research-article

Side-channel analysis of MAC-Keccak hardware implementations

Authors:

David R. Kaeli,

Miriam LeeserAuthors Info & Claims

HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy

Article No.: 1, Pages 1 - 8

https://doi.org/10.1145/2768566.2768567

Published: 14 June 2015 Publication History

Abstract

As Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel attacks against software implementations of MAC-Keccak to retrieve the key, with the security assessment of hardware implementations remaining an open problem. In this paper, we present a comprehensive and practical side-channel analysis of a hardware implementation of MAC-Keccak on FPGA. Different from previous works, we propose a new attack method targeting the first round output of MAC-Keccak rather than the linear operation θ only. The results on sampled power traces show that the unprotected hardware implementation of MAC-Keccak is vulnerable to side-channel attacks, and attacking the nonlinear operation of MAC-Keccak is very effective. We further discuss countermeasures against side-channel analysis on hardware MAC-Keccak. Finally, we discuss the impact of the key length on side-channel analysis and compare the attack complexity between MAC-Keccak and other cryptographic algorithms.

References

[1]

Source codes for the SHA-3 round 3 candidates & SHA-2 - the third SHA-3 candidate conference release, March 2012. http://cryptography.gmu.edu/athena/.

[2]

Tescase - testbed for side channel analysis and security evaluation, http://tescase.coe.neu.edu.

[3]

Keccak hardware implementation in vhdl version 3.1. http://keccak.noekeon.org/KeccakVHDL-3.1.zip, 2014 (accessed May 14, 2014).

[4]

G. Bertoni, J. Daemen, M. Peeters, and G. Assche. The Keccak reference. Submission to NIST (Round 3), January, 2011.

[5]

G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. Keccak sponge function family main document. Submission to NIST (Round 2), 2009.

[6]

G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. Building power analysis resistant implementations of Keccak. In Second SHA-3 Candidate Conference, 2010.

[7]

B. Bilgin, J. Daemen, V. Nikov, S. Nikova, V. Rijmen, and G. Van Assche. Efficient and first-order DPA resistant implementations of Keccak. In Smart Card Research and Advanced Applications, pages 187--199. 2014.

Digital Library

[8]

E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leakage model. In Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156, pages 16--29. 2004.

[9]

A. Ding, L. Zhang, Y. Fei, and P. Luo. A statistical model for higher order DPA on masked devices. In Cryptographic Hardware and Embedded Systems - CHES 2014, volume 8731, pages 147--169. 2014.

Digital Library

[10]

Y. Fei, A. A. Ding, J. Lao, and L. Zhang. A statistics-based fundamental model for side-channel attack analysis. Cryptology ePrint Archive, Report 2014/152, 2014.

[11]

B. Gierlichs, L. Batina, P. Tuyls, and B. Preneel. Mutual information analysis. In Cryptographic Hardware and Embedded Systems - CHES 2008, volume 5154, pages 426--442. 2008.

Digital Library

[12]

K. Kobayashi, J. Ikegami, S. Matsuo, K. Sakiyama, and K. Ohta. Evaluation of hardware performance for the SHA-3 candidates using SASEBO-GII. Cryptology ePrint Archive, Report 2010/010, 2010.

[13]

P. Luo, Y. Fei, X. Fang, A. Ding, M. Leeser, and D. Kaeli. Power analysis attack on hardware implementation of MAC-Keccak on FPGAs. In ReConFigurable Computing and FPGAs (ReConFig), 2014 International Conference on, pages 1--7, Dec 2014.

[14]

M. Taha and P. Schaumont. Side-channel analysis of MAC-Keccak. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pages 125--130, June 2013.

[15]

R. McEvoy, M. Tunstall, C. Murphy, and W. Marnane. Differential power analysis of HMAC based on SHA-2, and countermeasures. In workshop on Information Security Applications, pages 317--332. 2007.

Digital Library

[16]

N. F. Pub. DRAFT FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Federal Information Processing Standards Publication, 2014.

[17]

M. Taha and P. Schaumont. Differential power analysis of MAC-Keccak at any key-length. In International Workshop on Security, pages 68--82, Nov. 2013.

[18]

M. Zohner, M. Kasper, M. Stottinger, and S. Huss. Side channel analysis of the SHA-3 finalists. In Design, Automation Test in Europe (DATE), pages 1012--1017, March 2012.

