Using Second-Order Power Analysis to Attack DPA Resistant Software
نویسنده
چکیده
Under a simple power leakage model based on Hamming weight, a software implementation of a data-whitening routine is shown to be vulnerable to a first-order Differential Power Analysis (DPA) attack. This routine is modified to resist the first-order DPA attack, but is subsequently shown to be vulnerable to a second-order DPA attack. A second-order DPA attack that is optimal under certain assumptions is also proposed. Experimental results in an ST16 smartcard confirm the practicality of the first and second-order DPA attacks.
منابع مشابه
Principles on the Security of AES against First and Second-Order Differential Power Analysis
Differential Power Analysis (DPA) is a powerful and practical technique used to attack a cryptographic implementation in a resourcelimited application environment. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How far should we protect the first and last parts of AES in order to resist practical DPA attacks, namely first and second-o...
متن کاملA new CPA resistant software implementation for symmetric ciphers with smoothed power consumption: SIMON case study
In this paper we propose a new method for applying hiding countermeasure against CPA attacks. This method is for software implementation, based on smoothing power consumption of the device. This method is evaluated on the SIMON scheme as a case study; however, it is not relying on any specific SIMON features. Our new method includes only AND equivalent and XOR equivalent operations since every ...
متن کاملPractical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers
In this article we describe an improved concept for secondorder differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount secondorder DPA attacks in a rather simple way: a second-order DPA attack consists of a pre-processing step and a DPA step. Therefore, our way of performing second-order DPA attacks allows to easily assess th...
متن کاملPractical Second - Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA
© 2010 ETRI Journal, Volume 32, Number 1, February 2010 Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-randominitial-point algorithm on elliptical curve cryptosystems. It is known to ...
متن کاملSecure Adiabatic Logic: a Low-Energy DPA-Resistant Logic Style
The charge recovery logic families have been designed several years ago not in order to eliminate the side-channel leakage but to reduce the power consumption. However, in this article we present a new charge recovery logic style not only to gain high energy efficiency but also to achieve the resistance against side-channel attacks (SDA) especially against differential power analysis (DPA) atta...
متن کامل