Improved Higher-Order Side-Channel Attacks with FPGA Experiments

Peeters, Eric; Standaert, François‐Xavier; Donckers, Nicolas; Quisquater, Jean-Jacques

doi:10.1007/11545262_23

Cited by 73 publications

(54 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the second category, hiding, intermediate values remain the same as for unprotected implementations, but power consumption is made as constant as possible. According to the state-of-the-art attacks, masked implementation on a Field Programmable Gates Array (FPGA) could be broken with Higher-Order Differential Power Analysis (HODPA) using 12,000 power consumption traces [3] whereas 1,500,000 measurements are not sufficient to disclose the entire secret key of an Application Specific Integrated Circuit (ASIC) cryptoprocessor protected by Wave Dynamic Differential Logic (WDDL) [4], the most popular hiding countermeasure developed by Tiri and Verbauwhede. Proposals for merging both techniques with a view to compensate for weakness of masking against HODPA and for backend operations hardness of hiding have been reported in [5,6], but this approach unfortunately remains vulnerable when the masking relies on one single bit of entropy [7].…”

Section: Introductionmentioning

confidence: 99%

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Sauvage

Nassar

Guilley

et al. 2010

International Journal of Reconfigurable Computing

View full text Add to dashboard Cite

FPGA design of side-channel analysis countermeasures using unmasked dual-rail with precharge logic appears to be a great challenge. Indeed, the robustness of such a solution relies on careful differential placement and routing whereas both FPGA layout and FPGA EDA tools are not developed for such purposes. However, assessing the security level which can be achieved with them is an important issue, as it is directly related to the suitability to use commercial FPGA instead of proprietary custom FPGA for this kind of protection. In this article, we experimentally gave evidence that differential placement and routing of an FPGA implementation can be done with a granularity fine enough to improve the security gain. However, so far, this gain turned out to be lower for FPGAs than for ASICs. The solutions demonstrated in this article exploit the dual-output of modern FPGAs to achieve a better balance of dual-rail interconnections. However, we expect that an in-depth analysis of routing resources power consumption could still help reduce the interconnect differential leakage.

show abstract

Section: Introductionmentioning

confidence: 99%

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Sauvage

Nassar

Guilley

et al. 2010

International Journal of Reconfigurable Computing

View full text Add to dashboard Cite

show abstract

“…Application to Variant 1: This variant replaces (12) with (19) in the E-Step and uses solely (14) in the M-Step [7].…”

Section: Application To Variant 4: Each Iteration Includes the Expectmentioning

confidence: 99%

“…It combines measurements at related time instants before statistics is applied. Related work on second-order DPA can also be found in [11,19,17,21,16,1]. Except for [1] these contributions assume that the leakage of the cryptographic device corresponds to the Hamming weight model.…”

Section: Introductionmentioning

confidence: 99%

Gaussian Mixture Models for Higher-Order Side Channel Analysis

Lemke‐Rust

Paar

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We introduce the use of multivariate Gaussian mixture models for enhancing higher-order side channel analysis on masked cryptographic implementations. Our contribution considers an adversary with incomplete knowledge at profiling, i.e., the adversary does not know random numbers used for masking. At profiling, the adversary observes a mixture probability density of the side channel leakage. However, the EM algorithm can provide estimates on the unknown parameters of the component densities using samples drawn from the mixture density. Practical results are presented and confirm the usefulness of Gaussian mixture models and the EM algorithm. Especially, success rates obtained by automatic classification based on the estimates of the EM algorithm are very close to success rates of template attacks.

show abstract

“…In particular, the shares are usually processed at the same time. As a consequence the instantaneous leakage is actually dependent on the sensitive variables, which makes some dedicated attacks possible [28,19]. Other vulnerabilities come from physical phenomena such as glitches [16] or propagation delays [27].…”

Section: Introductionmentioning

confidence: 99%

“…As a first step, resistance against second order SCA (2O-SCA) is of importance since it has been substantially improved and successfully put into practice [28,19,11,18,17,14].…”

Section: Introductionmentioning

confidence: 99%

Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis

Rivain

Dottax

Prouff

Fast Software Encryption

122

View full text Add to dashboard Cite

Abstract. In the recent years, side channel analysis has received a lot of attention, and attack techniques have been improved. Side channel analysis of second order is now successful in breaking implementations of block ciphers supposed to be effectively protected. This progress shows not only the practicability of second order attacks, but also the need for provably secure countermeasures. Surprisingly, while many studies have been dedicated to the attacks, only a few papers have been published about the dedicated countermeasures. In fact, only the method proposed by Schramm and Paar at CT-RSA 2006 enables to thwart second order side channel analysis. In this paper, we introduce two new methods which constitute a worthwhile alternative to Schramm and Paar's proposal. We prove their security in a strong security model and we exhibit a way to significantly improve their efficiency by using the particularities of the targeted architectures. Finally, we argue that the introduced methods allow us to efficiently protect a wide variety of block ciphers, including AES.

show abstract

Improved Higher-Order Side-Channel Attacks with FPGA Experiments

Cited by 73 publications

References 17 publications

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Gaussian Mixture Models for Higher-Order Side Channel Analysis

Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis

Contact Info

Product

Resources

About