Cryptanalysis of the CHES 2009/2010 Random Delay Countermeasure

Inserting random delays in cryptographic implementations is often used as a countermeasure against side-channel attacks. Most previ- ous works on the topic focus on improving the statistical distribution of these delays. For example, ecient random delay generation algorithms have been proposed at CHES 2009/2010. These solutions increase se- curity against attacks that solve the lack of synchronization between dierent leakage traces by integrating them. In this paper, we demon- strate that integration may not be the best tool to evaluate random delay insertions. For this purpose, we rst describe dierent attacks exploiting pattern recognition techniques and Hidden Markov Models. Using these tools, we succeed in cryptanalyzing a (straightforward) implementation of the CHES 2009/2010 proposal in an Atmel microcontroller, with the same data complexity as an unprotected implementation of the AES Ri- jndael. In other words, we completely cancel the countermeasure in this case. Next, we show that our cryptanalysis tools are remarkably robust to attack improved variants of the countermeasure, e.g. with additional noise or irregular dummy operations. We also exhibit that the attacks remain applicable in a non-proled adversarial scenario. Overall, these results suggest that the use of random delays may not be eective for pro- tecting small embedded devices against side-channel leakage. They also conrm the need of worst-case analysis in physical security evaluations.

[1]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[2]  Ingrid Verbauwhede,et al.  Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[3]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[4]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[5]  Denis Réal,et al.  Defeating Any Secret Cryptography with SCARE Attacks , 2010, LATINCRYPT.

[6]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[7]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[8]  Michael Tunstall,et al.  Efficient Use of Random Delays in Embedded Software , 2007, WISTP.

[9]  Jean-Sébastien Coron,et al.  An Efficient Method for Random Delay Generation in Embedded Software , 2009, CHES.

[10]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[11]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems – CHES 2016 , 2016, Lecture Notes in Computer Science.

[12]  Christof Paar,et al.  Building a Side Channel Based Disassembler , 2010, Trans. Comput. Sci..

[13]  Christof Paar,et al.  An Efficient Method for Eliminating Random Delays in Power Traces of Embedded Software , 2011, ICISC.

[14]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[15]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[16]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[17]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[18]  Akashi Satoh,et al.  DPA Using Phase-Based Waveform Matching against Random-Delay Countermeasure , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[19]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[20]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[21]  Denis Réal,et al.  SCARE of an Unknown Hardware Feistel Implementation , 2008, CARDIS.

[22]  Stefan Mangard,et al.  One for All - All for One: Unifying Standard DPA Attacks , 2009, IACR Cryptol. ePrint Arch..

[23]  Nigel P. Smart,et al.  Instruction stream mutation for non-deterministic processors , 2002, Proceedings IEEE International Conference on Application- Specific Systems, Architectures, and Processors.

[24]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[25]  Sylvain Guilley,et al.  Formal Framework for the Evaluation of Waveform Resynchronization Algorithms , 2011, WISTP.

[26]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[27]  Frédéric Valette,et al.  SCARE of the DES , 2005, ACNS.

[28]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.