Right or wrong collision rate analysis without profiling: full-automatic collision fault attack

Wang, An; Tian, Wei; Wang, Qian; Zhang, Guoshuang; Zhu, Liehuang

doi:10.1007/s11432-016-0616-4

Cited by 5 publications

(2 citation statements)

References 27 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2015, Wang et al [27] mounted collision attacks on masked AES implemented on a smart card. Right or wrong collision rate was used as a distinguisher to detect collision by Wang et al [28] in 2018. So far, most existing collision detection algorithms detect collisions by searching the values of candidate plaintext byte exhaustively, which have a lot improving space in our view.…”

Section: Introductionmentioning

confidence: 99%

Adaptive Chosen-Plaintext Collision Attack on Masked AES in Edge Computing

et al. 2019

Self Cite

View full text Add to dashboard Cite

Edge computing handles delay-sensitive data and provides real-time feedback, while it brings data security issues to edge devices (such as IoT devices and edge servers). Side-channel attacks main threaten to these devices. Collision attack represents a powerful category of side-channel analysis in extracting security information from embedded cryptographic algorithms. Since its proposition in 2003, plenty of collision detection algorithms are presented, most of which enumerate all the values of target plaintext byte to find a collision. In this paper, we establish a relation between ''Euclidean distance between traces'' and ''Hamming distance between values,'' and take advantage of the distance information leaked from the power traces of encrypting an adaptively chosen plaintext to reduce the candidate plaintext space. Consequently, the collision is detected at a high pace. Moreover, this improvement is fault-tolerant, and its self-correction feature promotes the efficiency of attacks based on our method significantly. We take AES implemented with masks, which is usually employed in edge computing devices, for instance, to introduce our method and conduct experiments to verify its efficiency. According to the experimental results, for whole key recovery attacks, our method requires only 26.5% plaintexts, 32.2% traces, and much less than 10% computations of the collision-correlation attack launched by Clavier et al. INDEX TERMS Adaptive chosen-plaintext collision attack, edge computing, masking, the least square method. The associate editor coordinating the review of this manuscript and approving it for publication was Chien-Ming Chen. the framework of side-channel attacks on edge computing devices. Therefore, it is necessary to evaluate their security with side-channel analysis. Since Kocher [11] proposed timing attacks in 1996, cryptanalysts have considered various kinds of side-channel information and presented plenty techniques such as differential power analysis [12], collision attack [13], correlation power analysis [14], template attack [15], fault sensitivity analysis [16]-[18], etc. In this paper, we focus on improving the efficiency of collision attack when applied to masked AES in edge computing. Collision attack was firstly proposed by Schramm et al. [13] in 2003. Subsequently, a similar attack on AES was proposed to detect collisions in the first MixColumn operation [19]. In 2007, Bogdanov proposed

show abstract

Section: Introductionmentioning

confidence: 99%

Adaptive Chosen-Plaintext Collision Attack on Masked AES in Edge Computing

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…The efficiency of the second-order DPA greatly depends on the combining function it employs and the leakage model it constructs, but the combining function is just an approximate representation of the leakage. Collision attack [5][6][7] is another extensively applied method for achieving an attack on masked implementations. Clavier et al [5] utilized the reuse of masks to show the relationship among masked data in various substitution boxes (s-boxes) to perform the collision.…”

mentioning

confidence: 99%