ABSTRACT
Secure implementations against side channel attacks usually combine hiding and masking protections in software implementations. In this work, we focus on desynchronization protection which is considered as a hiding countermeasure. The idea of desynchronization is to obtain a non-predictable offset of the attacking point in terms of time dimension. For this purpose, we present exploiting pattern-recognition methods to filter interesting points for obtaining a successful side channel attack. Using this tool as a case study, we completely cancel the desynchronization effect of the CHES 2009/2010 countermeasure [2, 3]. Moreover, 25k traces are needed for a successful key recoveries in case of polymorphism-based countermeasure [4].
- Agosta, G., Barenghi, A., and Pelosi, G. A code Morphing Methodology to Automate Power Analysis Countermeasures. In Proceedings of the 49th Annual Design Automation Conference (2012), ACM, pp. 77--82. Google ScholarDigital Library
- Coron, J.-S., and Kizhvatov, I. An Efficient Method for Random Delay Generation in Embedded Software. In Cryptographic Hardware and Embedded Systems-CHES 2009. Springer, 2009, pp. 156--170. Google ScholarDigital Library
- Coron, J.-S., and Kizhvatov, I. Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In International Workshop on Cryptographic Hardware and Embedded Systems (2010), Springer, pp. 95--109. Google ScholarDigital Library
- Couroussé, D., Barry, T., Robisson, B., Jaillon, P., Potin, O., and Lanet, J.-L. Runtime Code Polymorphism as a Protection Against Side Channel Attacks. In IFIP International Conference on Information Security Theory and Practice (2016), Springer, pp. 136--152.Google ScholarCross Ref
- Durvaux, F., Renauld, M., Standaert, F.-X., tot Oldenzeel, L. v. O., and Veyrat-Charvillon, N. Cryptanalysis of the CHES 2009/2010 Random Delay Countermeasure. IACR Cryptology ePrint Archive 2012 (2012), 38.Google Scholar
- Heron, S. Advanced Encryption Standard (AES). Network Security 2009, 12 (2009), 8--12. Google ScholarDigital Library
- Rivain, M., Prouff, E., and Doget, J. Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers. In Cryptographic Hardware and Embedded Systems-CHES 2009. Springer, 2009, pp. 171--188. Google ScholarDigital Library
- STmicroelectronics. UM0919 User Manual. http://www.st.com/content/ccc/resource/technical/document/user_manual/f3/16/fb/63/d6/3d/45/aa/CD00267113.pdf/files/CD00267113.pdf/jcr:content/translations/en.CD00267113.pdf.Google Scholar
- Strobel, D., and Paar, C. An Efficient Method for Eliminating Random Delays in Power Traces of Embedded Software. In International Conference on Information Security and Cryptology (2011), Springer, pp. 48--60. Google ScholarDigital Library
- Filtering-based CPA: a successful side-channel attack against desynchronization countermeasures
Recommendations
Hop-count filtering: an effective defense against spoofed DDoS traffic
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityIP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, ...
IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks
Distributed Denial of Service (DDoS) is one of the most difficult security problems to address. While many existing techniques (e.g., IP traceback) focus on tracking the location of the attackers after-the-fact, little is done to mitigate the effect of ...
Region-based BGP announcement filtering for improved BGP security
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityBGP prefix hijacking is a serious security threat on the Internet. In this paper we propose a region-based BGP announcement filtering scheme (RBF) to improve the BGP security. In contrast to existing solutions that indifferently prevent or detect prefix ...
Comments