Side Channel Attacks

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (31 January 2019) | Viewed by 47515

Printed Edition Available!
A printed edition of this Special Issue is available here.

Special Issue Editor

Graduate School of Information Security and Institute of Cyber Security & Privacy (ICSP), Korea University, Seoul 02841, Korea
Interests: symmetric-key cryptography; public-key cryptography; side-channel analysis
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cryptosystems are widely used in a growing number of embedded applications, such as smart cards, smart phones, Internet of Things (IoT) devices, and so on. Although these cryptosystems have been proven to be safe using mathematical tools, they could be susceptible to physical attacks that exploit additional sources of information, including timing information, power consumption, electromagnetic emissions (EM), sound, and so on. First introduced by Kocher, these types of attacks are referred to as side-channel attacks (SCAs). These attacks pose a very serious threat to embedded systems with cryptographic algorithms. For the past few years, there has been a great deal of effort in finding various SCAs and developing secure countermeasures.

This Special Issue of Applied Sciences is dedicated to reflect the state-of-the-art technologies in the area of side-channel attacks. Topics of interest include (but are not limited to):

  • Power, EM, Timing, Acoustic, Fault, and Cache Attacks
  • Countermeasures against side-channel attacks
  • Higher-order side channel attacks
  • Higher-order masking countermeasures
  • Signal Processing for side-channel attacks
  • Modeling of side-channel attacks
  • Profiling attacks
  • Machine learning-based side-channel attacks
  • Side-channel attacks against post-quantum cryptography
  • Single trace attacks against public key cryptosystems
  • Differential computation analysis against white-box cryptography and its countermeasure
  • Physical Unclonable Functions (PUFs)

Prof. Seokhie Hong
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Cryptography
  • Internet-of-Things (IoT) devices
  • Side-channel attacks
  • Countermeasures
  • Power Analysis
  • EM Analysis
  • Fault Analysis
  • Masking Methods

Published Papers (14 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

5 pages, 187 KiB  
Editorial
Special Issue on “Side Channel Attacks”
by Seokhie Hong
Appl. Sci. 2019, 9(9), 1881; https://0-doi-org.brum.beds.ac.uk/10.3390/app9091881 - 08 May 2019
Cited by 1 | Viewed by 2318
Abstract
Cryptosystems are widely used in a growing number of embedded applications, such as smart cards, smart phones, Internet of Things (IoT) devices, and so on [...] Full article
(This article belongs to the Special Issue Side Channel Attacks)

Research

Jump to: Editorial

15 pages, 343 KiB  
Article
Re-Keying Scheme Revisited: Security Model and Instantiations
by Yuichi Komano and Shoichi Hirose
Appl. Sci. 2019, 9(5), 1002; https://0-doi-org.brum.beds.ac.uk/10.3390/app9051002 - 11 Mar 2019
Cited by 5 | Viewed by 2115
Abstract
The re-keying scheme is a variant of the symmetric encryption scheme where a sender (respectively, receiver) encrypts (respectively, decrypts) plaintext with a temporal session key derived from a master secret key and publicly-shared randomness. It is one of the system-level countermeasures against the [...] Read more.
The re-keying scheme is a variant of the symmetric encryption scheme where a sender (respectively, receiver) encrypts (respectively, decrypts) plaintext with a temporal session key derived from a master secret key and publicly-shared randomness. It is one of the system-level countermeasures against the side channel attacks (SCAs), which make attackers unable to collect enough power consumption traces for their analyses by updating the randomness (i.e., session key) frequently. In 2015, Dobraunig et al. proposed two kinds of re-keying schemes. The first one is a scheme without the beyond birthday security, which fixes the security vulnerability of the previous re-keying scheme of Medwed et al. Their second scheme is an abstract scheme with the beyond birthday security, which, as a black-box, consists of two functions; a re-keying function to generate a session key and a tweakable block cipher to encrypt plaintext. They assumed that the tweakable block cipher was ideal (namely, secure against the related key, chosen plaintext, and chosen ciphertext attacks) and proved the security of their scheme as a secure tweakable block cipher. In this paper, we revisit the re-keying scheme. The previous works did not discuss security in considering the SCA well. They just considered that the re-keying scheme was SCA resistant when the temporal session key was always refreshed with randomness. In this paper, we point out that such a discussion is insufficient by showing a concrete attack. We then introduce the definition of an SCA-resistant re-keying scheme, which captures the security against such an attack. We also give concrete schemes and discuss their security and applications. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

