掩码实现的故障辅助侧信道分析

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2018-04-01 DOI:10.1109/HST.2018.8383891

Y. Yao, Mo Yang, C. Patrick, Bilgiday Yuce, P. Schaumont

{"title":"掩码实现的故障辅助侧信道分析","authors":"Y. Yao, Mo Yang, C. Patrick, Bilgiday Yuce, P. Schaumont","doi":"10.1109/HST.2018.8383891","DOIUrl":null,"url":null,"abstract":"Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. We propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis. This attack is practically demonstrated on a RISC-V core for two different masked AES software implementations. We achieve full key recovery using 300 traces and 230 traces for a byte-level masked AES and a bit-sliced masked AES implementation respectively. The proposed attack methodology is independent of the cryptographic kernel. It targets the transfer of random masks into the masked cryptographic algorithm. This paper highlights the vulnerability of random number generation in masked implementations.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"51 1","pages":"57-64"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"Fault-assisted side-channel analysis of masked implementations\",\"authors\":\"Y. Yao, Mo Yang, C. Patrick, Bilgiday Yuce, P. Schaumont\",\"doi\":\"10.1109/HST.2018.8383891\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. We propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis. This attack is practically demonstrated on a RISC-V core for two different masked AES software implementations. We achieve full key recovery using 300 traces and 230 traces for a byte-level masked AES and a bit-sliced masked AES implementation respectively. The proposed attack methodology is independent of the cryptographic kernel. It targets the transfer of random masks into the masked cryptographic algorithm. This paper highlights the vulnerability of random number generation in masked implementations.\",\"PeriodicalId\":6574,\"journal\":{\"name\":\"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"51 1\",\"pages\":\"57-64\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2018.8383891\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2018.8383891","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 31

摘要

屏蔽是一种侧信道对抗技术，它使用随机掩码将敏感的加密变量拆分为多个共享。由于随机掩码是保密的，来自个股的侧通道泄漏不会揭示敏感变量。本文提出了一种利用侧信道分析来识别密码软件中随机掩码的生成和集成的方法。然后，我们通过有针对性的故障注入来消除屏蔽的随机效应，并使用一阶侧信道分析来打破屏蔽对策。这种攻击在RISC-V内核上针对两种不同的掩码AES软件实现进行了实际演示。我们分别对字节级掩码AES和位切片掩码AES实现使用300道和230道来实现全密钥恢复。所提出的攻击方法独立于加密内核。它的目标是将随机掩码传输到掩码加密算法中。本文重点分析了掩码实现中随机数生成的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Fault-assisted side-channel analysis of masked implementations

Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. We propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis. This attack is practically demonstrated on a RISC-V core for two different masked AES software implementations. We achieve full key recovery using 300 traces and 230 traces for a byte-level masked AES and a bit-sliced masked AES implementation respectively. The proposed attack methodology is independent of the cryptographic kernel. It targets the transfer of random masks into the masked cryptographic algorithm. This paper highlights the vulnerability of random number generation in masked implementations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量