Variety of Scalable Shuffling Countermeasures against Side Channel Attacks
DOI:
https://doi.org/10.13052/2245-1439.532Keywords:
Side channel analysis, countermeasures, hiding techniques, shuffling countermeasure, microcontroller, AES, lightweight shufflingAbstract
IoT devices have very strong requirements on all the resources such as memory, randomness, energy and execution time. This paper proposes a number of scalable shuffling techniques as countermeasures against side channel analysis. Some extensions of an existing technique called Random Start Index (RSI) are suggested in this paper. Moreover, two new shuffling techniques Reverse Shuffle (RS) and Sweep Swap Shuffle (SSS) are described within their possible extensions. Extensions of RSI, RS and SSS might be implemented in a constrained environment with a small data and time overhead. Each of them might be implemented using different amount of randomness and thus, might be fine-tuned according to requirements and constraints of a cryptographic system such as time, memory, available number of random bits, etc. RSI, RS, SSS and their extensions are described using SubBytes operation of AES-128 block cipher as an example, but they might be used with different operations of AES as well as with other algorithms. This paper also analyses RSI, RS and SSS by comparing their properties such as number of total permutations that might be generated using a fixed number of random bits, data complexity, time overhead and evaluates their resistance against some known side-channel attacks such as correlation power analysis and template attack. Several of proposed shuffling schemes are implemented on a 8-bit microcontroller that uses them to shuffle the first and the last rounds of AES-128.
Downloads
References
Bhasin, S., Bruneau, N., Danger, J.-L., Guilley, S., and Najm, Z. (2014). “Analysis and improvements of the dpa contest v4 implementation,” in Security, Privacy, and Applied Cryptography Engineering, eds R. S. Chakraborty, V. Matyas, and P. Schaumont (Cham: Springer), 201–218.
Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., et al. (2007). “Present: an ultralightweight block cipher,” in Proceedings of the 9th International Workshop Cryptographic: Hardware and Embedded Systems-CHES, 2007, eds P. Paillier and I. Verbauwhede (Berlin: Springer), 450–466.
Brier, E., Clavier, C., and Olivier, F. (2004). “Correlation power analysis with a leakage model,” in Cryptographic Hardware and Embedded Systems-CHES 2004, eds M. Joye, and J. J. Quisquater (Berlin: Springer), 16–29.
Bruneau, N., Guilley, S., Heuser, A., Rioul, O., Standaert, F.-X., and Teglia, Y. (2016). “Taylor expansion of maximum likelihood attacks for masked and shuffled implementations,” in Proceedings of the Advances in Cryptology – ASIACRYPT 2016 – 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, Lecture Notes in Computer Science, Vol. 10031, eds J. H. Cheon and T. Takagi (Berlin: Springer), 573–601.
Chari, S., Rao, J. R., and Rohatgi, P. (2002). “Template attacks,” in eds B. S. Kaliski Jr., Çetin Kaya Koç, and C. Paar, Proceedings of the 4th International Workshop: Cryptographic Hardware and Embedded Systems – CHES 2002, Redwood Shores, CA, USA, August 13–15, 2002: Lecture Notes in Computer Science, Vol. 2523, (Berlin: Springer), 13–28.
Coron, J.-S., Kocher, P., and Naccache, D. (2001). “Statistics and secret leakage,” in Financial Cryptography, ed. Y. Frankel (Berlin: Springer), 157–173.
Herbst, C., Oswald, E., and Mangard, S. (2006). “An AES smart card implementation resistant to power analysis attacks,” in Proceedings of the 4th International Conference, ACNS 2006: Applied Cryptography and Network Security, Singapore, June 6–9, 2006: Lecture Notes in Computer Science, Vol. 3989, eds J. Zhou, M. Yung, and F. Bao (Berlin: Springer), 239–252.
Kocher, P., Jaffe, J., and Jun, B. (1999). “Differential power analysis,” in Proceedings of the Advances in Cryptology-CRYPTO’99, (Berlin: Springer), 388–397.
