Improved Collision-Correlation Power Analysis on First Order Protected AES
نویسندگان
چکیده
The recent results presented by Moradi et al. on AES at CHES 2010 and Witteman et al. on square-and-multiply always RSA exponentiation at CT-RSA 2011 have shown that collision-correlation power analysis is able to recover the secret keys on embedded implementations. However, we noticed that the attack published last year by Moradi et al. is not efficient on correctly first-order protected implementations. We propose in this paper improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques. We present here two new methods and show in practice their real efficiency on two first-order protected AES implementations. We also mention that other symmetric embedded algorithms can be targeted by our new techniques.
منابع مشابه
Principles on the Security of AES against First and Second-Order Differential Power Analysis
Differential Power Analysis (DPA) is a powerful and practical technique used to attack a cryptographic implementation in a resourcelimited application environment. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How far should we protect the first and last parts of AES in order to resist practical DPA attacks, namely first and second-o...
متن کاملEntropy Reduction for the Correlation-Enhanced Power Analysis Collision Attack
Side Channel Attacks are an important attack vector on secure AES implementations. The Correlation-Enhanced Power Analysis Collision Attack by Moradi et al. [13] is a powerful collision attack that exploits leakage caused by collisions in between S-Box computations of AES. The attack yields observations from which the AES key can be inferred. Due to noise, an insufficient number of collisions, ...
متن کاملDifferential Power Analysis: A Serious Threat to FPGA Security
Differential Power Analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher key. Cryptographic security gets compromised if the current waveforms obtained correlate with those from a hypothetical power model of the circuit. As FPGAs are becoming integral parts of embedded systems and increasingly popular for cryptographic applications and...
متن کاملCollision Timing Attack when Breaking 42 AES ASIC Cores
A collision timing attack which exploits the data-dependent timing characteristics of combinational circuits is demonstrated. The attack is based on the correlation collision attack presented at CHES 2010, and the timing attributes of combinational circuits when implementing complex functions, e.g., S-boxes, in hardware are exploited by the help of the scheme used in another CHES 2010 paper nam...
متن کاملCorrelation-Enhanced Power Analysis Collision Attack
Side-channel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of collision attacks can be adapted to efficiently break some masked hardware implementation of the AES which ...
متن کامل