[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]

Journal of Information Science and Engineering, Vol. 33 No. 4, pp. 1085-1100

Another Security Evaluation of SPA Countermeasures for AES Key Expansion in IoT Devices

College of Computer Science and Technology
Nanjing University of Aeronautics and Astronautics
Nanjing, 211106 P.R. China
E-mail: {li.yang; chenmengting; wangjian}@nuaa.edu.cn

Internet of things (IoT) devices are easily exposed to physical attackers for their easy access. Therefore, the cryptographic algorithms should be implemented carefully considering the key recovery attacks such as side-channel attacks and fault attacks. This work focuses on the simper power analysis against AES key expansion in the attack scenario of the IoT device. We mainly focused on the power analysis countermeasure applied to AES key expansion proposed and evaluated by Clavier et al. in CHES 2014. Their proposed column-wise random order countermeasure showed certain resistance against power analysis. Clavier et al. then analyzed the improved key recovery attack that combines power analysis with fault injections. In this work, we argue that extracting power information of AES state is more preferred than performing fault injections for practical attackers. This work first comprehensively evaluates the random order countermeasure assuming the attackers use the power consumptions of AES state to accelerate the key recovery. The relationship between the key recovery result and the amount of used information are verified with both theoretical analysis and key recovery simulations. The results demonstrate a set of effective key extractions with no fault injections. The most effect attack uses the Hamming weight of 12 bytes for 2 AES executions, whose key extraction finishes in 1 minute. This work also considers to use algebraic sidechannel attack to construct a general security evaluation method for variant countermeasures. We explain the successful key recovery of algebraic side-channel attack on AES key expansion and discuss some observations.

Keywords: power analysis, AES key expansion, random order, algebraic side channel attack, SAT solver

  Retrieve PDF document (JISE_201704_15.pdf)