Abstract
Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks. Those include side-channel and fault injection attacks. We introduce ODSM, Orthogonal Direct Sum Masking, a new computation paradigm that achieves protection against those two kinds of attacks. A large vector space is structured as two supplementary orthogonal subspaces. One subspace (called a code \(\mathcal{C}\)) is used for the functional computation, while the second subspace carries random numbers. As the random numbers are entangled with the sensitive data, ODSM ensures a protection against (monovariate) side-channel attacks. The random numbers can be checked either occasionally, or globally, thereby ensuring a detection capability. The security level can be formally detailed: it is proved that monovariate side-channel attacks of order up to \(d_\mathcal{C}-1\), where \(d_\mathcal{C}\) is the minimal distance of \(\mathcal{C}\), are impossible, and that any fault of Hamming weight strictly less than \(d_\mathcal{C}\) is detected. A complete instantiation of ODSM is given for AES. In this case, all monovariate side-channel attacks of order strictly less than 5 are impossible, and all fault injections perturbing strictly less than 5 bits are detected.
Chapter PDF
Similar content being viewed by others
Keywords
References
Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When Clocks Fail: On Critical Paths and Clock Faults. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 182–193. Springer, Heidelberg (2010)
Bhasin, S., Danger, J.-L., Flament, F., Graba, T., Guilley, S., Mathieu, Y., Nassar, M., Sauvage, L., Selmane, N.: Combined SCA and DFA Countermeasures Integrable in a FPGA Design Flow. In: ReConFig, Cancún, Quintana Roo, México, December 9-11, pp. 213–218. IEEE Computer Society (2009), http://hal.archives-ouvertes.fr/hal-00411843/en/ , doi:10.1109/ReConFig.2009.50
Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: A Low-Entropy First-Degree Secure Provable Masking Scheme for Resource-Constrained Devices. In: Proceedings of the Workshop on Embedded Systems Security, WESS 2013, Montreal, Quebec, Canada, pp. 7:1–7:10, September 29. ACM, New York (2013), doi:10.1145/2527317.2527324
Biham, E.: A Fast New DES Implementation in Software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)
Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2005)
Boscher, A., Handschuh, H.: Masking Does Not Protect Against Differential Fault Attacks. In: FDTC, 5th Workshop on Fault Detection and Tolerance in Cryptography, pp. 35–40. IEEE-CS, Washington, DC (2008), doi:10.1109/FDTC.2008.12
Bringer, J., Chabanne, H., Le, T.-H.: Protecting AES against side-channel analysis using wire-tap codes. J. Cryptographic Engineering 2(2), 129–141 (2012)
Carlet, C.: Boolean Functions for Cryptography and Error Correcting Codes: Chapter of the monography. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press (2010), Preliminary version available at http://www.math.univ-paris13.fr/carlet/chap-fcts-Bool-corr.pdf
Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H., Prouff, E.: Achieving side-channel high-order correlation immunity with Leakage Squeezing. Journal of Cryptographic Engineering, 1–15 (2014), doi:10.1007/s13389-013-0067-1
Carlet, C., Guillot, P.: A New Representation of Boolean Functions. In: Fossorier, M., Imai, H., Lin, S., Poli, A. (eds.) AAECC 1999. LNCS, vol. 1719, pp. 94–103. Springer, Heidelberg (1999)
Coron, J.-S.: Higher Order Masking of Look-up Tables. Cryptology ePrint Archive, Report 2013/700 (2013), http://eprint.iacr.org/
Coron, J.-S., Goubin, L.: On Boolean and Arithmetic Masking against Differential Power Analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)
Debraize, B.: Efficient and provable Secure Methods for Switching from Arithmetic to Boolean Masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 107–121. Springer, Heidelberg (2012)
Goubin, L., Patarin, J.: DES and Differential Power Analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)
M. Joye, M. Tunstall.: Fault Analysis in Cryptography. Springer (March 2011), http://joye.site88.net/FAbook.html , doi: 10.1007/978-3-642-29656-7, ISBN 978-3-642-29655-0
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer (December 2006), http://www.springer.com/ , ISBN 0-387-30857-1
Messerges, T.S.: Securing the AES Finalists Against Power Analysis Attacks. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)
Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 428–445. Springer, Heidelberg (2012)
NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197 (November 2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Prouff, E., Rivain, M.: A Generic Method for Secure SBox Implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2007)
Rivain, M., Dottax, E., Prouff, E.: Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008)
Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)
Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011)
Tunstall, M., Whitnall, C., Oswald, E.: Masking Tables - An Underestimated Security Risk. IACR Cryptology ePrint Archive, 2013:735 (2013)
University of Sydney. Magma Computational Algebra System, http://magma.maths.usyd.edu.au/magma/
Vadnala, P.K., Großschädl, J.: Algorithms for Switching between Boolean and Arithmetic Masking of Second Order. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE 2013. LNCS, vol. 8204, pp. 95–110. Springer, Heidelberg (2013)
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012)
Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)
Ye, X., Eisenbarth, T.: On the Vulnerability of Low Entropy Masking Schemes. In: CARDIS. LNCS. Springer, Berlin (November 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bringer, J., Carlet, C., Chabanne, H., Guilley, S., Maghrebi, H. (2014). Orthogonal Direct Sum Masking. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)