Cryptology ePrint Archive: Report 2020/876

Direct Sum Masking as a Countermeasure to Side-Channel and Fault Injection Attacks

Claude Carlet and Sylvain Guilley and Sihem Mesnager

Abstract: Internet of Things is developing at a very fast rate. In order to ensure security and privacy, end-devices (e.g. smartphones, smart sensors, or any connected smartcards) shall be protected both against cyber attacks (coming down from the network) and against physical attacks (arising from attacker low-level interaction with the device). In this context, proactive protections shall be put in place to mitigate information theft from either side-channel monitoring or active computation/data corruption. Although both countermeasures have been developing fast and have become mature, there has surprisingly been little research to combine both.

In this article, we tackle this difficult topic and highlight a viable solution. It is shown to be more efficient than mere fault detection by repetition (which is anyway prone to repeated correlated faults). The presented solution leverages the fact that both side-channel protection and fault attack detection are coding techniques. We explain how to both prevent (higher-order) side-channel analyses and detect (higher-order) fault injection attacks. The specificity of this method is that it works ``end-to-end'', meaning that the detection can be delayed until the computation is finished. This simplifies considerably the error management logic as there is a single verification throughout the computation.

Category / Keywords: implementation / Security, privacy, Internet of Things, side-channel analysis, fault injection attacks, countermeasure, high-order, coding theory, direct sum masking (DSM)

Original Publication (with minor differences): Security and Privacy in the Internet of Things 2019

Date: received 11 Jul 2020

Contact author: sylvain guilley at secure-ic com

Available format(s): PDF | BibTeX Citation

Note: Precised the example with [8,4,4] code

Version: 20200712:130057 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]