Reference : Side-Channel Attacks meet Secure Network Protocols
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Side-Channel Attacks meet Secure Network Protocols
Biryukov, Alex mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Dinu, Dumitru-Daniel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Le Corre, Yann mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017. Proceedings
Gollmann, Dieter
Miyaji, Atsuko
Kikuchi, Hiroaki
Springer Verlag
Lecture Notes in Computer Science, volume 10355
15th International Conference on Applied Cryptography and Network Security (ACNS 2017)
from 10-07-2017 to 12-07-2017
[en] Side-channel attack ; Secure network protocol ; CPA ; AES
[en] Side-channel attacks are powerful tools for breaking systems that implement cryptographic algorithms. The Advanced Encryption Standard (AES) is widely used to secure data, including the communication within various network protocols. Major cryptographic libraries such as OpenSSL or ARM mbed TLS include at least one implementation of the AES. In this paper, we show that most implementations of the AES present in popular open-source cryptographic libraries are vulnerable to side-channel attacks, even in a network protocol scenario when the attacker has limited control of the input. We present an algorithm for symbolic processing of the AES state for any input configuration where several input bytes are variable and known, while the rest are fixed and unknown as is the case in most secure network protocols. Then, we classify all possible inputs into 25 independent evaluation cases depending on the number of bytes controlled by attacker and the number of rounds that must be attacked to recover the master key. Finally, we describe an optimal algorithm that can be used to recover the master key using Correlation Power Analysis (CPA) attacks. Our experimental results raise awareness of the insecurity of unprotected implementations of the AES used in network protocol stacks.
FnR ; FNR4009992 > Alex Biryukov > ACRYPT > Applied Cryptography For The Internet Of Things > 01/07/2013 > 30/06/2016 > 2012

File(s) associated to this reference

Fulltext file(s):

Open access
ACNS2017.pdfAuthor postprint3.88 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.