Side-Channel Countermeasures' Dissection and the Limits of Closed Source Security Evaluations

Olivier Bronchain and François-Xavier Standaert

Abstract

We take advantage of a recently published open source implementation of the AES protected with a mix of countermeasures against side-channel attacks to discuss both the challenges in protecting COTS devices against such attacks and the limitations of closed source security evaluations. The target implementation has been proposed by the French ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) to stimulate research on the design and evaluation of side-channel secure implementations. It combines additive and multiplicative secret sharings into an affine masking scheme that is additionally mixed with a shuffled execution. Its preliminary leakage assessment did not detect data dependencies with up to 100,000 measurements. We first exhibit the gap between such a preliminary leakage assessment and advanced attacks by exhibiting how a countermeasures' dissection exploiting a mix of dimensionality reduction, multivariate information extraction and key enumeration can recover the full key with less than 2,000 measurements. We then discuss the relevance of open source evaluations to analyze such implementations efficiently, by exhibiting that certain steps of the attack are hard to automate without implementation knowledge (even with machine learning tools), while performing them manually is trivial. Our findings are not due to design flaws but from the general difficulty to prevent side-channel attacks in COTS devices with limited noise. We anticipate that high security on such devices requires significantly more shares.

Available format(s)
Publication info
A minor revision of an IACR publication in Tches 2020
Keywords
Side-Channel AttacksSecurity EvaluationsCertificationAffine MaskingShufflingWorst-Case (Multivariate) AnalysisOpen Source Design
Contact author(s)
olivier bronchain @ uclouvain be
History
2020-03-03: revised
See all versions
Short URL
https://ia.cr/2019/1008

CC BY

BibTeX

@misc{cryptoeprint:2019/1008,
author = {Olivier Bronchain and François-Xavier Standaert},
title = {Side-Channel Countermeasures' Dissection and the Limits of Closed Source Security Evaluations},
howpublished = {Cryptology ePrint Archive, Paper 2019/1008},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/1008}},
url = {https://eprint.iacr.org/2019/1008}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.