On the Security of RSM - Presenting 5 First- and Second-Order Attacks
| Autor: | Axel Poschmann, Sebastian Kutzner |
|---|---|
| Rok vydání: | 2014 |
| Předmět: | |
| Zdroj: | Constructive Side-Channel Analysis and Secure Design ISBN: 9783319101743 COSADE |
| DOI: | 10.1007/978-3-319-10175-0_20 |
| Popis: | Lightweight cryptography and efficient implementations, including efficient countermeasures against side-channel analysis, are of great importance for embedded devices, and, consequently, a lot of progress has been done in this area in recent years. In 2012, the RSM masking scheme [15] was introduced as an efficient countermeasure against side-channel attacks on AES. RSM has no time penalty, only reasonable area overhead, uses only 4 bit of entropy, and is deemed to be secure against univariate first- and second-order attacks. In this paper we first review the original practical security evaluation and discuss some shortcomings. We then reveal a weakness in the set of masks used in RSM, i.e., we found that certain pairs of masks have a constant difference. This weakness is subsequently exploited to mount five different side-channel attacks against RSM: a univariate first-order CPA enabled by simple pre-processing and a variant of a first-order correlation-enhanced collision attack, both on a smart card implementation, and a univariate second-order CPA as well as two first- and second-order collision attacks against an FPGA implementation. All five attacks show how such a vulnerability in the mask set can undermine the security of the scheme and therefore highlight the importance of carefully choosing the masks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|