Abstract
We propose a generalized framework to evaluate the side-channel information leakage of symmetric block ciphers. The leakage mapping methodology enables the systematic and efficient identification and mitigation of problematic information leakages by exhaustively considering relevant leakage models. The evaluation procedure bounds the anticipated resistance of an implementation to the general class of univariate differential side-channel analysis techniques. Typical applications are demonstrated using the well-known Hamming weight and Hamming distance leakage models, with recommendations for the incorporation of more accurate models. The evaluation results are empirically validated against correlation-based differential side-channel analysis attacks on two typical unprotected implementations of the Advanced Encryption Standard.
- Agrawal, D., Archambeault, B., Rao, J. R., and Rohatgi, P. 2002. The EM side-channel(s). In Proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04) Revised Papers. Lecture Notes in Computer Science, vol. 2523, Springer, 29--45. Google ScholarDigital Library
- Agrawal, D., Rao, J. R., Rohatgi, P., and Schramm, K. 2005. Templates as master keys. In Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’05). Lecture Notes in Computer Science, vol. 3659, Springer, 15--29. Google ScholarDigital Library
- Akkar, M.-L., Bevan, R., Dischamp, P., and Moyart, D. 2000. Power analysis, what is now possible... In Proceedings of the International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT). T. Okamoto Ed., Lecture Notes in Computer Science, vol. 1976, Springer, 489--502. Google ScholarDigital Library
- Archambeau, C., Peeters, E., Standaert, F.-X., and Quisquater, J.-J. 2006. Template attacks in principal subspaces. In Proceedings of the 8th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’06). Lecture Notes in Computer Science, vol. 4249, Springer, 1--14. Google ScholarDigital Library
- Biham, E. and Shamir, A. 1997. Differential fault analysis of secret key cryptosystems. In Proceedings of the Annual International Cryptology Conference (CRYPTO’97). B. S. Kaliski Jr. Ed., Lecture Notes in Computer Science, vol. 1294, Springer, 513--525. Google ScholarDigital Library
- Brier, E., Clavier, C., and Olivier, F. 2004. Correlation power analysis with a leakage model. In Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04). Lecture Notes in Computer Science, vol. 3156, Springer, 16--29.Google ScholarCross Ref
- Chari, S., Rao, J. R., and Rohatgi, P. 2002. Template attacks. In Proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04) Revised Papers. Lecture Notes in Computer Science, vol. 2523, Springer, 13--28. Google ScholarDigital Library
- Cobb, W., Laspe, E., Baldwin, R., Temple, M., and Kim, Y. 2012. Intrinsic physical-layer authentication of integrated circuits. IEEE Trans. Inf. Forens. Secur. 7, 1, 14--24. Google ScholarDigital Library
- Daemen, J. and Rijmen, V. 2001. The Design of Rijndael. Springer. Google ScholarDigital Library
- Gierlichs, B., Batina, L., Tuyls, P., and Preneel, B. 2008. Mutual information analysis. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES’08). E. Oswald and P. Rohatgi Eds., Lecture Notes in Computer Science, vol. 5154, Springer, 426--442. Google ScholarDigital Library
- Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., and Sigl, G. 2012. Localized electromagnetic analysis of cryptographic implementations. In Proceedings of the Cryptographer’s Track at the RSA Conference (CT-RSA’12). Lecture Notes in Computer Science, vol. 7178, Springer, 231--244. Google ScholarDigital Library
- Kasper, M., Kasper, T., Moradi, A., and Paar, C. 2009. Breaking KEELOQ in a flash: On extracting keys at lightning speed. In Proceedings of the International Conference on Cryptology in Africa (AFRICACRYPT’09). B. Preneel Ed., Lecture Notes in Computer Science, vol. 5580, Springer, 403--420. Google ScholarDigital Library
- Kocher, P. C., Jaffe, J., and Jun, B. 1999. Differential power analysis. In Proceedings of the Annual International Cryptology Conference (CRYPTO’99). M. J. Wiener Ed., Lecture Notes in Computer Science, vol. 1666, Springer, 388--397. Google ScholarDigital Library
- Lu, J., Pan, J., and den Hartog, J. 2010. Principles on the security of AES against first and second-order differential power analysis. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS’10). J. Zhou and M. Yung Eds., Lecture Notes in Computer Science, vol. 6123, Springer, 168--185. Google ScholarDigital Library
- Mangard, S., Oswald, E., and Popp, T. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer. Google ScholarDigital Library
- Mangard, S., Oswald, E., and Standaert, F.-X. 2009. One for all - all for one: Unifying standard DPA attacks. Cryptology ePrint Archive, Report 2009/449. http://eprint.iacr.org/Google Scholar
- Moradi, A., Kasper, M., and Paar, C. 2012. Black-box side-channel attacks highlight the importance of countermeasures - An analysis of the Xilinx Virtex-4 and Virtex-5 bitstream encryption mechanism. In Proceedings of the Cryptographer’s Track at the RSA Conference (CT-RSA’12). Lecture Notes in Computer Science, vol. 7178, Springer, 1--18. Google ScholarDigital Library
- National Institute of Standards and Technology (NIST). 1999. FIPS PUB 46-3: Data encryption standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfGoogle Scholar
- National Institute of Standards and Technology (NIST). 2001. FIPS PUB 197: Announcing the advanced encryption standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdfGoogle Scholar
- Paristech, T. 2010. DPA contest v2. http://www.dpacontest.org/v2/Google Scholar
- Peeters, E., Standaert, F.-X., and Quisquater, J.-J. 2007. Power and electromagnetic analysis: Improved model, consequences and comparisons. Integrat. 40, 1, 52--60. Google ScholarDigital Library
- RCIS. 2011. SASEBO GII. http://www.rcis.aist.go.jp/special/SASEBO/SASEBO-GII-en.htmlGoogle Scholar
- Renauld, M., Kamel, D., Standaert, F.-X., and Flandre, D. 2011. Information theoretic and security analysis of a 65-nanometer ddsll aes s-box. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES’11). B. Preneel and T. Takagi Eds., Lecture Notes in Computer Science, vol. 6917, Springer, 223--239. Google ScholarDigital Library
- Renauld, M. and Standaert, F.-X. 2009. Combining algebraic and side-channel cryptanalysis against block ciphers. In Proceedings of the 30th Symposium on Information Theory in the Benelux.Google Scholar
- Renauld, M., Standaert, F.-X., and Veyrat-Charvillon, N. 2009. Algebraic side-channel attacks on the AES: Why time also matters in DPA. In Proceedings of the International Workshop on Crytographic Hardware and Embedded Systems (CHES’09). C. Clavier and K. Gaj Eds., Lecture Notes in Computer Science, vol. 5747, Springer, 97--111. Google ScholarDigital Library
- RISCURE. 2009. Inspector - The side channel test platform. http://www.riscure.com/inspector/product-description.htmlGoogle Scholar
- Rodgers, J. and Nicewander, W. 1988. Thirteen ways to look at the correlation coefficient. The Amer. Statist. 42, 1, 59--66.Google ScholarCross Ref
- Schindler, W., Lemke, K., and Paar, C. 2005. A stochastic model for differential side channel cryptanalysis. In Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’05). Lecture Notes in Computer Science, vol. 3659, Springer, 30--46. Google ScholarDigital Library
- Schlosser, A., Nedospasov, D., Kramer, J., Orlic, S., and Seifert, J.-P. 2012. Simple photonic emission analysis of aes - Photonic side channel analysis for the rest of us. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES’12). E. Prouff and P. Schaumont Eds., Lecture Notes in Computer Science, vol. 7428, Springer, 41--57. Google ScholarDigital Library
- Skorobogatov, S. P. 2006. Optically enhanced position-locked power analysis. In Proceedings of the 8th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’06). Lecture Notes in Computer Science, vol. 4249, Springer, 61--75. Google ScholarDigital Library
- Standaert, F.-X., Ors, S. B., and Preneel, B. 2004. Power analysis of an FPGA: Implementation of rijndael: Is pipelining a DPA countermeasure? In Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’04). Lecture Notes in Computer Science, vol. 3156, Springer, 30--44.Google ScholarCross Ref
- Standaert, F.-X., Mace, F., Peeters, E., and Quisquater, J.-J. 2006. Updates on the security of FPGAs against power analysis attacks. In Proceedings of the International Workshop on Applied Reconfigurable Computing (ARC’06). K. Bertels, J. M. P. Cardoso, and S. Vassiliadis Eds., Lecture Notes in Computer Science, vol. 3985, Springer, 335--346.Google Scholar
- Standaert, F.-X., Gierlichs, B., and Verbauwhede, I. 2008. Partition vs. comparison side-channel distinguishers: An empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected cmos devices. In Proceedings of the International Conference on Information Security and Cryptology (ICISC’08). P. J. Lee and J. H. Cheon Eds., Lecture Notes in Computer Science, vol. 5461, Springer, 253--267.Google Scholar
- Standaert, F.-X., Malkin, T., and Yung, M. 2009. A unified framework for the analysis of side-channel key recovery attacks. In Proceedings of the Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’09). A. Joux Ed., Lecture Notes in Computer Science, vol. 5479, Springer, 443--461. Google ScholarDigital Library
- Veyrat-Charvillon, N. and Standaert, F. 2011. Generic side-channel distinguishers: Improvements and limitations. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’11). 354--372. Google ScholarDigital Library
- Xilinx. 2011. Virtex 5 family. http://www.xilinx.com/products/virtex5/Google Scholar
Index Terms
- Leakage Mapping: A Systematic Methodology for Assessing the Side-Channel Information Leakage of Cryptographic Implementations
Recommendations
Principles on the security of AES against first and second-order differential power analysis
ACNS'10: Proceedings of the 8th international conference on Applied cryptography and network securityThe Advanced Encryption Standard (AES) is a 128-bit block cipher that is currently being widely used in smartcards. Differential Power Analysis (DPA) is a powerful technique used to attack a cryptographic implementation in a resource-limited application ...
Nonmalleable Cryptography
The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext ...
Impossible differential cryptanalysis of 7-round advanced encryption standard (AES)
Devoted to the rapid publication of short contributions to information processingIn 2000, Biham and Keller [Cryptanalysis of reduced variants of Rijndael, 3rd AES Conference, in press] presented an impossible differential cryptanalysis of the Advanced Encryption Standard (AES) up to 5 rounds. This was later improved in 2001 by Cheon ...
Comments