Side-Channel Attacks on SHA-1-Based Product Authentication ICs

To prevent product counterfeiting, a common practice is to cryptographically authenticate system components e.g., inkjet cartridges, batteries, or spare parts using dedicated ICs. In this paper, we analyse the security of two wide-spread examples for such devices, the DS28E01 and DS2432 SHA-1-based authentication ICs manufactured by Maxim Integrated. We show that the 64-bit secret can be fully extracted using non-invasive side-channel analysis with 1,800 and 1,200i??traces, respectively. Doing so, we present the, to our knowledge, first gray-box side-channel attack on real-world devices employing an HMAC-like construction. Our results highlight that there is an evident need for protection against implementation attacks also for the case of low-cost devices like product authentication ICs.

[1]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[2]  Lars Hoffmann,et al.  Differential Fault Analysis on the SHA1 Compression Function , 2011, 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[3]  Chao Li,et al.  Differential Fault Analysis on SHACAL-1 , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[4]  William P. Marnane,et al.  Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures , 2007, WISA.

[5]  Ronald L. Rivest,et al.  The invertibility of the XOR of rotations of a binary word , 2010, Int. J. Comput. Math..

[6]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[7]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[8]  Denis Réal,et al.  Practical Electromagnetic Template Attack on HMAC , 2009, CHES.

[9]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[10]  Luk Bettale,et al.  Differential power analysis of HMAC SHA-2 in the Hamming weight model , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).