17 pages, 1978 KiB  
Article
Chaos-Based Physical Unclonable Functions
by Krzysztof Gołofit and Piotr Z. Wieczorek
Appl. Sci. 2019, 9(5), 991; https://0-doi-org.brum.beds.ac.uk/10.3390/app9050991 - 09 Mar 2019
Cited by 15 | Viewed by 4089
Abstract
The concept presented in this paper fits into the current trend of highly secured hardware authentication designs utilizing Physically Unclonable Functions (PUFs) or Physical Obfuscated Keys (POKs). We propose an idea that the PUF cryptographic keys can be derived from a chaotic circuit. [...] Read more.
The concept presented in this paper fits into the current trend of highly secured hardware authentication designs utilizing Physically Unclonable Functions (PUFs) or Physical Obfuscated Keys (POKs). We propose an idea that the PUF cryptographic keys can be derived from a chaotic circuit. We point out that the chaos theory should be explored for the sake of PUFs as a natural mechanism of amplifying random process variations of digital circuits. We prove the idea based on a novel design of a chaotic circuit, which utilizes time in a feedback loop as an analog continuous variable in a purely digital system. Our design is small and simple, and therefore feasible to implement in inexpensive reprogrammable devices (not equipped with digital clock manager, programmable delay line, phase locked loop, RAM/ROM memory, etc.). Preliminary tests proved that the chaotic circuit PUFs work in both advanced Field-Programmable Gate Arrays (FPGAs) as well as simple Complex Programmable Logic Devices (CPLDs). We showed that different PUF challenges (slightly different implementations based on variations in elements placement and/or routing) have provided significantly different keys generated within one CPLD/FPGA device. On the other hand, the same PUF challenges used in a different CPLD/FPGA instance (programmed with precisely the same bit-stream resulting in exactly the same placement and routing) have enhanced differences between devices resulting in different cryptographic keys. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

24 pages, 1594 KiB  
Article
Cache Misses and the Recovery of the Full AES 256 Key
by Samira Briongos, Pedro Malagón, Juan-Mariano de Goyeneche and Jose M. Moya
Appl. Sci. 2019, 9(5), 944; https://0-doi-org.brum.beds.ac.uk/10.3390/app9050944 - 06 Mar 2019
Cited by 12 | Viewed by 3636
Abstract
The CPU cache is a hardware element that leaks significant information about the software running on the CPU. Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which [...] Read more.
The CPU cache is a hardware element that leaks significant information about the software running on the CPU. Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which would reveal this information. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, has made these attacks quite popular. Traditionally, cache attacks against AES use the information about the victim to access an address. In contrast, we show that using non-access provides much more information and demonstrate that the power of cache attacks has been underestimated during these last years. This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort. In all cases, using cache misses as source of information, we could retrieve the 128-bit AES key with a reduction in the number of samples of between 93% and 98% compared to the traditional approach. Further, this attack was adapted and extended in what we call the encryption-by-decryption cache attack (EBD), to obtain a 256-bit AES key. In the best scenario, our approach obtained the 256 bits of the key of the OpenSSL AES T-table-based implementation using fewer than 10,000 samples, i.e., 135 milliseconds, proving that AES-256 is only about three times more complex to attack than AES-128 via cache attacks. Additionally, the proposed approach was successfully tested in a cross-VM scenario. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

20 pages, 2444 KiB  
Article
Machine-Learning-Based Side-Channel Evaluation of Elliptic-Curve Cryptographic FPGA Processor
by Naila Mukhtar, Mohamad Ali Mehrabi, Yinan Kong and Ashiq Anjum
Appl. Sci. 2019, 9(1), 64; https://0-doi-org.brum.beds.ac.uk/10.3390/app9010064 - 25 Dec 2018
Cited by 20 | Viewed by 5112
Abstract
Security of embedded systems is the need of the hour. A mathematically secure algorithm runs on a cryptographic chip on these systems, but secret private data can be at risk due to side-channel leakage information. This research focuses on retrieving secret-key information, by [...] Read more.
Security of embedded systems is the need of the hour. A mathematically secure algorithm runs on a cryptographic chip on these systems, but secret private data can be at risk due to side-channel leakage information. This research focuses on retrieving secret-key information, by performing machine-learning-based analysis on leaked power-consumption signals, from Field Programmable Gate Array (FPGA) implementation of the elliptic-curve algorithm captured from a Kintex-7 FPGA chip while the elliptic-curve cryptography (ECC) algorithm is running on it. This paper formalizes the methodology for preparing an input dataset for further analysis using machine-learning-based techniques to classify the secret-key bits. Research results reveal how pre-processing filters improve the classification accuracy in certain cases, and show how various signal properties can provide accurate secret classification with a smaller feature dataset. The results further show the parameter tuning and the amount of time required for building the machine-learning models. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

