Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks

Nassar, Maxime; Guilley, Sylvain; Danger, Jean‐Luc

doi:10.1007/978-3-642-25578-6_4

Cited by 28 publications

(28 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though the randomization of packet lengths makes it harder to infer a search query, it is still possible to guess the target correctly in many cases. There have been numerous attempts to mitigate side-channel leaks in general [13,14], but it is generally considered that preventing every side-channel leak source is very difficult [15]. However, for the particular leak exploited in this paper, it would be easy to implement an efficient countermeasure by sending only packets of a given, fixed size (e.g., the size of the longest possible packet in response of a request).…”

Section: How To Mitigate Side-channel Leaksmentioning

confidence: 99%

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

Schaub

Schneider

Hollender

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client's search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. They yield, for the French language, an exact recovery of search word in more than 30% of the cases. Finally, we present some methods to mitigate such side-channel leaks.

show abstract

Section: How To Mitigate Side-channel Leaksmentioning

confidence: 99%

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

Schaub

Schneider

Hollender

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, if the mask is drawn randomly from 2 possible masks, too much memory is required to keep all the possible masked S-Boxes. To offer a reasonable solution to balance the security protection and the performance of implementations, Low Entropy Masking Schemes (LEMS) [10,11] are designed by limiting the amount of mask entropy.…”

Section: Introductionmentioning

confidence: 99%

“…Another aspect is the chosen mask set which plays significant roles in security. Some research studied how to select them for hardware implemented LEMS [11,18]. The selection criterion of the mask sets considered finding secure mask sets under two important assumptions [19].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Software Implemented Low Entropy Masking Schemes

Chen

Wang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Low Entropy Masking Schemes (LEMS) are countermeasure techniques to mitigate the high performance overhead of masked hardware and software implementations of symmetric block ciphers by reducing the entropy of the mask sets. The security of LEMS depends on the choice of the mask sets. Previous research mainly focused on searching balanced mask sets for hardware implementations. In this paper, we find that those balanced mask sets may have vulnerabilities in terms of absolute difference when applied in software implemented LEMS. The experiments verify that such vulnerabilities certainly make the software LEMS implementations insecure. To fix the vulnerabilities, we present a selection criterion to choose the mask sets. When some feasible mask sets are already picked out by certain searching algorithms, our selection criterion could be a reference factor to help decide on a more secure one for software LEMS.

show abstract

“…However, each of these heuristics has a drawback which may lead to a seriously vulnerable implementation (see [10]). Instead, reducing the entropy of the mask is the idea followed by [30,31]. Use of fewer mask values allows precomputing all masked look-up tables and fit them to the small-size platforms, e.g., smartcards or microcontrollers with a few Kilobytes of flash memory.…”

Section: Introductionmentioning

confidence: 99%

Detecting Hidden Leakages

Moradi

Guilley

Heuser

2014

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

show abstract

Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks

Cited by 28 publications

References 25 publications

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

Analysis of Software Implemented Low Entropy Masking Schemes

Detecting Hidden Leakages

Contact Info

Product

Resources

About