P. C. Kocher. (1996). “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Proceedings of the CRYPTO: Lecture Notes in Computer Science, Vol. 1109, ed. N. Koblitz (Berlin: Springer), 104–113.
Lerman, L., Bontempi, G., and Markowitch, O. (2015). A machine learning approach against a masked AES – reaching the limit of side-channel attacks with a learning model. J. Cryptogr. Eng. 5, 123–139.
L. Lerman, S. Fernandes Medeiros, G. Bontempi, and O. Markowitch. (). “A machine learning approach against a masked AES,” in Proceedings of the 12th International Conference, CARDIS 2013: Smart Card Research and Advanced Applications, Berlin, Germany, November 27–29, 2013. Revised Selected Papers, Lecture Notes in Computer Science, Vol. 8419, eds A. Francillon and P. Rohatgi (Berlin: Springer), 61–75.
Mangard, S., Oswald, E., and Popp, T. (2008). Power Analysis Attacks: Revealing the Secrets of Smart Cards, Vol. 31. Berlin: Springer Science & Business Media.
Fernandes Medeiros, S.(2012). “The schedulability of aes as a countermeasure against side channel attacks,” in Proceedings of the SPACE: Lecture Notes in Computer Science, Vol. 7644, eds A. Bogdanov and S. K. Sanadhya (Berlin: Springer), 16–31.
Medwed, M., Standaert, F.-X., Großsch¨adl, J., and Regazzoni, F. (2010). “Fresh re-keying: security against side-channel and fault attacks for low-cost devices,” in Proceedings of the Progress in Cryptology–AFRICACRYPT 2010, (Berlin: Springer), 279–296.
Moradi, A., Mischke, O., and Paar, C. (2011). “Practical evaluation of dpa countermeasures on reconfigurable hardware,” in Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), (Piscataway, NJ: IEEE), 154–160.
NIST FIPS PUB. 46-3. (1977). NIST FIPS PUB. 46-3 data encryption standard. Federal Information Processing Standards. Gaithersburg, MD: National Institute of Standards and Technology.
TELECOM ParisTech SEN Research Group (2013). DPA Contest. Availble at: http://www.dpacontest.org
Rivain, M., Prouff, E., and Doget, J. (2009). “Higher-order masking and shuffling for software implementations of block ciphers,” in C. Clavier and K. Gaj, Proceedings of the 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009: Cryptographic Hardware and Embedded Systems – CHES 2009: Lecture Notes in Computer Science, Vol. 5747, (Berlin: Springer), 171–188.
Schneier, B. (1994). “Description of a new variable-length key, 64-bit block cipher (blowfish),” in Fast Software Encryption, ed. R. Anderson (Berlin: Springer), 191–204.
Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., et al. (2010). “The world is not enough: Another look on second-order dpa,” in Proceedings of the Advances in Cryptology-ASIACRYPT 2010, (Berlin: Springer), 112–129.
Tillich, S., Herbst, C., and Mangard, S. (2007). “Protecting AES software implementations on 32-bit processors against power analysis,” in Proceedings of the 5th International Conference: Applied Cryptography and Network Security, ACNS 2007, Zhuhai, China, June 5–8, 2007: Lecture Notes in Computer Science, Vol. 4521, eds J. Katz and M. Yung (Berlin: Springer), 141–157.
Veshchikov, N. (2014). “Silk: High level of abstraction leakage simulator for side channel analysis,” in Proceedings of the 4th Program Protection and Reverse Engineering Workshop, PPREW-4, (New York, NY: ACM), 3:1–3:11.
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., and Standaert, F.-X. (2012). “Shuffling against side-channel attacks: a comprehensive study with cautionary note” in Proceedings of the Advances in Cryptology ASIACRYPT 2012: Lecture Notes in Computer Science, Vol. 7658, eds X. Wang and K. Sako (Berlin: Springer), 740–757.
