Side-Channel Analysis Attacks on Hardware Implementations of Cryptographic Algorithms

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

Download Full-text

Side-channel analysis of MAC-Keccak hardware implementations

Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy - HASP '15 ◽

10.1145/2768566.2768567 ◽

2015 ◽

Cited By ~ 8

Author(s):

Pei Luo ◽

Yunsi Fei ◽

Xin Fang ◽

A. Adam Ding ◽

David R. Kaeli ◽

...

Keyword(s):

Side Channel ◽

Side Channel Analysis ◽

Hardware Implementations ◽

Channel Analysis

Download Full-text

Re-Consolidating First-Order Masking Schemes

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i1.305-342 ◽

2020 ◽

pp. 305-342

Author(s):

Aein Rezaei Shahmirzadi ◽

Amir Moradi

Keyword(s):

The Other ◽

Side Channel ◽

Side Channel Analysis ◽

First Order ◽

Cryptographic Algorithms ◽

Security Properties ◽

Channel Analysis ◽

Hardware Platforms

Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads and the amount of fresh randomness required to fulfill the resulting design’s security properties. There are already techniques applicable in hardware platforms that consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness.Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions, including the S-box of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.

Download Full-text

Low-Latency Hardware Masking with Application to AES

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i2.300-326 ◽

2020 ◽

pp. 300-326

Author(s):

Pascal Sasdrich ◽

Begül Bilgin ◽

Michael Hutter ◽

Mark E. Marson

Keyword(s):

Side Channel ◽

Nonlinear Functions ◽

Cryptographic Primitives ◽

Resistance Level ◽

Side Channel Analysis ◽

The Past ◽

Hardware Implementations ◽

Channel Analysis ◽

High Degree ◽

Leakage Assessment

During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong noninterference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level.

Download Full-text