Paper 2017/345
Mind the Gap: Towards Secure 1st-order Masking in Software
Kostas Papagiannopoulos and Nikita Veshchikov
Abstract
Cryptographic implementations are vulnerable to side-channel analysis. Implementors often opt for masking countermeasures to protect against these types of attacks. Masking countermeasures can ensure theoretical protection against value-based leakages. However, the practical effectiveness of masking is often halted by physical effects such as glitches couplings and distance-based leakages, which violate the independent leakage assumption (ILA) and result in security order reductions. This paper aims to address this gap between masking theory and practice in the following threefold manner. First, we perform an in-depth investigation of the device-specific effects that invalidate ILA in the AVR microcontroller ATMega163. Second, we provide an automated tool, capable of detecting ILA violations in AVR assembly code. Last, we craft the first (to our knowledge) "hardened" 1st-order ISW-based, masked Sbox implementation, which is capable of resisting 1st-order, univariate side-channel attacks. Enforcing the ILA in the masked RECTANGLE Sbox requires 1319 clock cycles, i.e. a 15-fold increase compared to a naive 1st-order ISW-based implementation.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. COSADE 2017
- Keywords
- side-channel analysismaskingAVRdistance leakagesASCOLD
- Contact author(s)
- kostaspap88 @ gmail com
- History
- 2017-04-21: received
- Short URL
- https://ia.cr/2017/345
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/345,
author = {Kostas Papagiannopoulos and Nikita Veshchikov},
title = {Mind the Gap: Towards Secure 1st-order Masking in Software},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/345},
year = {2017},
url = {https://eprint.iacr.org/2017/345}
}
