Paper 2016/282

Detecting flawed masking schemes with leakage detection tests

Oscar Reparaz

Abstract

Masking is a popular countermeasure to thwart side-channel attacks on embedded systems. Many proposed masking schemes, even carrying ``security proofs'', are eventually broken because they are flawed by design. The security validation process is nowadays a lengthy, tedious and manual process. In this paper, we report on a method to verify the soundness of a masking scheme before implementing it on a device. We show that by instrumenting a high-level implementation of the masking scheme and by applying leakage detection techniques, a system designer can quickly assess at design time whether the masking scheme is flawed or not, and to what extent. Our method requires not more than working high-level source code and is based on simulation. Thus, our method can be used already in the very early stages of design. We validate our approach by spotting in an automated fashion first-, second- and third-order flaws in recently published state-of-the-art schemes in a matter of seconds with limited computational resources. We also present a new second-order flaw on a table recomputation scheme, and show that the approach is useful when designing a hardware masked implementation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in FSE 2016
Keywords
side-channel analysisDPAmasking
Contact author(s)
oscar reparaz @ esat kuleuven be
History
2016-03-15: received
Short URL
https://ia.cr/2016/282
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/282,
      author = {Oscar Reparaz},
      title = {Detecting flawed masking schemes with leakage detection tests},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/282},
      year = {2016},
      url = {https://eprint.iacr.org/2016/282}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.