Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Unterstein, Florian; Schink, Marc; Schamberger, Thomas; Tebelmann, Lars; Ilg, Manuel; Heyszl, Johann

doi:10.46586/tches.v2020.i4.365-388

Cited by 5 publications

(3 citation statements)

References 12 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The PI of a leakage model is a side-channel metric that characterizes the amount of information that can be extracted about a target variable X from leakage traces using a given model [RSV + 11]. It is related to the success rate of an adversary that uses this model [DFS19, dCGRP19, MDP20], and it is a lower bound for the Mutual Information (MI) between the leakage and the target variable [BHM + 19, MCHS22], which characterizes the worst-case security of an implementation and therefore makes an interesting tool for side-channel security evaluations [SMY09]. Concretely, and given a model f[l|x] and a set of leakage traces L , the PI can be estimated as:…”

Section: Perceived Informationmentioning

confidence: 99%

Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations

Cassiers¹,

Devillez

Standaert

et al. 2023

TCHES

View full text Add to dashboard Cite

32-bit software implementations become increasingly popular for embedded security applications. As a result, profiling 32-bit target intermediate values becomes increasingly needed to evaluate their side-channel security. This implies the need of statistical tools that can deal with long traces and large number of classes. While there are good options to solve these issues separately (e.g., linear regression and linear discriminant analysis), the current state of the art lacks efficient tools to solve them jointly. To the best of our knowledge, the best-known option is to fragment the profiling in smaller parts, which is suboptimal from the information theoretic viewpoint. In this paper, we therefore revisit regression-based linear discriminant analysis, which combines linear regression and linear discriminant analysis, and improve its efficiency so that it can be used for profiling long traces corresponding to 32-bit implementations. Besides introducing the optimizations needed for this purpose, we show how to use regression-based linear discriminant analysis in order to obtain efficient bounds for the perceived information, an information theoretic metric characterizing the security of an implementation against profiled attacks. We also combine this tool with optimizations of soft analytical side-channel attack that apply to bitslice implementations. We use these results to attack a 32-bit implementation of SAP instantiated with Ascon’s permutation, and show that breaking the initialization of its re-keying in one trace is feasible for determined adversaries.

show abstract

Section: Perceived Informationmentioning

confidence: 99%

Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations

Cassiers¹,

Devillez

Standaert

et al. 2023

TCHES

View full text Add to dashboard Cite

show abstract

“…However, the efficiency of Hazay et al's scheme is not good so that Abdalla et al (2013) improved their scheme to propose an efficient leakage-resilient symmetric encryption scheme using the AES block cipher without constructing a leakage resilient block cipher. Recently, for enhancing the efficiency, several leakage-resilient authenticated symmetric encryption schemes based on hardware AES coprocessors (Unterstein et al, 2020;Bronchain et al, 2021) have been proposed.…”

Section: Related Workmentioning

confidence: 99%

Leakage-Resilient Revocable Certificateless Encryption with an Outsourced Revocation Authority

Tseng¹,

Huang²,

Tsai³

et al. 2022

Informatica

View full text Add to dashboard Cite

To resolve both certificate management and key escrow problems, a certificateless public-key system (CLPKS) has been proposed. However, a CLPKS setting must provide a revocation mechanism to revoke compromised users. Thus, a revocable certificateless public-key system (RCLPKS) was presented to address the revocation issue and, in such a system, the key generation centre (KGC) is responsible to run this revocation functionality. Furthermore, a RCLPKS setting with an outsourced revocation authority (ORA), named RCLPKS-ORA setting, was proposed to employ the ORA to alleviate the KGC’s computational burden. Very recently it was noticed that adversaries may adopt side-channel attacks to threaten these existing conventional public-key systems (including CLPKS, RCLPKS and RCLPKS-ORA). Fortunately, leakage-resilient cryptography offers a solution to resist such attacks. In this article, the first leakage-resilient revocable certificateless encryption scheme with an ORA, termed LR-RCLE-ORA scheme, is proposed. The proposed scheme is formally shown to be semantically secure against three types of adversaries in the RCLPKS and RCLPKS-ORA settings while resisting side-channel attacks. In the proposed scheme, adversaries are allowed to continually extract partial ingredients of secret keys participated in various computational algorithms of the proposed scheme while retaining its security.

show abstract

“…Thus, the protection of primitives against potent and skillful attackers that can perform simple power analysis or template attacks is still crucial [37]. Nevertheless, leakage resilient schemes have been implemented on micro-controllers and practical evaluation shows that protection against sidechannel attacks can be efficiently achieved in practice against a set of realistic adversaries [56].…”

Section: Introductionmentioning

confidence: 99%

Leakage Resilient Value Comparison with Application to Message Authentication

Dobraunig

Mennink

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Side-channel attacks are a threat to secrets stored on a device, especially if an adversary has physical access to the device. As an effect of this, countermeasures against such attacks for cryptographic algorithms are a well-researched topic. In this work, we deviate from the study of cryptographic algorithms and instead focus on the sidechannel protection of a much more basic operation, the comparison of a known attacker-controlled value with a secret one. Comparisons sensitive to side-channel leakage occur in tag comparisons during the verification of message authentication codes (MACs) or authenticated encryption, but are typically omitted in security analyses. Besides, also comparisons performed as part of fault countermeasures might be sensitive to sidechannel attacks. In this work, we present a formal analysis on comparing values in a leakage resilient manner by utilizing cryptographic building blocks that are typically part of an implementation anyway. Our results indicate that there is no need to invest additional resources into implementing a protected comparison operation itself if a sufficiently protected implementation of a public cryptographic permutation, or a (tweakable) block cipher, is already available. We complement our contribution by applying our findings to the SuKS message authentication code used by lightweight authenticated encryption scheme ISAP, and to the classical Hash-then-PRF construction.

show abstract

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

Cited by 5 publications

References 12 publications

Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations

Efficient Regression-Based Linear Discriminant Analysis for Side-Channel Security Evaluations

Leakage-Resilient Revocable Certificateless Encryption with an Outsourced Revocation Authority

Leakage Resilient Value Comparison with Application to Message Authentication

Contact Info

Product

Resources

About