First-Order Side-Channel Attacks on the Permutation Tables Countermeasure

  • Emmanuel Prouff
  • Robert McEvoy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)

Abstract

The use of random permutation tables as a side-channel attack countermeasure was recently proposed by Coron [5]. The countermeasure operates by ensuring that during the execution of an algorithm, each intermediate variable that is handled is in a permuted form described by the random permutation tables. In this paper, we examine the application of this countermeasure to the AES algorithm as described in [5], and show that certain operations admit first-order side-channel leakage. New side-channel attacks are developed to exploit these flaws, using correlation-based and mutual information-based methods. The attacks have been verified in simulation, and in practice on a smart card.

Keywords

Side-Channel Attacks Permutation Tables CPA MIA Masking 
Download to read the full conference paper text

References

  1. 1.
    Aumonier, S.: Generalized Correlation Power Analysis. Published in the Proceedings of the Ecrypt Workshop Tools For Cryptanalysis 2007(2007)Google Scholar
  2. 2.
    Blömer, J., Merchan, J.G., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Coron, J.-S.: A New DPA Countermeasure Based on Permutation Tables. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 278–292. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Coron, J.-S., Giraud, C., Prouff, E., Rivain, M.: Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 1–14. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Fumaroli, G., Mayer, E., Dubois, R.: First-Order Differential Power Analysis on the Duplication method. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 210–223. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Golić, J., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Joye, M., Paillier, P., Schoenmakers, B.: On Second-order Differential Power Analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 293–308. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  13. 13.
    Messerges, T.S.: Using Second-order Power Analysis to Attack DPA Resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Piret, G., Standaert, F.-X.: Security Analysis of Higher-Order Boolean Masking Schemes for Block Ciphers (with Conditions of Perfect Masking). IET Information Security 2(1), March 1–11 (2008)Google Scholar
  15. 15.
    Prouff, E., McEvoy, R.: First-Order Side-Channel Attacks on the Permutation Tables Countermeasure — Extended Version. To appear on the Cryptology ePrint Archive (2009), http://eprint.iacr.org
  16. 16.
    Prouff, E., Rivain, M.: Theoretical and Practical Aspects of Mutual Information Based Side Channel Analysis. In: Abdalla, M., et al. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 502–521. Springer, Heidelberg (2009)Google Scholar
  17. 17.
    Prouff, E., Rivain, M., Bévan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Transactions on Computers 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Soong, T.T.: Fundamentals of Probability and Statistics for Engineers, 3rd edn. John Wiley & Sons, Ltd, Chichester (2004)MATHGoogle Scholar
  19. 19.
    Waddle, J., Wagner, D.: Toward Efficient Second-order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Emmanuel Prouff
    • 1
  • Robert McEvoy
    • 2
  1. 1.Oberthur TechnologiesFrance
  2. 2.Claude Shannon Institute for Discrete Mathematics, Coding and CryptographyUniversity College CorkIreland

Personalised recommendations