Digital Library

Cited By

Sravani MDurai S(2022)On Efficiency Enhancement of SHA-3 for FPGA-Based Multimodal Biometric AuthenticationIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2022.314827530:4(488-501)Online publication date: Apr-2022
https://doi.org/10.1109/TVLSI.2022.3148275
You SKuhn M(2022)Single-Trace Fragment Template Attack on a 32-Bit Implementation of KeccakSmart Card Research and Advanced Applications10.1007/978-3-030-97348-3_1(3-23)Online publication date: 9-Mar-2022
https://doi.org/10.1007/978-3-030-97348-3_1
You SKuhn M(2021)A Template Attack to Reconstruct the Input of SHA-3 on an 8-Bit DeviceConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-68773-1_2(25-42)Online publication date: 6-Feb-2021
https://doi.org/10.1007/978-3-030-68773-1_2
Show More Cited By

Index Terms

Side-channel analysis of MAC-Keccak hardware implementations

Recommendations

Trade-offs in Protecting Keccak Against Combined Side-Channel and Fault Attacks
Constructive Side-Channel Analysis and Secure Design
Abstract
When deployed in a potentially hostile environment, security-critical devices are susceptible to physical attacks. Consequently, cryptographic implementations need to be protected against side-channel analysis, fault attacks and attacks that ...
DES with any reduced masked rounds is not secure against side-channel attacks

The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to ...
Efficient and First-Order DPA Resistant Implementations of Keccak
Smart Card Research and Advanced Applications
Abstract
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy

June 2015

72 pages

ISBN:9781450334839

DOI:10.1145/2768566

Conference Chairs:
Ruby Lee
Princeton University
,
Weidong Shi
University of Houston
,
Jakub Szefer
Yale University

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ISCA '15

Sponsor:

SIGARCH

ISCA '15: The 42nd Annual International Symposium on Computer Architecture

June 14, 2015

Oregon, Portland

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
148
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sravani MDurai S(2022)On Efficiency Enhancement of SHA-3 for FPGA-Based Multimodal Biometric AuthenticationIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2022.314827530:4(488-501)Online publication date: Apr-2022
https://doi.org/10.1109/TVLSI.2022.3148275
You SKuhn M(2022)Single-Trace Fragment Template Attack on a 32-Bit Implementation of KeccakSmart Card Research and Advanced Applications10.1007/978-3-030-97348-3_1(3-23)Online publication date: 9-Mar-2022
https://doi.org/10.1007/978-3-030-97348-3_1
You SKuhn M(2021)A Template Attack to Reconstruct the Input of SHA-3 on an 8-Bit DeviceConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-68773-1_2(25-42)Online publication date: 6-Feb-2021
https://doi.org/10.1007/978-3-030-68773-1_2
Chu CLukowiak M(2018)Two Step Power Attack on SHA-3 Based MAC2018 25th International Conference "Mixed Design of Integrated Circuits and System" (MIXDES)10.23919/MIXDES.2018.8436910(209-214)Online publication date: Jun-2018
https://doi.org/10.23919/MIXDES.2018.8436910
Zoni DBarenghi APelosi GFornaciari W(2018)A Comprehensive Side-Channel Information Leakage Analysis of an In-Order RISC CPU MicroarchitectureACM Transactions on Design Automation of Electronic Systems10.1145/321271923:5(1-30)Online publication date: 20-Aug-2018
https://dl.acm.org/doi/10.1145/3212719
Samwel NDaemen JGiorgi RBecchi MPalumbo F(2017)DPA on hardware implementations of Ascon and KeyakProceedings of the Computing Frontiers Conference10.1145/3075564.3079067(415-424)Online publication date: 15-May-2017
https://dl.acm.org/doi/10.1145/3075564.3079067
Luo PFei YZhang LDing A(2017)Differential Fault Analysis of SHA-3 Under Relaxed Fault ModelsJournal of Hardware and Systems Security10.1007/s41635-017-0011-41:2(156-172)Online publication date: 25-Aug-2017
https://doi.org/10.1007/s41635-017-0011-4
Maghrebi HBringer J(2017)Side-Channel Analysis of the TUAK Algorithm Used for Authentication and Key Agreement in 3G/4G NetworksSmart Card Research and Advanced Applications10.1007/978-3-319-54669-8_3(39-56)Online publication date: 7-Mar-2017
https://doi.org/10.1007/978-3-319-54669-8_3
Luo PLi CFei YCoskun AMargala MBehjat LHan J(2016)Concurrent Error Detection for Reliable SHA-3 DesignProceedings of the 26th edition on Great Lakes Symposium on VLSI10.1145/2902961.2902985(39-44)Online publication date: 18-May-2016
https://dl.acm.org/doi/10.1145/2902961.2902985
Luo PFei YZhang LDing A(2016)Differential Fault Analysis of SHA3-224 and SHA3-2562016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)10.1109/FDTC.2016.17(4-15)Online publication date: Aug-2016
https://doi.org/10.1109/FDTC.2016.17
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents