On the Vulnerability of Low Entropy Masking Schemes
Low Entropy Masking Schemes (LEMS) have been proposed to offer a reasonable tradeoff between the good protection against side-channel attacks offered by masking countermeasures and the high overhead that results from their implementation. Besides the limited analysis done in the original proposals of LEMS, their specific leakage characteristics have not yet been analyzed. This work explores the leakage behavior of these countermeasures and shows two different methods how the leakage can be exploited, even by generic univariate attacks. In particular, an attack that exploits specific properties of RSM for AES as well as a more generic attack making very little assumptions about the underlying LEMS are introduced. All attacks are practically verified by applying them to publicly available leakage samples of the RSM countermeasure.
KeywordsUnderlying Distribution Side Channel Attack Collision Attack Leakage Model Template Attack
We would like to thank the reviewers for the helpful comments. This material is based upon work supported by the National Science Foundation under Grant No. 1261399.
- 1.The dpa contest v4. http://www.dpacontest.org/v4/
- 2.Bhasin, S., He, W., Guilley, S., Danger, J.-L.: Exploiting fpga block memories for protected cryptographic implementations. In: 2013 8th International Workshop on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC) (2013)Google Scholar
- 13.Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset scas. In: Design, Automation Test in Europe Conference Exhibition (DATE) (2012)Google Scholar
- 17.Schaumont, P., Tiri, K.: Masking and dual-rail logic don’t add up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007)Google Scholar