You cannot hide behind the mask: Power analysis on a provably secure s-box implementation

J. Pan; J. I. Den Hartog; Jiqiang Lu

doi:10.1007/978-3-642-10838-9_14

You cannot hide behind the mask: Power analysis on a provably secure s-box implementation

J. Pan^*
, J. I. Den Hartog
, Jiqiang Lu

^*此作品的通讯作者

Eindhoven University of Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

21 引用（Scopus）

摘要

Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies-hiding by repeating operations for each possible value, and masking and hiding using the same random number-can create new vulnerabilities.

源语言	英语
主期刊名	Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers
页	178-192
页数	15
DOI	https://doi.org/10.1007/978-3-642-10838-9_14
出版状态	已出版 - 2009
已对外发布	是
活动	10th International Workshop on Information Security Applications, WISA 2009 - Busan, 韩国期限: 25 8月 2009 → 27 8月 2009

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	5932 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	10th International Workshop on Information Security Applications, WISA 2009
国家/地区	韩国
市	Busan
时期	25/08/09 → 27/08/09

访问文件

10.1007/978-3-642-10838-9_14

其它文件与链接

链接到 Scopus 的出版物

引用此

Pan, J., Den Hartog, J. I., & Lu, J. (2009). You cannot hide behind the mask: Power analysis on a provably secure s-box implementation. 在 Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers (页码 178-192). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 5932 LNCS). https://doi.org/10.1007/978-3-642-10838-9_14

Pan, J. ; Den Hartog, J. I. ; Lu, Jiqiang. / You cannot hide behind the mask : Power analysis on a provably secure s-box implementation. Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers. 2009. 页码 178-192 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8ed54239b35e48799597bce109de4b1b,

title = "You cannot hide behind the mask: Power analysis on a provably secure s-box implementation",

abstract = "Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies-hiding by repeating operations for each possible value, and masking and hiding using the same random number-can create new vulnerabilities.",

keywords = "Block cipher S-box, Power analysis, Provable security, Side-channel analysis",

author = "J. Pan and \{Den Hartog\}, \{J. I.\} and Jiqiang Lu",

year = "2009",

doi = "10.1007/978-3-642-10838-9\_14",

language = "英语",

isbn = "3642108377",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "178--192",

booktitle = "Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers",

note = "10th International Workshop on Information Security Applications, WISA 2009 ; Conference date: 25-08-2009 Through 27-08-2009",

}

Pan, J, Den Hartog, JI & Lu, J 2009, You cannot hide behind the mask: Power analysis on a provably secure s-box implementation. 在 Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 5932 LNCS, 页码 178-192, 10th International Workshop on Information Security Applications, WISA 2009, Busan, 韩国, 25/08/09. https://doi.org/10.1007/978-3-642-10838-9_14

You cannot hide behind the mask: Power analysis on a provably secure s-box implementation. / Pan, J.; Den Hartog, J. I.; Lu, Jiqiang.
Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers. 2009. 页码 178-192 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 5932 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - You cannot hide behind the mask

T2 - 10th International Workshop on Information Security Applications, WISA 2009

AU - Pan, J.

AU - Den Hartog, J. I.

AU - Lu, Jiqiang

PY - 2009

Y1 - 2009

N2 - Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies-hiding by repeating operations for each possible value, and masking and hiding using the same random number-can create new vulnerabilities.

AB - Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies-hiding by repeating operations for each possible value, and masking and hiding using the same random number-can create new vulnerabilities.

KW - Block cipher S-box

KW - Power analysis

KW - Provable security

KW - Side-channel analysis

UR - https://www.scopus.com/pages/publications/76649141188

U2 - 10.1007/978-3-642-10838-9_14

DO - 10.1007/978-3-642-10838-9_14

M3 - 会议稿件

AN - SCOPUS:76649141188

SN - 3642108377

SN - 9783642108372

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 178

EP - 192

BT - Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers

Y2 - 25 August 2009 through 27 August 2009

ER -

Pan J, Den Hartog JI, Lu J. You cannot hide behind the mask: Power analysis on a provably secure s-box implementation. 在 Information Security Applications - 10th International Workshop, WISA 2009, Revised Selected Papers. 2009. 页码 178-192. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-10838-9_14

You cannot hide behind the mask: Power analysis on a provably secure s-box implementation

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此