Handbook of Applied Cryptography
Handbook of Applied Cryptography
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Securing Mobile Phone Calls with Identity-Based Cryptography
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Side channel analysis of AVR XMEGA crypto engine
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
Defeating any secret cryptography with SCARE attacks
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Secure mobile communication via identity-based cryptography and server-aided computations
The Journal of Supercomputing
FIRE: fault injection for reverse engineering
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Improved collision-correlation power analysis on first order protected AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Hi-index | 0.00 |
Side-channel analysis has been recognized for several years as a practical and powerful means to reveal secret keys of publicly known cryptographic algorithms. Rarely this kind of cryptanalysis has been applied to reverse engineer a non-trivial part of the specifications of a proprietary algorithm. The target here is no more one's secret key value but the undisclosed specifications of the cryptographic algorithm itself. In [8], Novak described how to recover the content of one (out of two) substitution table of a secret instance of the A3/A8 algorithm, the authentication and session key generation algorithm for GSM networks. His attack presents however two drawbacks from a practical viewpoint. First, in order to retrieve one substitution table (T2), the attacker must know the content of an other one (T1). Second, the attacker must also know the value of the secret key K. In this paper, we improve on Novak's cryptanalysis and show how to retrieve both substitution tables (T1 and T2) without any prior knowledge about the secret key. Furthermore, our attack also recovers the secret key. With this contribution, we intend to present a practical SCARE (Side Channel Analysis for Reverse Engineering) attack, anticipate a growing interest for this new area of side-channel signal exploitation, and remind, if needed, that security cannot be achieved by obscurity alone.