Crucial pitfall of DPA Contest V4.2 implementation

Differential power analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA contest, denoted as V4.2, provides an improved implementation of the rotating S-box masking scheme where low-entropy boolean masking is combined with the shuffling technique to protect Advanced Encryption Standard implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original rotating S-box masking implementation. In this paper, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces. Copyright © 2017 John Wiley & Sons, Ltd.

[1]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[2]  Guy Lapalme,et al.  A systematic analysis of performance measures for classification tasks , 2009, Inf. Process. Manag..

[3]  Annelie Heuser,et al.  Intelligent Machine Homicide - Breaking Cryptographic Devices Using Support Vector Machines , 2012, COSADE.

[4]  Olivier Markowitch,et al.  A Machine Learning Approach Against a Masked AES , 2013, CARDIS.

[5]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[6]  William P. Marnane,et al.  Using templates to distinguish multiplications from squaring operations , 2011, International Journal of Information Security.

[7]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[8]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[9]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[10]  Thomas Eisenbarth,et al.  On the Vulnerability of Low Entropy Masking Schemes , 2013, CARDIS.

[11]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[12]  Olivier Markowitch,et al.  Power analysis attack: an approach based on machine learning , 2014, Int. J. Appl. Cryptogr..

[13]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[14]  Axel Poschmann,et al.  On the Security of RSM - Presenting 5 First- and Second-Order Attacks , 2014, COSADE.

[15]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.

[16]  Jasper G. J. van Woudenberg,et al.  Getting More from PCA: First Results of Using Principal Component Analysis for Extensive Power Analysis , 2012, CT-RSA.

[17]  Stefano Gregori,et al.  Power-smart system-on-chip architecture for embedded cryptosystems , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[18]  Stefan Mangard,et al.  Secure and Efficient Masking of AES - A Mission Impossible? , 2004, IACR Cryptol. ePrint Arch..

[19]  Elisabeth Oswald,et al.  The Myth of Generic DPA...and the Magic of Learning , 2014, CT-RSA.

[20]  Emmanuel Prouff,et al.  A Generic Method for Secure SBox Implementation , 2007, WISA.

[21]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[22]  Sylvain Guilley,et al.  Side-channel leakage and trace compression using normalized inter-class variance , 2014, IACR Cryptol. ePrint Arch..

[23]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[24]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[25]  Fernando Gehm Moraes,et al.  Current Mask Generation: A Transistor Level Security Against DPA Attacks , 2005, 2005 18th Symposium on Integrated Circuits and Systems Design.

[26]  Marc Joye,et al.  Side-Channel Analysis , 2005, Encyclopedia of Cryptography and Security.

[27]  Dirmanto Jap,et al.  Overview of machine learning based side-channel analysis methods , 2014, 2014 International Symposium on Integrated Circuits (ISIC).

[28]  Werner Schindler,et al.  On the Optimization of Side-Channel Attacks by Advanced Stochastic Methods , 2005, Public Key Cryptography.

[29]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[30]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[31]  Sylvain Guilley,et al.  Analysis and Improvements of the DPA Contest v4 Implementation , 2014, SPACE.

[32]  Sylvain Guilley,et al.  A low-entropy first-degree secure provable masking scheme for resource-constrained devices , 2013, WESS '13.

[33]  Shou-De Lin,et al.  An Unsupervised Learning Model to Perform Side Channel Attack , 2013, PAKDD.

[34]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[35]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[36]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[37]  Paul Dischamp,et al.  Power Analysis, What Is Now Possible , 2000, ASIACRYPT.

[38]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[39]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[40]  Andreas Ibing,et al.  Clustering Algorithms for Non-profiled Single-Execution Attacks on Exponentiations , 2013, CARDIS.

[41]  Frédéric Valette,et al.  Simple Power Analysis and Differential Power Analysis attacks are among the , 2022 .

[42]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[43]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[44]  Olivier Markowitch,et al.  A Time Series Approach for Profiling Attack , 2013, SPACE.

[45]  Avinash C. Kak,et al.  PCA versus LDA , 2001, IEEE Trans. Pattern Anal. Mach. Intell..

[46]  Kerstin Lemke-Rust,et al.  Efficient Template Attacks Based on Probabilistic Multi-class Support Vector Machines , 2012, CARDIS.

[47]  Zdenek Martinasek,et al.  Optimization of Power Analysis Using Neural Network , 2013, CARDIS.

[48]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[49]  Hermann Drexler,et al.  Improved Template Attacks , 2010 .

[50]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[51]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.