Analysis of a Code-Based Countermeasure Against Side-Channel and Fault Attacks

The design of robust countermeasures against Side-Channel Analysis or Fault Attacks is always a challenging task. At WISTP’14, a single countermeasure designed to thwart in the same effort both kinds of attacks was presented. This countermeasure is based

  • PDF / 1,397,095 Bytes
  • 16 Pages / 439.37 x 666.142 pts Page_size
  • 61 Downloads / 186 Views

DOWNLOAD

REPORT

bstract. The design of robust countermeasures against Side-Channel Analysis or Fault Attacks is always a challenging task. At WISTP’14, a single countermeasure designed to thwart in the same effort both kinds of attacks was presented. This countermeasure is based on coding theory and consists in a specific encoding of the manipulated data acting in the same time as a random masking and an error detector. In this paper, we prove that this countermeasure does not meet the ambitious objectives claimed by its authors. Indeed, we exhibit a bias in the distribution of the masked values that can be exploited to retrieve the sensitive data from the observed side-channel leakage. Going further, we show that this bias is inherent to the nature of the encoding and that randomizing the code itself can be useful to reduce the bias but cannot completely fix the scheme. Keywords: Side-channel analysis Countermeasure · AES

1

·

Fault attacks

·

Coding theory

·

Introduction

Since the introduction of side-channel analysis and fault attacks against cryptographic implementations in the late 90s, the scientific community, both academic and industrial, has engaged a great effort in designing robust and efficient countermeasures to counteract these attacks. Usually, each countermeasure is designed to tackle only one of these two kinds of attacks. For instance, boolean masking [1] of key-dependent data is meant to avoid information leakage through a side-channel medium. On the other hand, time-redundant or data-redundant computations are implemented to detect fault injections during the execution of the algorithm. Following the idea first introduced in [2] the authors of [3] proposed at WISTP’14 a new countermeasure named ODSM (for Orthogonal Direct Sum Masking) based on coding theory and showed how it could be applied to protect an AES implementation. Besides the application of code-based techniques, one of the novelty of ODSM is that the same countermeasure aims at defeating both side-channel analysis (SCA) and fault attacks (FA) at once. c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved S. Foresti and J. Lopez (Eds.): WISTP 2016, LNCS 9895, pp. 153–168, 2016. DOI: 10.1007/978-3-319-45931-8 10

154

G. Barbu and A. Battistello

By introducing a random mask in the encoding of a sensitive data, ODSM aims at decorrelating the side-channel leakage from the value of the sensitive variable. At the same time, by taking advantage of the error detection capability of the code, the scheme also allows to control the integrity of the manipulated data and eventually to detect induced faults. Although the proposed countermeasure is pretty elegant from a theoretic point of view and that a proof of security is presented in the original article, we demonstrate in the following that such a proposal fails at ensuring resistance against SCA. This article is organized as follows. Section 2 recalls some basic concepts of coding theory and defines some notions reg

Data Loading...

Recommend Documents
S-NET: A Confusion Based Countermeasure Against Power Attacks for SBOX

212 81 30MB

Classical Countermeasures Against Differential Fault Analysis

207 87 512KB

Key Update Countermeasure for Correlation-Based Side-Channel Attacks

148 46 5MB

Analysis of Countermeasures Against Access Driven Cache Attacks on AES

160 38 229KB

Injecting Power Attacks with Voltage Glitching and Generation of Clock Attacks for Testing Fault Injection Attacks

192 78 22MB

Certifying Decision Trees Against Evasion Attacks by Program Analysis

188 92 39MB

Robust Tracking Against Adversarial Attacks

191 105 235MB

Defense-VAE: A Fast and Accurate Defense Against Adversarial Attacks

172 64 72MB

To infect or not to infect: a critical analysis of infective countermeasures in fault attacks

141 47 2MB

Defense Against Biological Attacks Volume II

205 28 7MB

Data Poisoning Attacks Against Federated Learning Systems

216 40 48MB

Assessing Adaptive Attacks Against Trained JavaScript Classifiers

172 98 34MB