Analysis of a Code-Based Countermeasure Against Side-Channel and Fault Attacks

Barbu, Guillaume; Battistello, Alberto

doi:10.1007/978-3-319-45931-8_10

Cited by 2 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although ODSM promised a generic countermeasure against SCA and fault analysis, studies of [49] demonstrated that ODSM fails to provide the assumed security. The major vulnerability of ODSM arises from the fact that the random mask added to sensitive variables is not perfectly uniform as opposed to Boolean masking, since the mask is chosen from the orthogonal space to the encoded sensitive variables.…”

Section: Integrated Countermeasuresmentioning

confidence: 99%

See 1 more Smart Citation

RS-Mask: Random Space Masking as an Integrated Countermeasure against Power and Fault Analysis

Ramezanpour¹,

Ampadu²,

Diehl³

2019

Preprint

View full text Add to dashboard Cite

While modern masking schemes provide provable security against passive side-channel analysis (SCA), such as power analysis, single faults can be employed to recover the secret key of ciphers even in masked implementations. In this paper, we propose random space masking (RS-Mask) as a countermeasure against both power analysis and statistical fault analysis (SFA) techniques. In the RS-Mask scheme, the distribution of all sensitive variables, faulty and/or correct values is uniform, and it therefore protects the implementations against any SFA technique that exploits the distribution of intermediate variables, including fault sensitivity analysis (FSA), statistical ineffective fault analysis (SIFA) and fault intensity map analysis (FIMA). We implement RS-Mask on AES, and show that a SIFA attack is not able to identify the correct key. We additionally show that an FPGA implementation of AES, protected with RS-Mask, is resistant to power analysis SCA using Welch's t-test. The area of the RS-Masked AES is about 3.5 times that of an unprotected AES implementation of similar architecture, and about 2 times that of a known FPGA SCA-resistant AES implementation. Finally, we introduce infective RS-Mask that provides security against differential techniques, such as differential fault analysis (DFA) and differential fault intensity analysis (DFIA), with a slight increase in overhead.

show abstract

Section: Integrated Countermeasuresmentioning

confidence: 99%

“…As a result, the distribution of masked variables cannot be uniform. This property is exploited in [49] to deploy a first order DPA attack to recover the secret key of AES implemented with ODSM scheme. We will also prove that the non-uniform distribution of a mask makes the scheme vulnerable to fault analysis.…”

Section: Integrated Countermeasuresmentioning

confidence: 99%