On Second-Order Differential Power Analysis

Joye, Marc; Paillier, Pascal; Schoenmakers, Berry

doi:10.1007/11545262_22

Cited by 96 publications

(55 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We assume a side-channel attack model similar to [20], generalized to all kinds of side-channels. Side-channel information is leaked by consuming a resource such as time and power, or by emitting an undesirable byproduct, such as radiation, noise, or heat.…”

Section: Mitigating Side-channel Attacksmentioning

confidence: 99%

Security challenges and opportunities in adaptive and reconfigurable hardware

Costan

Devadas

2011

2011 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

Abstract-We present a novel approach to building hardware support for providing strong security guarantees for computations running in the cloud (shared hardware in massive data centers), while maintaining the high performance and low cost that make cloud computing attractive in the first place. We propose augmenting regular cloud servers with a Trusted Computation Base (TCB) that can securely perform high-performance computations. Our TCB achieves cost savings by spreading functionality across two paired chips. We show that making a Field-Programmable Gate Array (FPGA) a part of the TCB benefits security and performance, and we explore a new method for defending the computation inside the TCB against sidechannel attacks.

show abstract

Section: Mitigating Side-channel Attacksmentioning

confidence: 99%

Security challenges and opportunities in adaptive and reconfigurable hardware

Costan

Devadas

2011

2011 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

show abstract

“…Two combination functions are studied most in previous literatures. The absolute difference combination function |L(t 0 ) − L(t 1 )| was first proposed by Messerges [10] and analyzed mathematically by Joye et al [11]. The centered product combination function [L(t 0 ) − E(L(t 0 ))] × [L(t 1 ) − E(L(t 1 ))] was proposed by Chari et al [12] and analyzed by Schramm and Paar [13].…”

Section: Introductionmentioning

confidence: 99%

A Statistical Model for Higher Order DPA on Masked Devices

Ding

Zhang

Fei

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A popular effective countermeasure to protect block cipher implementations against differential power analysis (DPA) attacks is to mask the internal operations of the cryptographic algorithm with random numbers. While the masking technique resists against first-order (univariate) DPA attacks, higher-order (multivariate) attacks were able to break masked devices. In this paper, we formulate a statistical model for higher-order DPA attack. We derive an analytic success rate formula that distinctively shows the effects of algorithmic confusion property, signal-noise-ratio (SNR), and masking on leakage of masked devices. It further provides a formal proof for the centered product combination function being optimal for higher-order attacks in very noisy scenarios. We believe that the statistical model fully reveals how the higher-order attack works around masking, and would offer good insights for embedded system designers to implement masking techniques.

show abstract

“…Side channel attacks combining multiple points of leakage are also called higher-order attacks [56,103]. Since protected implementations can generally not be successfully attacked with a univariate attack, higher-order attacks are also a means to break countermeasures [95,111].…”

Section: Side Channel Attacksmentioning

confidence: 99%

Why cryptography should not rely on physical attack complexity

Krämer

2016

It - Information Technology

View full text Add to dashboard Cite

Ich versichere an Eides statt, dass ich diese Dissertation selbständig verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. Datum Für meine Eltern AbstractEver since the first side channel attacks and fault attacks on cryptographic devices were introduced in the mid-nineties, new possibilities of physical attacks have been consistently explored. The risk that these attacks pose is reduced by reacting to known attacks and by developing and implementing countermeasures against them. For physical attacks whose theory is known but which have not been conducted yet, however, the situation is different. Attacks whose physical realization is assumed to be very complex are taken less seriously. The trust that these attacks will not be realized due to their physical complexity means that no countermeasures are developed at all. This leads to unprotected devices once the assessment of the complexity turns out to be wrong.This thesis presents two practical physical attacks whose theory is known for several years. Since neither attack has previously been successfully implemented in practice, however, they were not considered a serious threat. Their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, we introduce the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its first realization, it has not been taken seriously. We show both simple and differential photonic side channel analyses. Then, we present a fault attack against pairing-based cryptography. Due to the need for at least two independent precise faults in a single pairing computation, it has also not been taken seriously. We show how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these physical attacks. We present countermeasures on the software and the hardware level, which help to prevent these attacks in the future.Based on these two presented attacks, this thesis shows that the assessment of physical attack complexity is error-prone. Hence, cryptography should not rely on it. Cryptographic technologies have to be protected against all physical attacks, have they already been realized or not. The development of countermeasures does not require the successful execution of an attack but can already be carried out as soon as the principle of a side channel or a fault attack is understood.

show abstract

On Second-Order Differential Power Analysis

Cited by 96 publications

References 12 publications

Security challenges and opportunities in adaptive and reconfigurable hardware

Security challenges and opportunities in adaptive and reconfigurable hardware

A Statistical Model for Higher Order DPA on Masked Devices

Why cryptography should not rely on physical attack complexity

Contact Info

Product

Resources

About