Abstract
We take advantage of a recently published open source implementation of the AES protected with a mix of countermeasures against side-channel attacks to discuss both the challenges in protecting COTS devices against such attacks and the limitations of closed source security evaluations. The target implementation has been proposed by the French ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) to stimulate research on the design and evaluation of side-channel secure implementations. It combines additive and multiplicative secret sharings into an affine masking scheme that is additionally mixed with a shuffled execution. Its preliminary leakage assessment did not detect data dependencies with up to 100,000 measurements. We first exhibit the gap between such a preliminary leakage assessment and advanced attacks by demonstrating how a countermeasures’ dissection exploiting a mix of dimensionality reduction, multivariate information extraction and key enumeration can recover the full key with less than 2,000 measurements. We then discuss the relevance of open source evaluations to analyze such implementations efficiently, by pointing out that certain steps of the attack are hard to automate without implementation knowledge (even with machine learning tools), while performing them manually is straightforward. Our findings are not due to design flaws but from the general difficulty to prevent side-channel attacks in COTS devices with limited noise. We anticipate that high security on such devices requires significantly more shares.
Highlights
The meaning of what is concretely relevant in this field of study is still a matter of quite subjective interpretation. We argue that this state of affairs is at least in part due to the very different models in which academic research and industrial practices perform their investigations
We show that a Principal Component Analysis (PCA) can be used to recover the multiplicative mask of the affine masking in full [APSQ06], that some parts of the implementation are weakly shuffled, that a multivariate higher-order template attack can significantly reduce the number of samples needed to circumvent the remaining shuffling and additive masks [CRR02], and that key enumeration can be used to reduce the data complexity of the attack [PSG16]
Our evaluations further indicate that reaching high security levels with the same masking scheme on a Cortex-like device would require a large number of shares
Summary
The recent NIST competition stating this as an explicit goal is one good illustration of this trend.[1] Yet, the meaning of what is concretely relevant in this field of study is still a matter of quite subjective interpretation. We argue that this state of affairs is at least in part due to the very different (open source vs closed source) models in which academic research and industrial practices perform their investigations. All the operations are performed over the Galois Field GF(28) In such a masking scheme, the sensible value x (i.e., the Sbox output) is encoded thanks to.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
