based on one fixed time point of the captured power traces, which unveils the largest key dependent information leakage. In this paper, we propose a new power trace model based on communication theory to better understand and to efficiently exploit power traces in side channel attacks. Then, a new attack method denoted as Power Amount Analysis is proposed, which takes more time points into consideration compared to the correlation power analysis. Based on this trace model, we compare and discuss attack results produced by both methods at identical attack conditions. The superior efficiency of the Power Amount Analysis is demonstrated for an AES-128 encryption module. As an additional asset, this method features a high robustness in presence of randomly misaligned power traces.

Applied Sciences

This paper presents the employment of a DPA attack on the NIST (National Institute of Standards and Technology) standardized AES (advance encryption standard) protocol for key retrieval and prevention. Towards key retrieval, we applied the DPA attack on AES to obtain a 128-bit secret key by measuring the power traces of the computations involved in the algorithm. In resistance to the DPA attack, we proposed a countermeasure, or a new modified masking scheme, comprising (i) Boolean and (ii) multiplicative masking, for linear and non-linear operations of AES, respectively. Furthermore, we improved the complexity involved in Boolean masking by introducing Rebecca’s approximation. Moreover, we provide a novel solution to tackle the zero mask problem in multiplicative masking. To evaluate the power traces, we propose our custom correlation technique, which results in a decrease in the calculation time. The synthesis results for original implementation (without countermeasure) and inclusi...

Computers, Materials & Continua, 2022

The security of Internet of Things (IoT) is a challenging task for researchers due to plethora of IoT networks. Side Channel Attacks (SCA) are one of the major concerns. The prime objective of SCA is to acquire the information by observing the power consumption, electromagnetic (EM) field, timing analysis, and acoustics of the device. Later, the attackers perform statistical functions to recover the key. Advanced Encryption Standard (AES) algorithm has proved to be a good security solution for constrained IoT devices. This paper implements a simulation model which is used to modify the AES algorithm using logical masking properties. This invariant of the AES algorithm hides the array of bits during substitution byte transformation of AES. This model is used against SCA and particularly Power Analysis Attacks (PAAs). Simulation model is designed on MATLAB simulator. Results will give better solution by hiding power profiles of the IoT devices against PAAs. In future, the lightweight AES algorithm with false key mechanisms and power reduction techniques such as wave dynamic differential logic (WDDL) will be used to safeguard IoT devices against side channel attacks by using Arduino and field programmable gate array (FPGA).

2004

. As a consequence, there is a growing interest in efficient implementations of the AES. For many applications, these implementations need to be resistant against side channel attacks, that is, it should not be too easy to extract secret information from physical measurements on the device. This article presents the first results on the feasibility of power analysis attack against an AES hardware implementation. Our attack is targeted against an ASIC implementation of the AES developed by the ETH Zurich. We show how to build a reliable measurement setup and how to improve the correlation coefficients, i.e., the signal to noise ratio for our measurements. Our approach is also the first step to link a behavior HDL simulator generated simulated power measurements to real power measurements.

In this paper we propose a novel approach to reveal the information leakage of cryptosystems by means of a side-channel analysis of their power consumption. We therefore introduce first a novel power trace model based on communication theory to better understand and to efficiently exploit power traces in side-channel attacks. Then, we discuss a dedicated attack method denoted as Power Amount Analysis, which takes more time points into consideration compared to many other attack methods. We use the well-known Correlation Power Analysis method as the reference in order to demonstrate the figures of merit of the advocated analysis method. Then we perform a comparison of these analysis methods at identical attack conditions in terms of run time, traces usage, misalignment tolerance, and internal clock frequency effects. The resulting advantages of the novel analysis method are demonstrated by mounting both mentioned attack methods for an FPGA-based AES-128 encryption module.

Integration, the VLSI Journal, 2009

Designers and manufacturers of cryptographic devices are always worried about the vulnerability of their implementations in the presence of power analysis attacks. This article can be categorized into two parts. In the first part, two parameters are proposed to improve the accuracy of the latest hypothetical power consumption model, so-called toggle-count model, which is used in power analysis attacks. Comparison between our proposed model and the toggle-count model demonstrates a great advance, i.e., 16%, in the similarity of hypothetical power values to the corresponding values obtained by an analog simulation. It is supposed that the attacker would be able to build such an accurate power model. Thus, in the second part of this article we aim at evaluating the vulnerability of implementations to power analysis attacks which make use of our proposed power model. Simple power analysis, various types of differential power analysis, and correlation power analysis are taken into account. Then, some techniques are proposed to examine the vulnerability of implementations to such kinds of power analysis attacks.

2015 International Conference on Computational Science and Computational Intelligence (CSCI), 2015

Small embedded devices such as microcontrollers have been widely used for identification, authentication, securing and storing sensitive information. In all these applications, the security and privacy of the microcontrollers are of crucial importance. To provide strong security to protect data, these devices depend on cryptographic algorithms to ensure confidentiality and integrity of data. Moreover, many algorithms have been proposed, with each one having its strength and weaknesses. This paper presents a Differential Power Analysis(DPA) attack on hardware implementations of Advanced Encryption Standard(AES) running inside a PIC18F2420 microcontroller.

IET Information Security, 2011

In this study, the authors examine the relationship between and the efficiency of different approaches to standard (univariate) differential power analysis (DPA) attacks. The authors first show that, when fed with the same assumptions about the target device (i.e. with the same leakage model), the most popular approaches such as using a distance-of-means test, correlation analysis and Bayes attacks are essentially equivalent in this setting. Differences observed in practice are not because of differences in the statistical tests but because of statistical artefacts. Then, the authors establish a link between the correlation coefficient and the conditional entropy in side-channel attacks. In a first-order attack scenario, this relationship allows linking currently used metrics to evaluate standard DPA attacks (such as the number of power traces needed to perform a key recovery) with an information theoretic metric (the mutual information). The authors results show that in the practical scenario defined formally in this study, both measures are equally suitable to compare devices with respect to their susceptibility to DPA attacks. Together with observations regarding key and algorithm independence the authors consequently extend theoretical strategies for the sound evaluation of leaking devices towards the practice of side-channel attacks.