Leakage Squeezing Countermeasure against High-Order Attacks

In the recent years, side channel attacks have been widely investigated. In particular, second order attacks (2O-attacks) have been improved and successfully applied to break many masked implementations. In this context we propose a new concept to hinder attacks of all order: instead of injecting more entropy, we make the most of a single-mask entropy. With specially crafted bijections instantiated on the mask path, we manage to reduce the inter-class variance (method we call "leakage squeezing") so that the leakage distributions become almost independent from the processed data. We present two options for this countermeasure. The first one is based on a recoded memory with a size squared w.r.t. the unprotected requirement, whilst the second one is an enhancement alleviating the requirement for a large memory. We theoretically prove the robustness of those implementations and practically evaluate their security improvements. This is attested by a robustness evaluation based on an information theoretic framework and by a 2O-DPA, an EPA and a multi-variate mutual information analysis (MMIA) attack metric. As opposed to software-oriented 3O-DPA-proof countermeasures that seriously impact the performances, our is hardware-oriented and keeps a complexity similar to that of a standard 2O-attack countermeasure with an almost untouched throughput, which is a predominant feature in computing-intensive applications.

[1]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[2]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[3]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[4]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[5]  Adi Shamir,et al.  Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies , 2000, CHES.

[6]  Jean-Jacques Quisquater,et al.  FPGA Implementations of the DES and Triple-DES Masked Against Power Analysis Attacks , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[7]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[8]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[9]  Bart Preneel,et al.  Power Analysis Attacks Against FPGA Implementations of the DES , 2004, FPL.

[10]  Louis Goubin,et al.  A Generic Protection against High-Order Differential Power Analysis , 2003, FSE.

[11]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[12]  Yang Li,et al.  Power Variance Analysis breaks a masked ASIC implementation of AES , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[13]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[14]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[15]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[16]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[17]  Daisuke Suzuki,et al.  DPA Leakage Models for CMOS Logic Circuits , 2005, CHES.

[18]  Eric Peeters,et al.  Towards Security Limits in Side-Channel Attacks , 2006, CHES.

[19]  ChangKyun Kim,et al.  Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA , 2007 .

[20]  Wieland Fischer,et al.  Masking at Gate Level in the Presence of Glitches , 2005, CHES.

[21]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[22]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[23]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[24]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[25]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[26]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[27]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[28]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[29]  Zhimin Chen Improving Secure Hardware Masking Using an Equalization Technique , 2008 .

[30]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[31]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[32]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[33]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[34]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[35]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[36]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[37]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[38]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[39]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[40]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[41]  Eric Peeters,et al.  Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[42]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[43]  Sylvain Guilley,et al.  Entropy-based power attack , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[44]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[45]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[46]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[47]  Patrick Schaumont,et al.  Slicing up a perfect hardware masking scheme , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[48]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[49]  Jiqiang Lu,et al.  Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards , 2005, ACISP.

[50]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[51]  Bart Preneel,et al.  Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis. , 2009 .