Advertisement

Securing the AES Finalists Against Power Analysis Attacks

  • Thomas S. Messerges
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)

Abstract

Techniques to protect software implementations of the AES candidate algorithms from power analysis attacks are investigated. New countermeasures that employ random masks are developed and the performance characteristics of these countermeasures are analyzed. Implementations in a 32-bit, ARM-based smartcard are considered.

Keywords

Block Cipher Advance Encryption Standard Fundamental Operation Differential Power Analysis Advance Encryption Standard Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Carolynn Burwick, Don Coppersmith, Edward D'Avignon, Rosario Gennaro, Shai Halevi, Charanjit Jutla, Stephen M. Matyas Jr., Luke O'Connor, Mohammad Peyravian, David Safford and Nevenko Zunic, ldMARS-a candidate cipher for AES,” IBM Corporation, AES submission available at: http://www.nist.gov/aes.
  2. 2.
    Ronald L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin, “The RC6 Block Cipher,” AES submission available at: http://www.nist.gov/aes.
  3. 3.
    Joan Daemen and Vincent Rijmen, “The Rijndael Block Cipher,” AES submission available at: http://www.nist.gov/aes.
  4. 4.
    Ross Anderson, Eli Biham and Lars Knudsen, “Serpent: A Proposal for the Advanced Encryption Standard,” AES submission available at: http://www.nist.gov/aes.
  5. 5.
    Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall and Niels Ferguson, “Twofish: A 128-Bit Block Cipher,” AES submission available at: http://www.nist.gov/aes.
  6. 6.
    Ross Anderson, “Why Cryptosystems Fail,” in Proceedings of 1st ACM Conference on Computer and Communications Security, ACM Press, November 1993, pp. 215–227.Google Scholar
  7. 7.
    R. Mitchell, “The Smart Money is on Smart Cards: Digital Cash for Use in Pay Phones,” Business Week, no. 3437, August 14, 1995, p. 68.Google Scholar
  8. 8.
    D. Maloney, “Progress of Card Technologies in Health Care,” CardTech/SecurTech 1998 Conference Proceedings, Vol. 2, April 1998, pp. 333–351.Google Scholar
  9. 9.
    D. Fleishman, “Transit Cooperative Research Program Study: Potential of Multipurpose Fare Media,” CardTech/SecurTech 1998 Conference Proceedings, Vol. 2, April 1998, pp. 755–769.Google Scholar
  10. 10.
    David M. Goldschlag and David W. Kravitz, “Beyond Cryptographic Conditional Access,” Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 87–91.Google Scholar
  11. 11.
    R. J. Merkert, Sr., “Using Smartcards to Control Internet Security,” CardTech/SecurTech 1999 Conference Proceedings, May 1999, pp. 815–824.Google Scholar
  12. 12.
    N. Itoi and P. Honeyman, “Smartcard Integration with Kerberos V5,” Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 51–61.Google Scholar
  13. 13.
    F. J. Valente, “Tracking Visitors in the Brazilian Coffee Palace Using Contactless Smartcards,” CardTech/SecurTech 1998 Conference Proceedings, Vol. 2, April 1998, pp. 307–313.Google Scholar
  14. 14.
    Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis,” Proceedings of Advances in Cryptology-CRYPTO’ 99, Springer-Verlag, 1999, pp. 388–397.Google Scholar
  15. 15.
    Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,” Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 151–161.Google Scholar
  16. 16.
    Paul Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” in Proceedings of Advances in Cryptology-CRYPTO’ 96, Springer-Verlag, 1996, pp. 104–113.Google Scholar
  17. 17.
    J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestré, J-J. Quisquater and J. L. Willems, “A Practical Implementation of the Timing Attack,” in Proceedings of CARDIS 1998, Sept. 1998.Google Scholar
  18. 18.
    D. Boneh and R. A. Demillo and R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” in Proceedings of Advances in Cryptology-Eurocrypt’ 97, Springer-Verlag, 1997, pp. 37–51.Google Scholar
  19. 19.
    Eli Biham and Adi Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” in Proceedings of Advances in Cryptology-CRYPTO’ 97, Springer-Verlag, 1997, pp. 513–525.Google Scholar
  20. 20.
    W. van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk,” Computers and Security, v. 4, 1985, pp. 269–286.CrossRefGoogle Scholar
  21. 21.
    J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Side Channel Cryptanalysis of Product Ciphers,” in Proceedings of ESORICS’ 98, Springer-Verlag, September 1998, pp. 97–110.Google Scholar
  22. 22.
    Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpa/technical, 1998.
  23. 23.
    Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards,” Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 144–157.Google Scholar
  24. 24.
    Jean-Sébastien Coron, “Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems,” Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 292–302.Google Scholar
  25. 25.
    Eli Biham, Adi Shamir, “Power Analysis of the Key Scheduling of the AES Candidates,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
  26. 26.
    S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
  27. 27.
    Joan Daemen and Vincent Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
  28. 28.
    Suresh Chari, Charanjit S. Jutla, Josyula R. Rao and Pankaj J. Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks,” Proceedings of Advances in Cryptology-CRYPTO’ 99, Springer-Verlag, 1999, pp. 398–412.Google Scholar
  29. 29.
    Louis Goubin and Jacques Patarin, “DES and Differential Power Analysis-The Duplication Method,” Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 158–172.Google Scholar
  30. 30.
    Paul N. Fahn and Peter K. Pearson, “IPA: A New Class of Power Attacks,” Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 173–186.Google Scholar
  31. 31.
    NIST, “CD-3: AES Finalists,” http://csrc.nist.gov/encryption/aes/round2/aescdrom.htm, October 1999.
  32. 32.
    G. Hachez, F. Koeune, J-J. Quisquater, “cAESar Results: Implementation of Four AES Candidates on Two Smart Cards,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Thomas S. Messerges
    • 1
  1. 1.Motorola Labs, MotorolaSchaumburg

Personalised recommendations