Improved first-order power analysis attacks on low entropy masking schemes
Author
Cozzens, Brennan G.Other Contributors
Yener, Bülent, 1959-; Abouzeid, Alhussein A.; Le Coz, Yannick L.;Date Issued
2015-05Subject
Electrical engineeringDegree
MS;Terms of Use
This electronic version is a licensed copy owned by Rensselaer Polytechnic Institute, Troy, NY. Copyright of original work retained by author.; Attribution-NonCommercial-NoDerivs 3.0 United StatesMetadata
Show full item recordAbstract
We validate the efficiency of this attack using side-channel measurements publicly available from the DPA Contest V4. We demonstrate that an attack modeling leakage using leakage sets can recover an encryption key with efficacy comparable to an attack on an unprotected device. The leakage set model can be used in combination with mutual information analysis (MIA) and Kolmogorov-Smirnov analysis (KSA). MIA using a leakage set model can successfully recover a key using 52.1% - 53.5% of the leakage measurements needed to achieve similar results using MIA with a Hamming weight model. Likewise, leakage sets require as low as 16.4% - 16.6% of the measurements needed to perform a successful KSA using a Hamming weight model.; Masking countermeasures are effective methods of protecting encryption algorithms from side-channel attacks; however, a masked cipher incurs a significant overhead in performance and memory consumption. Low entropy masking schemes (LEMS) have been proposed to provide a significant reduction in the overhead associated with masking while maintaining resistance to side-channel attacks. While effectively eliminating the linear dependence between the sensitive data on a cryptographic device and the information leakage, LEMS permit non-linear residual leakage to remain.; Previous works have demonstrated attacks that exploit this non-linear leakage; however, each prior investigation fails to demonstrate an attack with efficacy comparable to an attack on an unprotected device. In this work, we demonstrate a non-profiled, univariate attack on LEMS that models the information leakage based on the set of all values leaked by a device with a given internal state. This leakage set model can lend a significant advantage to an attacker over commonly used models such as the Hamming weight model.;Description
May 2015; School of EngineeringDepartment
Dept. of Electrical, Computer, and Systems Engineering;Publisher
Rensselaer Polytechnic Institute, Troy, NYRelationships
Rensselaer Theses and Dissertations Online Collection;Access
CC BY-NC-ND. Users may download and share copies with attribution in accordance with a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. No commercial use or derivatives are permitted without the explicit approval of the author.;Collections
Except where otherwise noted, this item's license is described as CC BY-NC-ND. Users may download and share copies with attribution in accordance with a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. No commercial use or derivatives are permitted without the explicit approval of the author.