29 pages, 942 KiB  
Article
Improving Security and Reliability in Merkle Tree-Based Online Data Authentication with Leakage Resilience
by Dongyoung Koo, Youngjoo Shin, Joobeom Yun and Junbeom Hur
Appl. Sci. 2018, 8(12), 2532; https://0-doi-org.brum.beds.ac.uk/10.3390/app8122532 - 07 Dec 2018
Cited by 25 | Viewed by 4500
Abstract
With the successful proliferation of data outsourcing services, security and privacy issues have drawn significant attention. Data authentication in particular plays an essential role in the storage of outsourced digital content and keeping it safe from modifications by inside or outside adversaries. In [...] Read more.
With the successful proliferation of data outsourcing services, security and privacy issues have drawn significant attention. Data authentication in particular plays an essential role in the storage of outsourced digital content and keeping it safe from modifications by inside or outside adversaries. In this paper, we focus on online data authentication using a Merkle (hash) tree to guarantee data integrity. By conducting in-depth diagnostics of the side channels of the Merkle tree-based approach, we explore novel solutions to improve the security and reliability of the maintenance of outsourced data. Based on a thorough review of previous solutions, we present a new method of inserting auxiliary random sources into the integrity verification proof on the prover side. This prevents the exposure of partial information within the tree structure and consequently releases restrictions on the number of verification execution, while maintaining desirable security and reliability of authentication for the long run. Based on a rigorous proof, we show that the proposed scheme maintains consistent reliability without being affected by continuous information leakage caused by repetitions of the authentication process. In addition, experimental results comparing with the proposed scheme with other state-of-the-art studies demonstrate its efficiency and practicality. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

17 pages, 3295 KiB  
Article
Side Channel Leakages Against Financial IC Card of the Republic of Korea
by Yoo-Seung Won, Jonghyeok Lee and Dong-Guk Han
Appl. Sci. 2018, 8(11), 2258; https://0-doi-org.brum.beds.ac.uk/10.3390/app8112258 - 15 Nov 2018
Cited by 3 | Viewed by 2274
Abstract
Integrated circuit (IC) chip cards are commonly used in payment system applications since they can provide security and convenience simultaneously. More precisely, Europay, MasterCard, and VISA (EMV) are widely known to be well equipped with security frameworks that can defend against malicious attacks. [...] Read more.
Integrated circuit (IC) chip cards are commonly used in payment system applications since they can provide security and convenience simultaneously. More precisely, Europay, MasterCard, and VISA (EMV) are widely known to be well equipped with security frameworks that can defend against malicious attacks. On the other hand, there are other payment system applications at the national level. In the case of the Republic of Korea, standards for financial IC card specifications are established by the Korea Financial Telecommunications and Clearings Institute. Furthermore, security features defending against timing analysis, power analysis, electromagnetic analysis, and TEMPEST are required. This paper identifies side channel leakages in the financial IC cards of the Republic of Korea, although there may be side channel countermeasures. Side channel leakages in the financial IC cards of the Republic of Korea are identified for the first time since the side channel countermeasures were included in the standards. The countermeasure that is applied to the IC card from a black box perspective is estimated to measure security features against power analysis. Then, in order to investigate whether an underlying countermeasure is applied, first-order and second-order power analyses are performed on the main target, e.g., a S-box of the block cipher SEED that is employed in the financial system. Furthermore, the latest proposal in ICISC 2017 is examined to apply block cipher SEED to the financial IC card protocol. As a result, it is possible to identify some side channel leakages while expanding the lemma of the paper accepted in ICISC 2017. Algebraic logic is also constructed to recover the master key from some round keys. Finally, it is found that only 20,000 traces are required to find the master key. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

