Multiple-Differential Side-Channel Collision Attacks on AES

Bogdanov, Andrey

doi:10.1007/978-3-540-85053-3_3

Cited by 53 publications

(58 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2 before 50 µs are related to the initial masking of plaintext bytes before the key addition. Correlation-Collision Attack In order to perform a correlation-collision attack which aims at recovering the linear difference between the targeted key bytes (see AES linear collision attack [7]) the mean traces, e.g., m i 0 and m i 2 , should be first aligned based on the time instances of leaking parts discovered by the variance check approach restated above. Suppose that m i 2 indicate the mean traces m i 2 which are aligned to the mean traces m i 0 , i.e., by shifting each mean trace m i 2 9.524 µs (4762 sample points) to the left (see Fig.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Hidden Leakages

Moradi

Guilley

Heuser

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

show abstract

Section: Discussionmentioning

confidence: 99%

“…The mask values are chosen in such a way that the leakage caused by the masked variable X ⊕ S 1 depends on X only at degree 4. It is explained in [4] that such security can be reached if the masks are distributed as the 16 codewords of the [8,4,4] linear code, extension with one parity bit of the [7,4,3] Hamming code.…”

Section: Rsmmentioning

confidence: 99%

Detecting Hidden Leakages

Moradi

Guilley

Heuser

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…Its major advantage compared to classical power analysis attacks is that it neither relies on a hypothetical power model nor requires a profiling phase. Enhancing linear collision attacks [6] by the methods of correlation-based DPAs, it is able to overcome side-channel countermeasures as long as a minimal first order leakage remains.…”

Section: Correlation Collision Attackmentioning

confidence: 99%

“…The main idea of the attack is to check the similarity between two faulty ciphertext distributions, e.g., of two ciphertext bytes, each of which corresponds to a masked S-box followed by a fixed key addition, i.e., in the last round of the AES encryption. According to the linear collision in AES [6], the difference between key bytes equals to the difference between the corresponding fault-free ciphertext bytes when such a collision occurs.…”

Section: Model and Attack Conceptmentioning

confidence: 99%

On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting

Moradi

Mischke

Paar

et al. 2011

Cryptographic Hardware and Embedded Systems – CHES 2011

View full text Add to dashboard Cite

Abstract. At CHES 2010 two powerful new attacks were presented, namely the Fault Sensitivity Analysis and the Correlation Collision Attack. This paper shows how these ideas can be combined to create even stronger attacks. Two solutions are presented; both extract leakage information by the fault sensitivity analysis method while each one applies a slightly different collision attack to deduce the secret information without the need of any hypothetical leakage model. Having a similar fault injection method, one attack utilizes the non-uniform distribution of faulty ciphertext bytes while the other one exploits the data-dependent timing characteristics of the target combination circuit. The results when attacking several AES ASIC cores of the SASEBO LSI chips in different process technologies are presented. Successfully breaking the cores protected against DPA attacks using either gate-level countermeasures or logic styles indicates the strength of the attacks.

show abstract

“…The work of [21] and in particular recent works on collision attacks [3,4,5,6,7] veer away from long sequences of instructions [22,15], e.g. collisions that persist for an entire round, and target short-scale intermediate results.…”

Section: Introductionmentioning

confidence: 99%

Differential Cluster Analysis

Batina

Gierlichs

Lemke‐Rust

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a new technique called Differential Cluster Analysis for side-channel key recovery attacks. This technique uses cluster analysis to detect internal collisions and it combines features from previously known collision attacks and Differential Power Analysis. It captures more general leakage features and can be applied to algorithmic collisions as well as implementation specific collisions. In addition, the concept is inherently multivariate. Various applications of the approach are possible: with and without power consumption model and single as well as multi-bit leakage can be exploited. Our findings are confirmed by practical results on two platforms: an AVR microcontroller with implemented DES algorithm and an AES hardware module. To our best knowledge, this is the first work demonstrating the feasibility of internal collision attacks on highly parallel hardware platforms. Furthermore, we present a new attack strategy for the targeted AES hardware module.

show abstract

Multiple-Differential Side-Channel Collision Attacks on AES

Cited by 53 publications

References 12 publications

Detecting Hidden Leakages

Detecting Hidden Leakages

On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting

Differential Cluster Analysis

Contact Info

Product

Resources

About