Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core
DSD '06 Proceedings of the 9th EUROMICRO Conference on Digital System Design
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A generic method for secure Sbox implementation
WISA'07 Proceedings of the 8th international conference on Information security applications
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Secure multiplicative masking of power functions
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Mutual Information Analysis: a Comprehensive Study
Journal of Cryptology - Special Issue on Hardware and Security
Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches
Journal of Cryptology - Special Issue on Hardware and Security
Pushing the limits: a very compact and a threshold implementation of AES
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Higher-order glitches free implementation of the AES using secure multi-party computation protocols
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Thwarting higher-order side channel analysis with additive and multiplicative maskings
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Piccolo: an ultra-lightweight blockcipher
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Threshold implementations against side-channel attacks and glitches
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Revisiting higher-order DPA attacks: multivariate mutual information analysis
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
A first-order leak-free masking countermeasure
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Statistical tools flavor side-channel collision attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
A low-entropy first-degree secure provable masking scheme for resource-constrained devices
Proceedings of the Workshop on Embedded Systems Security
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
New countermeasures aiming at protecting against power analysis attacks are often proposed proving the security of the scheme given a specific leakage assumption. Besides the classical power models like Hamming weight or Hamming distance, newer schemes also focus on other dynamic power consumption like the one caused by glitches in the combinational circuits. The question arises if with the increasing downscale in process technology and the larger role of static leakage or other harder to model leakages, the pure theoretical proof of a countermeasure's security is still good practice. As a case study we take a new large ROM-based masking countermeasure recently presented at CT-RSA 2012. We evaluate the security of the scheme both under the leakage assumptions given in the original article and using a more real-world approach utilizing collision attacks. We can demonstrate that while the new construction methods of the schemes provide a higher security given the assumed leakage model, the security gain in practice is only marginal compared to the conventional large ROM scheme. This highlights the needs for a closer collaboration of the different disciplines when proposing new countermeasures to provide better security statements covering both the theoretical reasoning and the practical evaluations.