-
Chapter and Conference Paper
Design Considerations for EM Pulse Fault Injection
Electromagnetic-fault injection (EM-FI) setups are appealing since they can be made at a low cost, achieve relatively high spatial resolutions, and avoid the need of tampering with the PCB or packaging of the ...
-
Chapter and Conference Paper
An In-Depth and Black-Box Characterization of the Effects of Laser Pulses on ATmega328P
Laser fault injection is a complex, physical process with many parameters that influence the success of the injection. Some parameters are difficult to control. While many works have established that focused lase...
-
Chapter and Conference Paper
A First-Order Chosen-Plaintext DPA Attack on the Third Round of DES
DPA attacks usually exhibit a “divide-and-conquer” property: the adversary needs to enumerate only a small space of the key (a key sub-space) when performing the DPA attack. This is achieved trivially in the o...
-
Chapter and Conference Paper
Fault Analysis of the ChaCha and Salsa Families of Stream Ciphers
We present a fault analysis study of the ChaCha and Salsa families of stream ciphers. We first show that attacks like differential fault analysis that are common in the block cipher setting are not applicable ...
-
Chapter and Conference Paper
Consolidating Inner Product Masking
Masking schemes are a prominent countermeasure to defeat power analysis attacks. One of their core ingredients is the encoding function. Due to its simplicity and comparably low complexity overheads, many mask...
-
Chapter and Conference Paper
Does Coupling Affect the Security of Masked Implementations?
Masking schemes achieve provable security against side-channel analysis by using secret sharing to decorrelate key-dependent intermediate values of the cryptographic algorithm and side-channel information. Mas...
-
Chapter and Conference Paper
Design and Implementation of a Waveform-Matching Based Triggering System
Implementation attacks such as side channel attacks and fault attacks require triggering mechanisms to activate the acquisition device or fault injection equipment. Most academic works work with a very simple ...
-
Chapter and Conference Paper
Consolidating Masking Schemes
In this paper we investigate relations between several masking schemes. We show that the Ishai–Sahai–Wagner private circuits construction is closely related to Threshold Implementations and the Trichina gate. ...
-
Chapter and Conference Paper
On the Cost of Lazy Engineering for Masked Software Implementations
Masking is one of the most popular countermeasures to mitigate side-channel analysis. Yet, its deployment in actual cryptographic devices is well known to be challenging, since designers have to ensure that th...
-
Chapter and Conference Paper
Inner Product Masking Revisited
Masking is a popular countermeasure against side channel attacks. Many practical works use Boolean masking because of its simplicity, ease of implementation and comparably low performance overhead. Some recent...
-
Chapter and Conference Paper
A Note on the Use of Margins to Compare Distinguishers
Relative distinguishing margins are becoming a popular measure for comparing distinguishers. This paper presents some examples that show that this measure, although informative and intuitively sound, should no...
-
Chapter and Conference Paper
Generic DPA Attacks: Curse or Blessing?
Generic DPA attacks, such as MIA, have been recently proposed as a method to mount DPA attacks without the need for possibly restrictive assumptions on the leakage behaviour. Previous work identified some shor...
-
Chapter and Conference Paper
Higher-Order Threshold Implementations
Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking....
-
Chapter and Conference Paper
A More Efficient AES Threshold Implementation
Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in t...
-
Chapter and Conference Paper
Power Analysis of Atmel CryptoMemory – Recovering Keys from Secure EEPROMs
Atmel CryptoMemory devices offer non-volatile memory with access control and authenticated encryption. They are used in commercial and military applications e.g. to prevent counterfeiting, to store secrets suc...
-
Chapter and Conference Paper
Selecting Time Samples for Multivariate DPA Attacks
Masking on the algorithm level, i.e. concealing all sensitive intermediate values with random data, is a popular countermeasure against DPA attacks. A properly implemented masking scheme forces an attacker to ...
-
Chapter and Conference Paper
Infective Computation and Dummy Rounds: Fault Protection for Block Ciphers without Check-before-Output
Implementation attacks pose a serious threat for the security of cryptographic devices and there are a multitude of countermeasures that are used to prevent them. Two countermeasures used in implementations of...
-
Chapter and Conference Paper
Theory and Practice of a Leakage Resilient Masking Scheme
A recent trend in cryptography is to formally prove the leakage resilience of cryptographic implementations – that is, one formally shows that a scheme remains provably secure even in the presence of side channel...
-
Chapter and Conference Paper
To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order
We present a novel combined attack against ECC implementations that exploits specially crafted, but valid input points. The core idea is that after fault injection, these points turn into points of very low or...
-
Chapter and Conference Paper
The World Is Not Enough: Another Look on Second-Order DPA
In a recent work, Mangard et al. showed that under certain assumptions, the (so-called) standard univariate side-channel attacks using a distance-of-means test, correlation analysis and Gaussian templates are ess...