Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures

McEvoy, Robert P.; Tunstall, Michael; Murphy, Colin C.; Marnane, William P.

doi:10.1007/978-3-540-77535-5_23

Cited by 41 publications

(46 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…By observing and analyzing physical information emitted from a cipher chip, an attacker can obtain a secret key inside the cipher circuit. A timing attack [7], a fault analysis attack [8], [9], a cache attack [10], an electromagnetic side-channel attack [11], and a differential power attack [12], [13], [14], [15] are reported as possible side-channel attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Oku

Yanagisawa

Togawa

2018

IPSJ Transactions on System LSI Design Methodology

View full text Add to dashboard Cite

Abstract:A scan chain is used by scan-path test, one of design-for-test techniques, which can control and observe internal registers in an LSI chip. On the other hand, a scan-based side-channel attack is focused on which can restore secret information by exploiting the scan data obtained from a scan chain inside the crypto chip during cryptographic processing. In this paper, we propose a scan-based attack method against a hash generator circuit called HMAC-SHA-256. Our proposed method is composed of three steps; Firstly, we isolate 64 bit-transition groups from a scan data using scan signatures based on the property of the HMAC-SHA-256 algorithm. Secondly, we classify these 64 bittransition groups into 32 pairs. Lastly, we find out the correspondence between the scan data and the internal registers in the target HMAC-SHA-256 circuit. Our proposed method restores the secret information by the three steps above, even if the scan chain includes registers other than the target hash generator circuit and hence it becomes too long. Experimental results show that our proposed method successfully restores two secret keys of the HMAC-SHA-256 circuit using up to 425 input messages in 7.5 hours.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Differential power analysis based side-channel attacks and electromagnetic side-channel attacks for hash generator circuits are proposed in Refs. [11], [12], [14], [15]. However, as far as we know, scan-based attacks against hash generator circuits have not been proposed yet.…”

Section: Introductionmentioning

confidence: 99%

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Oku

Yanagisawa

Togawa

2018

IPSJ Transactions on System LSI Design Methodology

View full text Add to dashboard Cite

show abstract

“…Okeya et al [7] [8] evaluated the security of HMAC algorithm based on block-cipher based hash functions. McEvoy et al [9] discussed a differential sidechannel attack on an implementation of the HMAC algorithm that uses the SHA-2 hash function family. But as far as we know, the resistance of SM3 to side channel attacks still remains uncertain and thus a potential risk for software or hardware implementations.…”

Section: Introductionmentioning

confidence: 99%

A First-Order Differential Power Analysis Attack on HMAC-SM3

Guo¹,

Wang²,

Li³

et al. 2015

Proceedings of the First International Conference on Information Science and Electronic Technology

View full text Add to dashboard Cite

Abstract-HMAC algorithm is one of the most famous keyed hash functions, and widely utilized. And SM3 is the only standard hash algorithm of China. However, most cryptographic algorithms implementations are vulnerable against side channel attacks. But specific side channel attacks on HMAC-SM3 have not been given so far. This paper presents a first-order DPA attack on HMAC-SM3. HMAC-SM3 hash algorithm is based on the mixing of different algebraic operations, such as XOR and addition modulo 2 32 , thus the proposed DPA attack is mainly against these basic group operations. Experimental results are given by attacking an implementation of HMAC-SM3 in a smart card, which demonstrate the practicability of such attacks described in this paper.

show abstract

“…Okeya et al [7] [8] evaluated the security of HMAC algorithm based on block-cipher based hash functions. McEvoy et al [9] discussed a differential side-channel attack on an implementation of the HMAC algorithm that uses the SHA-2 hash function family. But as far as we know, the resistance of SM3 to side channel attacks still remains uncertain.…”

Section: Introductionmentioning

confidence: 99%

A Differential Power Analysis Attack on Dynamic Password Token Based On SM3 Algorithm

Guo¹,

Li²,

Wang³

et al. 2015

Proceedings of the First International Conference on Information Science and Electronic Technology

View full text Add to dashboard Cite

Abstract-Dynamic password technology is one of the most widely utilized methods for identity authentication. The security of dynamic password system depends on the cryptographic strength of the underlying hash function. And SM3 is the only standard hash algorithm of China. However, most cryptographic algorithm implementations are vulnerable against side channel attacks. But specific side channel attacks on dynamic password token based on SM3 hash function have not been given so far. This paper presents a differential power analysis attack on dynamic password token based on SM3 algorithm. SM3 hash algorithm is based on the mixing of different algebraic operations, such as XOR and addition modulo 2 32 , thus the proposed DPA attack is mainly against these basic group operations. Experimental results are given by attacking an implementation of generating dynamic password using SM3 algorithm in a smart card, which demonstrate the feasibility of such attacks described in this paper.

show abstract

Differential Power Analysis of HMAC Based on SHA-2, and Countermeasures

Cited by 41 publications

References 17 publications

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

Scan-based Side-channel Attack against HMAC-SHA-256 Circuits Based on Isolating Bit-transition Groups Using Scan Signatures

A First-Order Differential Power Analysis Attack on HMAC-SM3

A Differential Power Analysis Attack on Dynamic Password Token Based On SM3 Algorithm

Contact Info

Product

Resources

About