20 pages, 15637 KiB  
Article
Key Bit-Dependent Side-Channel Attacks on Protected Binary Scalar Multiplication
by Bo-Yeon Sim, Junki Kang and Dong-Guk Han
Appl. Sci. 2018, 8(11), 2168; https://doi.org/10.3390/app8112168 - 06 Nov 2018
Cited by 5 | Viewed by 3260
Abstract
Binary scalar multiplication, which is the main operation of elliptic curve cryptography, is vulnerable to side-channel analysis. It is especially vulnerable to side-channel analysis using power consumption and electromagnetic emission patterns. Thus, various countermeasures have been reported. However, they focused on eliminating patterns [...] Read more.
Binary scalar multiplication, which is the main operation of elliptic curve cryptography, is vulnerable to side-channel analysis. It is especially vulnerable to side-channel analysis using power consumption and electromagnetic emission patterns. Thus, various countermeasures have been reported. However, they focused on eliminating patterns of conditional branches, statistical characteristics according to intermediate values, or data inter-relationships. Even though secret scalar bits are directly loaded during the check phase, countermeasures for this phase have not been considered. Therefore, in this paper, we show that there is side-channel leakage associated with secret scalar bit values. We experimented with hardware and software implementations, and experiments were focused on the Montgomery–López–Dahab ladder algorithm protected by scalar randomization in hardware implementations. We show that we could extract secret key bits with a 100% success rate using a single trace. Moreover, our attack did not require sophisticated preprocessing and could defeat existing countermeasures using a single trace. We focused on the key bit identification functions of mbedTLS and OpenSSL in software implementations. The success rate was over 94%, so brute-force attacks could still be able to recover the whole secret scalar bits. We propose a countermeasure and demonstrate experimentally that it can be effectively applied. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

17 pages, 1817 KiB  
Article
Single Trace Side Channel Analysis on NTRU Implementation
by Soojung An, Suhri Kim, Sunghyun Jin, HanBit Kim and HeeSeok Kim
Appl. Sci. 2018, 8(11), 2014; https://0-doi-org.brum.beds.ac.uk/10.3390/app8112014 - 23 Oct 2018
Cited by 14 | Viewed by 3892
Abstract
As researches on the quantum computer have progressed immensely, interests in post-quantum cryptography have greatly increased. NTRU is one of the well-known algorithms due to its practical key sizes and fast performance along with the resistance against the quantum adversary. Although NTRU has [...] Read more.
As researches on the quantum computer have progressed immensely, interests in post-quantum cryptography have greatly increased. NTRU is one of the well-known algorithms due to its practical key sizes and fast performance along with the resistance against the quantum adversary. Although NTRU has withstood various algebraic attacks, its side-channel resistance must also be considered for secure implementation. In this paper, we proposed the first single trace attack on NTRU. Previous side-channel attacks on NTRU used numerous power traces, which increase the attack complexity and limit the target algorithm. There are two versions of NTRU implementation published in succession. We demonstrated our attack on both implementations using a single power consumption trace obtained in the decryption phase. Furthermore, we propose a countermeasure to prevent the proposed attacks. Our countermeasure does not degrade in terms of performance. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

23 pages, 1039 KiB  
Article
Side-Channel Vulnerabilities of Unified Point Addition on Binary Huff Curve and Its Countermeasure
by Sung Min Cho, Sunghyun Jin and HeeSeok Kim
Appl. Sci. 2018, 8(10), 2002; https://0-doi-org.brum.beds.ac.uk/10.3390/app8102002 - 22 Oct 2018
Cited by 6 | Viewed by 2742
Abstract
Unified point addition for computing elliptic curve point addition and doubling is considered to be resistant to simple power analysis. Recently, new side-channel attacks, such as recovery of secret exponent by triangular trace analysis and horizontal collision correlation analysis, have been successfully applied [...] Read more.
Unified point addition for computing elliptic curve point addition and doubling is considered to be resistant to simple power analysis. Recently, new side-channel attacks, such as recovery of secret exponent by triangular trace analysis and horizontal collision correlation analysis, have been successfully applied to elliptic curve methods to investigate their resistance to side-channel attacks. These attacks turn out to be very powerful since they only require leakage of a single power consumption trace. In this paper, using these side-channel attack analyses, we introduce two vulnerabilities of unified point addition on the binary Huff curve. Also, we propose a new unified point addition method for the binary Huff curve. Furthermore, to secure against these vulnerabilities, we apply an equivalence class to the side-channel atomic algorithm using the proposed unified point addition method. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

