Abstract
This paper presents the results of several successful profiled side-channel attacks against a secure implementation of the RSA algorithm. The implementation was running on a ARM Core SC 100 completed with a certified EAL4+ arithmetic co-processor. The analyses have been conducted by three experts’ teams, each working on a specific attack path and exploiting information extracted either from the electromagnetic emanation or from the power consumption. A particular attention is paid to the description of all the steps that are usually followed during a security evaluation by a laboratory, including the acquisitions and the observations preprocessing which are practical issues usually put aside in the literature. Remarkably, the profiling portability issue is also taken into account and different device samples are involved for the profiling and testing phases. Among other aspects, this paper shows the high potential of deep learning attacks against secure implementations of RSA and raises the need for dedicated countermeasures.
Highlights
Side-channel analysis (SCA) is a class of cryptanalytic attacks that exploit the physical environment of a cryptosystem implementation to recover some leakage about its secrets
This paper shows that the application of advanced profiling attacks like those based on Deep Learning renders security mechanisms against horizontal and address-bit attacks mandatory to achieve a high level of security
The work has been co-jointly done by three different teams, each working on a specific attack path
Summary
Side-channel analysis (SCA) is a class of cryptanalytic attacks that exploit the physical environment of a cryptosystem implementation to recover some leakage about its secrets It is often much more efficient than a cryptanalysis mounted in the so-called black-box model where no leakage occurs, and dedicated countermeasures are usually implemented to protect the execution of cryptographic algorithms on embedded systems. In most of secure products like smart-cards, the security is achieved by combining techniques applied at the software level (e.g. masking/blinding [Cor99] or shuffling [MOP07]) with mechanisms acting at the hardware level (e.g. clock jittering, white noise addition or power consumption balancing [MOP07]) This is especially true for RSA implementations where resistance against side-channel attacks is achieved by defining a secure exponentiation algorithm (at software level) on the basis of a secure arithmetic co-processor (e.g. implementing a fast Montgomery modular arithmetic while limiting information leakage) [BMV05, BÖPV03].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
