DPA Countermeasure Based on the "Masking Method"
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Countermeasure for EM Attack of a Wireless PDA
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
A split-mask countermeasure for low-energy secure embedded systems
ACM Transactions on Embedded Computing Systems (TECS)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Improved side-channel collision attacks on AES
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
A table masking countermeasure for low-energy secure embedded systems
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
EM analysis of rijndael and ECC on a wireless java-based PDA
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
AES side-channel countermeasure using random tower field constructions
Designs, Codes and Cryptography
Hi-index | 0.00 |
We analyze a countermeasure against differential power and electromagnetic attacks that was recently introduced under the name of split mask. We show a general weakness of the split mask countermeasure that makes standard DPA attacks with a full key recovery applicable to masked AES and DES implementations. Complexity of the attacks is the same as for unmasked implementations. We implement the most efficient attack on an 8-bit AVR microcontroller. We also show that the strengthened variant of the countermeasure is susceptible to a second order DPA attack independently of the number of used mask tables.