SpringerLink
Log in

First Full-Fledged Side Channel Attack on HMAC-SHA-2

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12910))

  • 914 Accesses

Abstract

Side-channel attacks pose a threat to cryptographic algorithms. Hash functions, in particular those from the SHA-2 family, can also be an interesting target if some of their inputs are secret. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker. Despite a few publications that discuss applications of power analysis techniques to attack HMAC-SHA-2, no generic method that shows a full attack on its hardware implementation has been proposed so far. In this article, we present a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware. To the best of our knowledge, it is the first practical attack on a true hardware implementation. We detail all the stages of the attack and validate it experimentally. Our experiments are based on an open-source hardware SHA-256 implementation that was implemented on two targets: (1) a pre-silicon side-channel leakage simulator and (2) an FPGA. In both cases, we show a full attack implementation up to the discovery of the key derivatives that allow for forging HMAC signatures. The setup used to attack the FPGA implementation cost less than $3K. The entire attack (the trace acquisition and the analysis) on the FPGA took about two hours including the profiling stage, and about half an hour excluding the profiling stage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. ANSSI, Amossys, EDSI, LETI, Lexfo, Oppida, Quarkslab, SERMA, Synacktiv, Thales, Trusted Labs: Inter-CESTI: Methodological and Technical Feedbacks on Hardware Devices Evaluations. Technical report (2020). https://www.sstic.org/2020/presentation/inter-cesti_methodological_and_technical_feedbacks_on_hardware_devices_evaluations/

  2. Archambeau, C., Peeters, E., Standaert, F.X., Quisquater, J.J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1

  3. Belaíd, S., Bettale, L., Dottax, E., Genelle, L., Rondepierre, F.: Differential power analysis of HMAC SHA-1 and HMAC SHA-2 in the hamming weight model. In: Obaidat, M., Holzinger, A., Filipe, J. (eds.) ICETE 2014. CCIS, vol. 554, pp. 363–379. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25915-4_19

  4. BSI: Anwendungshinweise und Interpretationen zum Schema (AIS) 46. Technical report, BSI (2013). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_46_pdf.pdf?__blob=publicationFile&v=1

  5. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36400-5_3

  6. FIPS: PUB 198-1, The Keyed-Hash Message Authentication Code (HMAC). Technical report, National Institute of Standards and Technology, Gaithersburg, MD, July 2008. https://doi.org/10.6028/NIST.FIPS.198-1. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf

  7. FIPS: PUB 180-4, Secure Hash Standard (SHS). Technical report, National Institute of Standards and Technology (NIST) (2012)

    Google Scholar 

  8. FortifyIQ Inc.: SideChannel Studio. https://www.fortifyiq.com/sidechannel-studio.html

  9. Fouque, P.A., Leurent, G., Réal, D., Valette, F.: Practical electromagnetic template attack on HMAC. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 66–80. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_6

  10. Gauravaram, P., Okeya, K.: An update on the side channel cryptanalysis of MACs based on cryptographic hash functions. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 393–403. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77026-8_31

  11. Gebotys, C.H., White, B.A., Mateos, E.: Preaveraging and carry propagate approaches to side-channel analysis of HMAC-SHA256. ACM Trans. Embed. Comput. Syst. 15(1), 1–19 (2016). https://doi.org/10.1145/2794093. https://dl.acm.org/doi/10.1145/2794093

  12. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_25

  13. Gross, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: TIS@ CCS, p. 3 (2016). https://doi.org/10.1145/2996366.2996426

  14. Kannwischer, M.J., Genêt, A., Butin, D., Krämer, J., Buchmann, J.: Differential power analysis of XMSS and SPHINCS. In: Fan, J., Gierlichs, B. (eds.) COSADE 2018. LNCS, vol. 10815, pp. 168–188. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_10

  15. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (eds.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

  16. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (eds.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

  17. Lemke, K., Schramm, K., Paar, C.: DPA on n-bit sized Boolean and arithmetic operations and its application to IDEA, RC6, and the HMAC-construction. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_15

  18. McEvoy, R., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential power analysis of HMAC based on SHA-2, and countermeasures. In: Kim, S., Yung, M., Lee, H.W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317–332. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77535-5_23

  19. NanGate Inc.: NanGate FreePDK45 Open Cell Library (2008). http://www.nangate.com/?page_id=2325

  20. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_38

  21. O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (eds.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10175-0_17

  22. Okeya, K.: Side channel attacks against HMACs based on block-cipher based hash functions. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432–443. Springer, Heidelberg (2006). https://doi.org/10.1007/11780656_36

  23. Oswald, D.: Side-channel attacks on SHA-1-based product authentication ICs. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 3–14. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_1

  24. Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31815-6_35

  25. Rohatgi, P., Marson, M.: NSA Suite B Crypto, Keys, and Side Channel Attacks (2013). https://www.rambus.com/nsa-suite-b-crypto-keys-and-side-channel-attacks-2013-rsa-conference/

  26. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3

  27. Strömbergson, J.: secworks/sha256: Hardware implementation of the SHA-256 cryptographic hash function. https://github.com/secworks/sha256

  28. Tunstall, M., Hanley, N., McEvoy, R.P., Whelan, C., Murphy, C.C., Marnane, W.P.: Correlation power analysis of large word sizes. In: IET Irish Signals and Systems Conference (ISSC), pp. 145–150 (2007)

    Google Scholar 

  29. Wolf, C.: Yosys open synthesis suite (2016)

    Google Scholar 

  30. Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant time RSA. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 346–367. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_17

Download references

Author information

Authors and Affiliations

  1. FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA, 02458, USA

    Yaacov Belenky, Ira Dushar, Valery Teper, Hennadii Chernyshchyk, Leonid Azriel & Yury Kreimer

Authors
  1. Yaacov Belenky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ira Dushar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Valery Teper
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hennadii Chernyshchyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Leonid Azriel
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yury Kreimer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yaacov Belenky .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Siemens AG, Munich, Germany

    Fabrizio De Santis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Belenky, Y., Dushar, I., Teper, V., Chernyshchyk, H., Azriel, L., Kreimer, Y. (2021). First Full-Fledged Side Channel Attack on HMAC-SHA-2. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89915-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89914-1

  • Online ISBN: 978-3-030-89915-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation