Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Complementing Feistel Ciphers Read chapter Read first chapter

2014 | OriginalPaper | Chapter

Masking Tables—An Underestimated Security Risk

Authors : Michael Tunstall, Carolyn Whitnall, Elisabeth Oswald

Published in: Fast Software Encryption

Publisher: Springer Berlin Heidelberg

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The literature on side-channel analysis describes numerous masking schemes designed to protect block ciphers at the implementation level. Such masking schemes typically require the computation of masked tables prior to the execution of an encryption function. In this paper we revisit an attack which directly exploits this computation in such a way as to recover all or some of the masks used. We show that securely implementing masking schemes is only possible where one has access to a significant amount of random numbers.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Higher-Order Side Channel Security and Mask Refreshing
next chapter ALE: AES-Based Lightweight Authenticated Encryption
Appendix
Available only for authorised users
Footnotes
1
Herbst et al. describe how to mask AES and randomise the flow within rounds (the S-box precomputation is not randomised).
 
2
The theoretic distinguishing vector represents the underlying values which an attack seeks to estimate, and is computed from known distributions rather than estimated on sampled data.
 
3
Note that in many typical applications of formal hypothesis testing—medical treatment evaluation, for example—false positives have serious consequences. Competent analysts will opt to increase their sample sizes rather than weaken their decision criteria in order to get conclusive results. Since the unmasking phase of a mask recovery attack is constrained to a sample size of 256 an attacker does not have this option, nor are the consequences of a false positive so ‘expensive’.
 
4
Throughout this paper we assume in our models that the device leaks the Hamming weight and that the adversary uses this as power model. This is not a shortcoming for several reasons. Firstly, the numbers we provide are independent of the actual power model; they do however depend on the fact that we assume that the adversary’s model effectively matches the leakage model of the device. If an adversary were to use an imprecise model, this would change the outcomes and the analysis would need to be done accounting for the imprecision. Secondly, leakages observed in practice from software implementations on small processors originate typically from transfers of intermediate data or address values over buses. These components typically leak the Hamming weight or the Hamming distance from some fixed value.
 
5
Law of Total Probability states that if \(\{B_n : n = 1, 2, 3, \ldots \}\) is a finite or countably infinite partition of a sample space and each event \(B_n\) is measurable, then for any event A, \(\Pr (A)=\sum _n \Pr (A\cap B_n) = \sum _n \Pr (A | B_n)\Pr (B_n)\,\).
 
6
The practical attacks applied to an implementation of second-order Boolean masking.
 
Literature
1.
Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001) CrossRef
2.
Rivain, M., Dottax, E., Prouff, E.: Block ciphers implementations provably secure against second order side channel analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008) CrossRef
3.
Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 262–280. Springer, Heidelberg (2011) CrossRef
4.
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003) CrossRef
5.
Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010) CrossRef
6.
Kim, H.S., Hong, S., Lim, J.: A fast and provably secure higher-order masking of AES S-box. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 95–107. Springer, Heidelberg (2011) CrossRef
7.
Pan, J., den Hartog, J.I., Lu, J.: You cannot hide behind the mask: power analysis on a provably secure S-box implementation. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 178–192. Springer, Heidelberg (2009) CrossRef
8.
Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)CrossRef
9.
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)
10.
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999) CrossRef
11.
Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011) CrossRef
12.
Durvaux, F., Renauld, M., Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using hidden Markov models. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 123–140. Springer, Heidelberg (2013) CrossRef
13.
Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006) CrossRef
14.
Naccache, D., Nguyên, P.Q., Tunstall, M., Whelan, C.: Experimenting with faults, lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005) CrossRef
15.
Knuth, D.: The Art of Computer Programming, vol. 2, 3rd edn. Addison-Wesley, Reading (1998)
16.
Mangard, S., Oswald, E., Standaert, F.X.: One for all–all for one: unifying standard DPA attacks. IET Inf. Secur. 5(2), 100–119 (2011)CrossRef
Metadata
Title
Masking Tables—An Underestimated Security Risk
Authors
Michael Tunstall
Carolyn Whitnall
Elisabeth Oswald
Copyright Year
2014
Publisher
Springer Berlin Heidelberg
Book
Fast Software Encryption

Print ISBN: 978-3-662-43932-6

Electronic ISBN: 978-3-662-43933-3

Copyright Year: 2014

DOI
https://doi.org/10.1007/978-3-662-43933-3_22

Premium Partner

    Image Credits