1,672 research outputs found
Power Side Channels in Security ICs: Hardware Countermeasures
Power side-channel attacks are a very effective cryptanalysis technique that
can infer secret keys of security ICs by monitoring the power consumption.
Since the emergence of practical attacks in the late 90s, they have been a
major threat to many cryptographic-equipped devices including smart cards,
encrypted FPGA designs, and mobile phones. Designers and manufacturers of
cryptographic devices have in response developed various countermeasures for
protection. Attacking methods have also evolved to counteract resistant
implementations. This paper reviews foundational power analysis attack
techniques and examines a variety of hardware design mitigations. The aim is to
highlight exposed vulnerabilities in hardware-based countermeasures for future
more secure implementations
Formal Analysis of Non-profiled Deep-learning Based Side-channel Attacks
This paper formally analyzes two major non-profiled deep-learning-based side-channel attacks (DL-SCAs): differential deep-learning analysis (DDLA) by Timon and collision DL-SCA by Staib and Moradi. These DL-SCAs leverage supervised learning in non-profiled scenarios. Although some intuitive descriptions of these DL-SCAs exist, their formal analyses have been rarely conducted yet, which makes it unclear why and when the attacks succeed and how the attack can be improved. In this paper, we provide the first information-theoretical analysis of DDLA. We reveal its relevance to the mutual information analysis (MIA), and then present three theorems stating some limitations and impossibility results of DDLA. Subsequently, we provide the first probability-theoretical analysis on collision DL-SCA. After presenting its formalization with a proposal of our distinguisher for collision DL-SCA, we prove its optimality. Namely, we prove that the collision DL-SCA using our distinguisher theoretically maximizes the success rate if the neural network (NN) training is completely successful (namely, the NN completely imitates the true conditional probability distribution). Accordingly, we propose an improvement of the collision DL-SCA based on a dedicated NN architecture and a full-key recovery methodology using multiple neural distinguishers. Finally, we experimentally evaluate non-profiled (DL-)SCAs using a newly created dataset using publicly available first-order masked AES implementation. The existing public dataset of side-channel traces is insufficient to evaluate collision DL-SCAs due to a lack of substantive side-channel traces for different key values. Our dataset enables a comprehensive evaluation of collision (DL-)SCAs, which clarifies the current situation of non-profiled (DL-)SCAs
Balanced Encoding of Near-Zero Correlation for an AES Implementation
Power analysis poses a significant threat to the security of cryptographic
algorithms, as it can be leveraged to recover secret keys. While various
software-based countermeasures exist to mitigate this non-invasive attack, they
often involve a trade-off between time and space constraints. Techniques such
as masking and shuffling, while effective, can noticeably impact execution
speed and rely heavily on run-time random number generators. On the contrary,
internally encoded implementations of block ciphers offer an alternative
approach that does not rely on run-time random sources, but it comes with the
drawback of requiring substantial memory space to accommodate lookup tables.
Internal encoding, commonly employed in white-box cryptography, suffers from a
security limitation as it does not effectively protect the secret key against
statistical analysis. To overcome this weakness, this paper introduces a secure
internal encoding method for an AES implementation. By addressing the root
cause of vulnerabilities found in previous encoding methods, we propose a
balanced encoding technique that aims to minimize the problematic correlation
with key-dependent intermediate values. We analyze the potential weaknesses
associated with the balanced encoding and present a method that utilizes
complementary sets of lookup tables. In this approach, the size of the lookup
tables is approximately 512KB, and the number of table lookups is 1,024. This
is comparable to the table size of non-protected white-box AES-128
implementations, while requiring only half the number of lookups. By adopting
this method, our aim is to introduce a non-masking technique that mitigates the
vulnerability to statistical analysis present in current internally-encoded AES
implementations.Comment: 36 pages, 17 figures, submitte
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
- …