All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Crucial pitfall of DPA Contest V4.2 Implementation

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F17%3APU123794" target="_blank" >RIV/00216305:26220/17:PU123794 - isvavai.cz</a>

  • Result on the web

    <a href="http://onlinelibrary.wiley.com/doi/10.1002/sec.1760/full" target="_blank" >http://onlinelibrary.wiley.com/doi/10.1002/sec.1760/full</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1002/sec.1760" target="_blank" >10.1002/sec.1760</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Crucial pitfall of DPA Contest V4.2 Implementation

  • Original language description

    Differential Power Analysis (DPA) is a powerful side-channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA Contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest, denoted as V4.2, provides an improved implementation of the Rotating Sbox Masking (RSM) scheme where low-entropy boolean masking is combined with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA Contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original RSM implementation. In this article, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first-order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S-box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    20201 - Electrical and electronic engineering

Result continuities

  • Project

    <a href="/en/project/LO1401" target="_blank" >LO1401: Interdisciplinary Research of Wireless Technologies</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Security and Communication Networks (online)

  • ISSN

    1939-0114

  • e-ISSN

    1939-0122

  • Volume of the periodical

    9

  • Issue of the periodical within the volume

    18

  • Country of publishing house

    GB - UNITED KINGDOM

  • Number of pages

    17

  • Pages from-to

    1-17

  • UT code for WoS article

    000398221800092

  • EID of the result in the Scopus database

    2-s2.0-85016609370

Similar results(10)

Profiling Power Analysis Attack Based on MLP in DPA Contest V4.2Attack DPA ContestPower Analysis Attack Based on the MLP in DPA Contest v4