Protecting secret keys in networked devices with table encoding against power analysis attacks
Nowadays, secret keys of networked devices are profoundly attacked by power analysis attacks, caused by the dramatic evolution of statistical analysis with a simple experimental setup. Recently, OpenSSL and CoreBitcoin running on Android and iOS have been broken by power analysis. Moreover, sensors...
Saved in:
Published in | Journal of high speed networks Vol. 22; no. 4; pp. 293 - 307 |
---|---|
Main Authors | , , , |
Format | Journal Article |
Language | English |
Published |
London, England
SAGE Publications
01.01.2016
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Nowadays, secret keys of networked devices are profoundly attacked by power analysis attacks, caused by the dramatic evolution of statistical analysis with a simple experimental setup. Recently, OpenSSL and CoreBitcoin running on Android and iOS have been broken by power analysis. Moreover, sensors and actuators can also be attacked thereby threatening user’s privacy and security. To resolve these challenges, power-analysis-resistant implementations of cryptographic algorithms in networked devices have received a lot of attentions. Masking schemes have been developed to implement secure cryptographic algorithms against side-channel analysis (SCA) attacks. Technically, the first-order masking method is vulnerable to the second order differential power analysis (2ODPA) attacks, but the current solutions against 2ODPA are expensive to be implemented. Moreover, worse performance will be shown if the cryptographic algorithms include boolean and arithmetic operations. In this paper, we propose a new countermeasure scheme to resist SCA attacks. Our scheme randomizes all the intermediate values of block cipher by encoding functions in the algorithm to lookup table and makes it resistant to power analysis attack. We apply our scheme to the block cipher algorithm, HIGHT. Our protected implementation of HIGHT takes only 1.79 times compared to the straightforward algorithm, and it needs 25 kbytes to store lookup tables in memory. |
---|---|
ISSN: | 0926-6801 1875-8940 |
DOI: | 10.3233/JHS-160550 |