Side-Channel Attack on Substitution Blocks
We describe a side-channel attack on a substitution block, which is usually implemented as a table lookup operation. In particular, we have investigated smartcard implementations. The attack is based on the identifying equal intermediate results from power measurements while the actual values of these intermediates remain unknown. A powerful attack on substitution blocks can be mounted if the same table is used in multiple iterations and if cross-iteration comparisons are possible. Adversaries can use the method as a part of reverse engineering tools on secret algorithms. In addition to the described method, other methods have to be employed to completely restore the algorithm and its accompanying secret key. We have successfully used the method in a demonstration attack on a secret authentication and session-key generation algorithm implemented on SIM cards in GSM networks. The findings provide guidance for designing smartcard solutions that are secure against this kind of attack.
Unable to display preview. Download preview PDF.
- 1.Kocher, P.: Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 2.Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- 3.Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s): Attacks and Assessment Methodologies. In: Cryptographic Hardware and Embedded Systems – CHES 2002 (2002)Google Scholar
- 5.Rao, J.R., Rohatgi, P., Scherzer, H., Tinguely, S.: Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, California, May 12-15, 2002, pp. 31–44. IEEE Computer Society, Los Alamitos (2002)Google Scholar
- 7.Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: Proceedings of the USENIX Workshop on Smartcard Technology – Smartcard, Chicago, Illinois, May 10-11, USENIX Association, pp. 9–20 (1999)Google Scholar
- 9.Tanenbaum, A.S.: Computer Networks. Prentice Hall PTR, Englewood Cliffs (2002)Google Scholar
- 10.Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Countermeasures to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar