A Machine Learning Approach Against a Masked AES

Lerman, Liran; Medeiros, Stephane Fernandes; Bontempi, Gianluca; Markowitch, Olivier

doi:10.1007/978-3-319-14123-7_5

Cited by 30 publications

(37 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An attacker that knows the exact implementation of the shuffling countermeasure that was used might try to recover random bits used to shuffle the bytes and then extract the key using this knowledge (by finding the positions of shuffled operations using known random numbers). This technique was used to attack a masking scheme of a DPA Contest [10,11]. Basically, the attacker targets the random number generator which allows to effectively remove the security mechanism that uses randomness.…”

Section: Targeting the Rngmentioning

confidence: 99%

Variety of Scalable Shuffling Countermeasures against Side Channel Attacks

Veshchikov

Medeiros

Lerman

2017

JCSM

Self Cite

View full text Add to dashboard Cite

IoT devices have very strong requirements on all the resources such as memory, randomness, energy and execution time. This paper proposes a number of scalable shuffling techniques as countermeasures against side channel analysis. Some extensions of an existing technique called Random Start Index (RSI) are suggested in this paper. Moreover, two new shuffling techniques Reverse Shuffle (RS) and Sweep Swap Shuffle (SSS) are described within their possible extensions. Extensions of RSI, RS and SSS might be implemented in a constrained environment with a small data and time overhead. Each of them might be implemented using different amount of randomness and thus, might be fine-tuned according to requirements and constraints of a cryptographic system such as time, memory, available number of random bits, etc. RSI, RS, SSS and their extensions are described using SubBytes operation of AES-128 block cipher as an example, but they might be used with different operations of AES as well as with other algorithms. This paper also analyses RSI, RS and SSS by comparing their properties such as number of total permutations that might be generated using a fixed number of random bits, data complexity, time overhead and evaluates their resistance against some known side-channel attacks such as correlation power analysis and template attack.

show abstract

Section: Targeting the Rngmentioning

confidence: 99%

Variety of Scalable Shuffling Countermeasures against Side Channel Attacks

Veshchikov

Medeiros

Lerman

2017

JCSM

Self Cite

View full text Add to dashboard Cite

show abstract

“…This explains why the attacks of Ye and Eisenbarth require many more traces (around 10 000), where a first-order attack knowing the mask requires only about 12 traces. Lerman et al have developed a profiling attack that consists in recovering the masks [23]. They used supervised learning to recognize the mask offset, that leaks strongly.…”

Section: Comparison With Other Attacks On the Dpa Contest V4 Aes Tracesmentioning

confidence: 99%

“…As related works we should address three recently published articles [3,23,46] which made use of DPA Contest V4 measurements. Although all of these articles provide many useful discussions and analysis tools, none of them exploits the first-order leakage that we present here.…”

Section: Introductionmentioning

confidence: 99%

Detecting Hidden Leakages

Moradi

Guilley

Heuser

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

show abstract

“…Practical aspects of template attacks have been discussed in . The profiling phase of TA was improved in ; in recent years, the cryptographic community has been exploring the potential of TA based on machine learning approaches . In this respect, the selection of interesting points is a crucial aspect of profiling attacks.…”

Section: Introductionmentioning

confidence: 99%

“…So far, participants of the contest have performed many attacks aimed at the original RSM implementation. Different techniques were used such as mutual information analysis , collision on the S‐box , or recovering the offset value based on TA . We refer to work that provides a deep analysis of attacks executed during the DPA Contest V4.…”

Section: Introductionmentioning

confidence: 99%

Crucial pitfall of DPA Contest V4.2 implementation

Martinásek

Iglesias

Malina

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Differential power analysis (DPA) is a powerful side‐channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA contest, denoted as V4.2, provides an improved implementation of the rotating S‐box masking scheme where low‐entropy boolean masking is combined with the shuffling technique to protect Advanced Encryption Standard implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original rotating S‐box masking implementation. In this paper, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first‐order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S‐box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

A Machine Learning Approach Against a Masked AES

Cited by 30 publications

References 19 publications

Variety of Scalable Shuffling Countermeasures against Side Channel Attacks

Variety of Scalable Shuffling Countermeasures against Side Channel Attacks

Detecting Hidden Leakages

Crucial pitfall of DPA Contest V4.2 implementation

Contact Info

Product

Resources

About