14 pages, 1694 KiB  
Article
Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES
by Yang Li, Momoka Kasuya and Kazuo Sakiyama
Appl. Sci. 2018, 8(10), 1898; https://0-doi-org.brum.beds.ac.uk/10.3390/app8101898 - 12 Oct 2018
Cited by 2 | Viewed by 2056
Abstract
Various electronic devices are increasingly being connected to the Internet. Meanwhile, security problems, such as fake silicon chips, still exist. The significance of verifying the authenticity of these devices has led to the proposal of side-channel authentication. Side-channel authentication is a promising technique [...] Read more.
Various electronic devices are increasingly being connected to the Internet. Meanwhile, security problems, such as fake silicon chips, still exist. The significance of verifying the authenticity of these devices has led to the proposal of side-channel authentication. Side-channel authentication is a promising technique for enriching digital authentication schemes. Motivated by the fact that each cryptographic device leaks side-channel information depending on its used secret keys, cryptographic devices with different keys can be distinguished by analyzing the side-channel information leaked during their calculation. Based on the original side-channel authentication scheme, this paper adapts an ID-based authentication scheme that can significantly increase the authentication speed compared to conventional schemes. A comprehensive study is also conducted on the proposed ID-based side-channel authentication scheme. The performance of the proposed authentication scheme is evaluated in terms of speed and accuracy based on an FPGA-based AES implementation. With the proposed scheme, our experimental setup can verify the authenticity of a prover among 2 70 different provers within 0.59 s; this could not be handled effectively using previous schemes. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

18 pages, 9319 KiB  
Article
Using Ad-Related Network Behavior to Distinguish Ad Libraries
by Ming-Yang Su, Hong-Siou Wei, Xin-Yu Chen, Po-Wei Lin and Ding-You Qiu
Appl. Sci. 2018, 8(10), 1852; https://0-doi-org.brum.beds.ac.uk/10.3390/app8101852 - 09 Oct 2018
Cited by 4 | Viewed by 3041
Abstract
Mobile app ads pose a far greater security threat to users than adverts on computer browsers. This is because app developers must embed a Software Development Kit (SDK), called an ad library or ad lib for short, provided by ad networks (i.e., ad [...] Read more.
Mobile app ads pose a far greater security threat to users than adverts on computer browsers. This is because app developers must embed a Software Development Kit (SDK), called an ad library or ad lib for short, provided by ad networks (i.e., ad companies) into their app program, and then merge and compile it into an Android PacKage (APK) execution file. The ad lib thus becomes a part of the entire app, and shares the whole permissions granted to the app. Unfortunately, this also resulted in many security issues, such as ad libs abusing the permissions to collect and leak private data, ad servers redirecting ad requests to download malicious JavaScript from unknown servers to execute it in the background of the mobile operating system without the user’s consent. The more well-known an embedded ad lib, the safer the app may be, and vice versa. Importantly, while decompiling an APK to inspect its source code may not identify the ad lib(s), executing the app on a simulator can reveal the network behavior of the embedded ad lib(s). Ad libs exhibit different behavior patterns when communicating with ad servers. This study uses a dynamic analysis method to inspect an executing app, and plots the ad lib behavior patterns related to the advertisement into a graph. It is then determined whether or not the ad lib is from a trusted ad network using comparisons of graph similarities. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

16 pages, 1255 KiB  
Article
Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure
by Suhri Kim and Seokhie Hong
Appl. Sci. 2018, 8(10), 1809; https://0-doi-org.brum.beds.ac.uk/10.3390/app8101809 - 03 Oct 2018
Cited by 19 | Viewed by 3761
Abstract
The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started [...] Read more.
The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

10 pages, 293 KiB  
Article
Fast and Secure Implementation of Modular Exponentiation for Mitigating Fine-Grained Cache Attacks
by Youngjoo Shin
Appl. Sci. 2018, 8(8), 1304; https://0-doi-org.brum.beds.ac.uk/10.3390/app8081304 - 05 Aug 2018
Cited by 1 | Viewed by 2956
Abstract
Constant-time technique is of crucial importance to prevent secrets of cryptographic algorithms from leakage by cache attacks. In this paper, we propose Permute-Scatter-Gather, a novel constant-time method for the modular exponentiation that is used in the RSA cryptosystem. On the basis of the [...] Read more.
Constant-time technique is of crucial importance to prevent secrets of cryptographic algorithms from leakage by cache attacks. In this paper, we propose Permute-Scatter-Gather, a novel constant-time method for the modular exponentiation that is used in the RSA cryptosystem. On the basis of the scatter-gather design, our method utilizes pseudo-random permutation to obfuscate memory access patterns. Based on this strategy, the resistance against fine-grained cache attacks is ensured, i.e., providing the higher level of security than the existing scatter-gather implementations. Evaluation shows that our method outperforms the OpenSSL library at most 11% in the mainstream Intel processors. Full article
(This article belongs to the Special Issue Side Channel Attacks)
Show Figures

Figure 1

Back to TopTop