Templates as Master Keys
- 2.4k Downloads
We introduce two new attacks: the single-bit template attack and the template-enhanced DPA attack. The single-bit template attack can be used very effectively to classify even single bits in a single side channel sample with a high probability of correctness. The template-enhanced DPA attack, combines traditional DPA with single-bit template attacks to show that if an adversary has access to a test card with even a slightly biased RNG, then he/she can break protected cryptographic implementations on a target card even if they have perfect RNGs. In support of our claim, we report results from experiments on breaking two implementations of DES and AES protected by the masking countermeasure running on smartcards of different manufacturers.
In light of these results, the threat of template attacks, generally viewed as intrinsically difficult to mount, needs to be reconsidered.
KeywordsTest Device Target Device Entropy Loss Test Card Template Attack
- [BNSQ03]Bohy, L., Neve, M., Samyde, D., Quisquater, J.-J.: Principal and Independent Component Analysis for Crypto-systems with Hardware Unmasked Units. In: e-Smart 2003 (2003)Google Scholar
- [CJR+99]Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
- [KJJ99]Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis: Leaking Secrets. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- [Koc96]Kocher, P.: Timing Attacks on Implementations of Diffie-Hellmann, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- [MDS99]Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, pp. 151–162 (1999)Google Scholar