ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

New Type of Collision Attack on First-Order Masked AESs

  • Kim, Hee Seok (Dept. of Advanced KREONET Security Service, Korea Institute of Science and Technology Information, University of Science and Technology) ;
  • Hong, Seokhie (School of Information Security, Korea University)
  • Received : 2014.07.15
  • Accepted : 2015.11.23
  • Published : 2016.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

This paper introduces a new type of collision attack on first-order masked Advanced Encryption Standards. This attack is a known-plaintext attack, while the existing collision attacks are chosen-plaintext attacks. In addition, our method requires significantly fewer power measurements than any second-order differential power analysis or existing collision attacks.

Keywords

References

  1. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Int. Cryptology Conf., Santa Barbara, CA, USA, Aug. 15-19, 1999, pp. 388-397.
  2. H. Kim, D.-G. Han, and S. Hong, "First-Order Side Channel Attacks on Zhang's Countermeasures," Inf. Sci., vol. 181, no. 18, Sept. 2011, pp. 4051-4060. https://doi.org/10.1016/j.ins.2011.04.049
  3. M.-L. Akkar and C. Giraud, "An Implementation of DES and AES, Secure against Some Attacks," Int. Workshop Cryptographic Hardware Embedded Syst., Paris, France, 2001, pp. 309-318.
  4. J. Blomer, J. Guajardo, and V. Krummel, "Provably Secure Masking of AES," Int. Workshop Sel. Areas Cryptography, Waterloo, Canada, Aug. 9-10, 2004, pp. 69-83.
  5. C. Herbst, E. Oswald, and S. Mangard, "An AES Smart Card Implementation Resistant to Power Analysis Attacks," Int. Conf. Appl. Cryptography Netw. Security, Singapore, June 6-9, 2006, pp. 239-252.
  6. H. Kim et al., "Efficient Masked Implementation for SEED Based on Combined Masking," ETRI J., vol. 33, no. 2, Apr. 2011, pp. 267-274. https://doi.org/10.4218/etrij.11.1510.0112
  7. H. Kim et al., "Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES," ETRI J., vol. 32, no. 3, June 2010, pp. 370-379. https://doi.org/10.4218/etrij.10.0109.0181
  8. E. Oswald et al., "A Side-Channel Analysis Resistant Description of the AES S-Box," Int. Workshop Fast Softw. Encryption, Paris, France, Feb. 21-23, 2005, pp. 413-423.
  9. E. Oswald and K. Schramm, "An Efficient Masking Scheme for AES Software Implementations," Int. Workshop Inf. Security Appl., Jeju Island, Rep. of Korea, Aug. 22-24, 2005, pp. 292-305.
  10. M. Joye, P. Paillier, and B. Schoenmakers, "On Second-Order Differential Power Analysis," Int. Workshop Cryptographic Hardware Embedded Syst., Edinburgh, UK, Aug. 29-Sept. 1, 2005, pp. 293-308.
  11. T. Messerges, "Using Second-Order Power Analysis to Attack DPA Resistant Software," Int. Workshop Cryptographic Hardware Embedded Syst., Worcester, MA, USA, Aug. 17-18, 2000, pp. 238-251.
  12. E. Oswald et al., "Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers," Cryptographers' Track RSA Conf., San Jose, CA, USA, Feb. 13-17, 2005, pp. 192-207.
  13. E. Prouff, M. Rivain, and R. Bevan, "Statistical Analysis of Second Order Differential Power Analysis," IEEE Trans. Comput., vol. 58, no. 6, June 2009, pp. 799-811. https://doi.org/10.1109/TC.2009.15
  14. K. Schramm and C. Paar, "Higher Order Masking of the AES," Cryptographers' Track RSA Conf., San Jose, CA, USA, Feb. 13-17, 2005, pp. 208-225.
  15. A. Bogdanov, "Improved Side-Channel Collision Attacks on AES," Int. Workshop Sel. Areas Cryptography, Ottawa, Canada, Aug. 16-17, 2007, pp. 84-95.
  16. C. Clavier et al., "Improved Collision-Correlation Power Analysis on First Order Protected AES," Int. Workshop Cryptographic Hardware Embedded Syst., Nara, Japan, Sept. 28-Oct. 1, 2011, pp. 49-62.
  17. A. Moradi, O. Mischke, and T. Eisenbarth, "Correlation-Enhanced Power Analysis Collision Attack," Int. Workshop Cryptographic Hardware Embedded Syst., Santa Barbara, CA, USA, Aug. 17-20, 2010, pp. 125-139.
  18. K. Schramm et al., "A Collision-Attack on AES: Combining Side Channel- and Differential-Attack," Int. Workshop Cryptographic Hardware Embedded Syst., Cambridge, MA, USA, Aug. 11-13, 2004, pp. 163-175.
  19. J. Daemen and V. Rijmen, AES Proposal: Rijndael, NIST, US Department of Commerce, 1999. Accessed Jan. 14, 2016. http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
  20. G. Welchman, "The Hut Six Story: Breaking the Enigma Codes," New York: McGraw-Hill, 1982.
  21. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST, US Department of Commerce, 2007. Accessed Jan. 14, 2016. http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
  22. C. Adams and S. Tavares, "The Structured Design of Cryptographically Good S-Boxes," J. Cryptology, vol. 3, no. 1, Jan. 1990, pp. 27-41. https://doi.org/10.1007/BF00203967
  23. L. O'Connor, "On the Distribution of Characteristics in Bijective Mappings," J. Cryptology, vol. 8, no. 2, Mar. 1995, pp. 67-86. https://doi.org/10.1007/BF00190756
  24. ARM Limited, ARM7TDMI Tech. Reference Manual (revision r4p1), ARM, 2001. Accessed Jan. 14, 2016. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0210c/DDI0210B.pdf
  25. Virtual Applications and Implementations Research Lab, eBACS: ECRYPT Benchmarking of Cryptographic Systems, 2015. Accessed Jan. 14, 2016. http://bench.cr.yp.to/results-stream.html
  26. L. Genelle, E. Prouff, and M. Quisquater, "Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings," Int. Workshop Cryptographic Hardware Embedded Syst., Nara, Japan, Sept. 28-Oct. 1, 2011, pp. 240-255.
  27. H. Kim, S. Hong, and J. Lim, "A Fast and Provably Secure Higher-Order Masking of AES S-Box," Int. Workshop Cryptographic Hardware Embedded Syst., Nara, Japan, Sept. 28-Oct. 1, 2011, pp. 95-107.
  28. E. Oswald and S. Mangard, "Template Attacks on Masking-Resistance is Futile," Cryptographers' Track RSA Conf., San Francisco, CA, USA, Feb. 5-9, 2007, pp. 243-256.
  29. M. Tunstall, C. Whitnall, and E. Oswald, "Masking Tables - An Underestimated Security Risk," Int. Workshop Fast Softw. Encryption, Singapore, Mar. 11-13, 2013, pp. 425-444.

Cited by

  1. A new method for resisting collision attack based on parallel random delay S-box vol.16, pp.11, 2016, https://doi.org/10.1587/elex.16.20190192
  2. Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor vol.9, pp.7, 2016, https://doi.org/10.3390/app9071438
  3. Special Issue on “Side Channel Attacks” vol.9, pp.9, 2016, https://doi.org/10.3390/app9091881