Kizhvatov, Ilya[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2010
Proceedings of CHES 2010
Springer
95 - 109
Yes
978-3-642-15030-2
Workshop on Cryptographic Hardware and Embedded Systems
August 17-20, 2010
Santa Barbara
CA
[en] Side channel attacks ; DPA ; countermeasures ; random delays
[en] Random delays are often inserted in embedded software to protect against side-channel and fault attacks. At CHES 2009 a new method for generation of random delays was described that increases the attacker's uncertainty about the position of sensitive operations. In this paper we show that the CHES 2009 method is less secure than claimed. We describe an improved method for random delay generation which does not suffer from the same security weakness. We also show that the paper's criterion to measure the security of random delays can be misleading, so we introduce a new criterion for random delays which is directly connected to the number of acquisitions required to break an implementation. We mount a power analysis attack against an 8-bit implementation of the improved method verifying its higher security in practice.