Abstract
Future wireless embedded devices will be increasingly powerful, supporting many more applications, including one of the most crucial---security. Although many embedded devices offer more resistance to bus---probing attacks because of their compact size, susceptibility to power or electromagnetic analysis attacks must be analyzed. This paper presents a new split-mask countermeasure to thwart low-order differential power analysis (DPA) and differential EM analysis (DEMA). For the first time, real-power and EM measurements are used to analyze the difficulty of launching new third-order DPA and DEMA attacks on a popular low-energy 32-bit embedded ARM processor. Results show that the new split-mask countermeasure provides increased security without large overheads of energy dissipation, compared to previous research. With the emergence of security applications in PDAs, cell phones, and other embedded devices, low-energy countermeasures for resistance to low-order DPA/DEMA is crucial for supporting future enabled wireless internet.
- Agrawal, D., et al. 2001. The EM side-channel… methodologies. At http://www.research.ibm.com/intsec/emf.html.]]Google Scholar
- Agrawal, D., et al. 2003. The EM side-channel(s). In Proceedings of CHES 2002, LNCS 2523, Springer-Verlag, New York. 29--45.]] Google Scholar
- Akkar M., et al. 2000. Power analysis, what is now possible…. In Proceedings of ASIACRYPT 2000, LNCS 1976, Springer-Verlag, New York. 489--502.]] Google Scholar
- Aydos M., Yanik, T., and Koc, C.K. 2000. An high speed ECC-based wireless authentication protocol on an ARM Microprocessor. In Proceedings of 16th Annual Comp. Sec. Appl. Conf.]] Google Scholar
- Biham, E. and Shamir, A. 1999. Power analysis of the key scheduling of the Rijndael candidates, In Proceedings of 2nd Rijndael Conference.]]Google Scholar
- Brier, E., Clavier, C., and Olivier, F. 2004a. Correlation power analysis with a leakage model. In Proceedings of CHES, LNCS 3156, Springer-Verlag, New York. 16--29.]]Google Scholar
- Brier, E., et al. 2004b. Correlation Power analysis with a leakage model. LNCS 3156, Springer-Verlag, New York. 16--29.]]Google Scholar
- Chari, S., et al. 1999. Towards sound approaches to counteract power-analysis attacks. In Proceedings of CRYPTO'99, LNCS 1666, Springer-Verlag, New York. 398--412.]] Google Scholar
- Chari, S., et al. 1999b. A cautionary note regarding evaluation of Rijndael candidates on smart-cards. In Proceedings of 2nd Encryptn. Std. Cand. Conf.]]Google Scholar
- Coron, J. 1999. Resistance against differential power analysis for ECC. In Proceedings of CHES, LNCS 1717, Springer-Verlag, New York. 292--302.]] Google Scholar
- Coron, J., Kocher, P., and Naccache, D. 2001. Statistics and secret leakage. LNCS, 1962, Springer-Verlag, New York. 157--173.]] Google Scholar
- Daemen, J. and Rijmen, V. 1999a. AES Proposal: Rijndael At http://csrc.nist.gov/encryption/aes.]]Google Scholar
- Daemen, J. and Rijmen, V. 1999b. Resistance against implementation attacks. In Proceedings of 2nd Rijndael Conference.]]Google Scholar
- Gandolfi, K., et al. 2001. Electromagnetic analysis: concrete results. In Proceedings of CHES, LNCS 2162, Springer-Verlag, New York. 251--261.]] Google Scholar
- Gladman, B. 2003. A specification for rijndael, the aes algorithm. At fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf, 18--19.]]Google Scholar
- Golic, J. and Tymen, C. 2003. Multiplicative masking and power analysis of rijndael. In Proceedings of CHES 2002, LNCS 2523, Springer-Verlag, New York. 198--212.]] Google Scholar
- Goubin, L. and Patarin, J. 1999. DES and differential power analysis- the duplication method. In Proceedings of CHES, LNCS 1717, Springer-Verlag, New York. 158--172.]] Google Scholar
- Itoh, K., Takenaka M., and Torii, N. 2002. DPA countermeasure based on the masking method. In Proceedings of ICISC 2001, LNCS 2288, Springer-Verlag, New York. 440--456.]] Google Scholar
- Kocher, P., Jaffe, J., and Jun, B. 1999. Differential power analysis. In Proceedings of Crypto'99, LNCS 1666. 388--397.]] Google Scholar
- Mangaard, S. 2003. A simple power-analysis attack on implementations of the AES key expansion. In Proceedings of ICICS, LNCS 2587. 343--358.]]Google Scholar
- Messerges, T., et al. 1999. Investigations of power analysis attacks on smartcards. In Proceedings of USENIX workshop on Smartcard Technology.]] Google Scholar
- Messerges, T. 2000. Using 2nd order power analysis to attack DPA resistant software. In Proceedings of CHES, LNCS 1965, Springer-Verlag, New York. 238--251.]] Google Scholar
- Messerges, T. 2001. Securing the rijndael finalists against power analysis attacks. LNCS 1978, Springer-Verlag, New York. 150--164.]] Google Scholar
- Ravi, S., et al. 2002. Securing wireless data: system architecture challenges. In Proceedings of International Symposium on System-Level Synthesis. 195--200.]] Google Scholar
- Saputra, H., et al. 2003. Masking the energy behavior of DES encryption. In Proceedings of DATE 2003.]] Google Scholar
- Trichina, E. and Korkishko, L. 2004. Secure and efficient AES software implementations for smart cards. In Cryptology ePrint Archive, 2004/149, At http://eprint.iacr.org/2004/149.pdf]]Google Scholar
- Waddle, J. and Wagner, D. 2004. Towards efficient second-order power analysis. In Proceedings of CHES, LNCS 3156, Springer-Verlag, New York. 1--15.]]Google Scholar
Index Terms
A split-mask countermeasure for low-energy secure embedded systems
Recommendations
Analysis of the split mask countermeasure for embedded systems
WESS '09: Proceedings of the 4th Workshop on Embedded Systems SecurityWe analyze a countermeasure against differential power and electromagnetic attacks that was recently introduced under the name of split mask. We show a general weakness of the split mask countermeasure that makes standard DPA attacks with a full key ...
A table masking countermeasure for low-energy secure embedded systems
Future wireless embedded devices will be increasingly powerful, supporting many more applications, including one of the most crucial, which is security. Although many embedded devices offer more resistance to bus probing attacks due to their compact ...
EM analysis of a wireless Java-based PDA
The susceptibility of wireless portable devices to electromagnetic (EM) attacks is largely unknown. If analysis of electromagnetic (EM) waves emanating from the wireless device during a cryptographic computation do leak sufficient information, it may be ...






Comments