Side Channel Attacks on Message Authentication Codes

Side channel attacks are a serious menace to embedded devices with cryptographic applications which are utilized in sensor and ad hoc networks. In this paper we show that side channel attacks can be applied to message authentication codes, even if the countermeasure is applied to the underlying block cipher. In particular, we show that EMAC, OMAC, and PMAC are vulnerable to our attack. Based on simple power analysis, we show that several key bits can be extracted, and based on differential power analysis, we present selective forgery against these MACs. Our results suggest that protecting block ciphers against side channel attacks is not sufficient, and countermeasures are needed for MACs as well.

[1]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[2]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[3]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[4]  Kenneth G. Paterson,et al.  Padding Oracle Attacks on the ISO CBC Mode Encryption Standard , 2004, CT-RSA.

[5]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[6]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[7]  Vlastimil Klíma,et al.  Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format , 2003, IACR Cryptol. ePrint Arch..

[8]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[9]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[10]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[11]  John Black,et al.  Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption , 2002, USENIX Security Symposium.

[12]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[13]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[14]  Serge Vaudenay,et al.  Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[15]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .