Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures

The HMAC algorithm is widely used to provide authentication and message integrity to digital communications. However, if the HMAC algorithm is implemented in embedded hardware, it is vulnerable to side-channel attacks. In this paper, we describe a DPA attack strategy for the HMAC algorithm, based on the SHA-2 hash function family. Using an implementation on a commercial FPGA board, we show that such attacks are practical in reality. In addition, we present a masked implementation of the algorithm, which is designed to counteract first-order DPA attacks.

[1]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[2]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[3]  Katsuyuki Okeya Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions , 2006, ACISP.

[4]  Tetsu Iwata,et al.  Side Channel Attacks on Message Authentication Codes , 2005, ESAS.

[5]  Jean-Sébastien Coron,et al.  A New Algorithm for Switching from Arithmetic to Boolean Masking , 2003, CHES.

[6]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005. Revised Selected Papers (Lecture Notes in Computer Science) , 2006 .

[7]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.

[8]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[9]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[10]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[11]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[12]  Jovan Dj. Golic Techniques for Random Masking in Hardware , 2007, IEEE Transactions on Circuits and Systems I: Regular Papers.

[13]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[14]  Arjen K. Lenstra Further progress in hashing cryptanalysis , 2005 .

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  Air Force Air Force Materiel Command Hq FIPS-PUB-180-1 , 1995 .

[17]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[18]  Christof Paar,et al.  DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction , 2004, CHES.

[19]  Stamatis Vassiliadis,et al.  Improving SHA-2 Hardware Implementations , 2006, CHES.

[20]  Ingrid Verbauwhede,et al.  FPGA Vendor Agnostic True Random Number Generator , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[21]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[22]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[23]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[24]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[25]  Jürgen Pulkus,et al.  Switching Blindings with a View Towards IDEA , 2004, CHES.

[26]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[27]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[28]  William P. Marnane,et al.  Correlation Power Analysis of Large Word Sizes , 2007 .

[29]  Vishwas Manral,et al.  Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) , 2005, RFC.

[30]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[31]  Thomas Beth,et al.  A Theoretical DPA-Based Cryptanalysis of the NESSIE Candidates FLASH and SFLASH , 2001, ISC.

[32]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .