Paper 2022/1416
Side-Channel Attack Countermeasures Based On Clock Randomization Have a Fundamental Flaw
Abstract
Clock randomization is one of the oldest countermeasures against side-channel attacks. Various implementations have been presented in the past, along with positive security evaluations. However, in this paper we show that it is possible to break countermeasures based on a randomized clock by sampling side-channel measurements at a frequency much higher than the encryption clock, synchronizing the traces with pre-processing, and targeting the beginning of the encryption. We demonstrate a deep learning-based side-channel attack on a protected FPGA implementation of AES which can recover a subkey from less than 500 power traces. In contrast to previous attacks on FPGA implementations of AES which targeted the last round, the presented attack uses the first round as the attack point. Any randomized clock countermeasure is significantly weakened by an attack on the first round because the effect of randomness accumulated over multiple encryption rounds is lost.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Side-channel attack Random Execution Time Randomized Clock Countermeasure Oversampling Deep Learning FPGA CPA
- Contact author(s)
-
brisfors @ kth se
micmor @ kth se
dubrova @ kth se - History
- 2022-10-26: revised
- 2022-10-18: received
- See all versions
- Short URL
- https://ia.cr/2022/1416
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1416,
author = {Martin Brisfors and Michail Moraitis and Elena Dubrova},
title = {Side-Channel Attack Countermeasures Based On Clock Randomization Have a Fundamental Flaw},
howpublished = {Cryptology ePrint Archive, Paper 2022/1416},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/1416}},
url = {https://eprint.iacr.org/2022/1416}
}
