Abstract
Side-channel attacks pose a threat to cryptographic algorithms. Hash functions, in particular those from the SHA-2 family, can also be an interesting target if some of their inputs are secret. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker. Despite a few publications that discuss applications of power analysis techniques to attack HMAC-SHA-2, no generic method that shows a full attack on its hardware implementation has been proposed so far. In this article, we present a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware. To the best of our knowledge, it is the first practical attack on a true hardware implementation. We detail all the stages of the attack and validate it experimentally. Our experiments are based on an open-source hardware SHA-256 implementation that was implemented on two targets: (1) a pre-silicon side-channel leakage simulator and (2) an FPGA. In both cases, we show a full attack implementation up to the discovery of the key derivatives that allow for forging HMAC signatures. The setup used to attack the FPGA implementation cost less than $3K. The entire attack (the trace acquisition and the analysis) on the FPGA took about two hours including the profiling stage, and about half an hour excluding the profiling stage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ANSSI, Amossys, EDSI, LETI, Lexfo, Oppida, Quarkslab, SERMA, Synacktiv, Thales, Trusted Labs: Inter-CESTI: Methodological and Technical Feedbacks on Hardware Devices Evaluations. Technical report (2020). https://www.sstic.org/2020/presentation/inter-cesti_methodological_and_technical_feedbacks_on_hardware_devices_evaluations/
Archambeau, C., Peeters, E., Standaert, F.X., Quisquater, J.J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1
BelaÃd, S., Bettale, L., Dottax, E., Genelle, L., Rondepierre, F.: Differential power analysis of HMAC SHA-1 and HMAC SHA-2 in the hamming weight model. In: Obaidat, M., Holzinger, A., Filipe, J. (eds.) ICETE 2014. CCIS, vol. 554, pp. 363–379. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25915-4_19
BSI: Anwendungshinweise und Interpretationen zum Schema (AIS) 46. Technical report, BSI (2013). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_46_pdf.pdf?__blob=publicationFile&v=1
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36400-5_3
FIPS: PUB 198-1, The Keyed-Hash Message Authentication Code (HMAC). Technical report, National Institute of Standards and Technology, Gaithersburg, MD, July 2008. https://doi.org/10.6028/NIST.FIPS.198-1. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.198-1.pdf
FIPS: PUB 180-4, Secure Hash Standard (SHS). Technical report, National Institute of Standards and Technology (NIST) (2012)
FortifyIQ Inc.: SideChannel Studio. https://www.fortifyiq.com/sidechannel-studio.html
Fouque, P.A., Leurent, G., Réal, D., Valette, F.: Practical electromagnetic template attack on HMAC. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 66–80. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_6
Gauravaram, P., Okeya, K.: An update on the side channel cryptanalysis of MACs based on cryptographic hash functions. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 393–403. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77026-8_31
Gebotys, C.H., White, B.A., Mateos, E.: Preaveraging and carry propagate approaches to side-channel analysis of HMAC-SHA256. ACM Trans. Embed. Comput. Syst. 15(1), 1–19 (2016). https://doi.org/10.1145/2794093. https://dl.acm.org/doi/10.1145/2794093
Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_25
Gross, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: TIS@ CCS, p. 3 (2016). https://doi.org/10.1145/2996366.2996426
Kannwischer, M.J., Genêt, A., Butin, D., Krämer, J., Buchmann, J.: Differential power analysis of XMSS and SPHINCS. In: Fan, J., Gierlichs, B. (eds.) COSADE 2018. LNCS, vol. 10815, pp. 168–188. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_10
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (eds.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (eds.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Lemke, K., Schramm, K., Paar, C.: DPA on n-bit sized Boolean and arithmetic operations and its application to IDEA, RC6, and the HMAC-construction. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_15
McEvoy, R., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential power analysis of HMAC based on SHA-2, and countermeasures. In: Kim, S., Yung, M., Lee, H.W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317–332. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77535-5_23
NanGate Inc.: NanGate FreePDK45 Open Cell Library (2008). http://www.nangate.com/?page_id=2325
Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_38
O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (eds.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10175-0_17
Okeya, K.: Side channel attacks against HMACs based on block-cipher based hash functions. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432–443. Springer, Heidelberg (2006). https://doi.org/10.1007/11780656_36
Oswald, D.: Side-channel attacks on SHA-1-based product authentication ICs. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 3–14. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_1
Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31815-6_35
Rohatgi, P., Marson, M.: NSA Suite B Crypto, Keys, and Side Channel Attacks (2013). https://www.rambus.com/nsa-suite-b-crypto-keys-and-side-channel-attacks-2013-rsa-conference/
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_3
Strömbergson, J.: secworks/sha256: Hardware implementation of the SHA-256 cryptographic hash function. https://github.com/secworks/sha256
Tunstall, M., Hanley, N., McEvoy, R.P., Whelan, C., Murphy, C.C., Marnane, W.P.: Correlation power analysis of large word sizes. In: IET Irish Signals and Systems Conference (ISSC), pp. 145–150 (2007)
Wolf, C.: Yosys open synthesis suite (2016)
Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant time RSA. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 346–367. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_17
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Belenky, Y., Dushar, I., Teper, V., Chernyshchyk, H., Azriel, L., Kreimer, Y. (2021). First Full-Fledged Side Channel Attack on HMAC-SHA-2. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-89915-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89914-1
Online ISBN: 978-3-030-89915-8
eBook Packages: Computer ScienceComputer Science (R0)