Article

An introduction to implementation attacks and countermeasures

Author:

Thomas PoppAuthors Info & Claims

MEMOCODE'09: Proceedings of the 7th IEEE/ACM international conference on Formal Methods and Models for Codesign

Pages 108 - 115

Published: 13 July 2009 Publication History

Abstract

Implementation attacks pose a serious threat to the security of cryptographic algorithms and protocols. In such attacks, not the abstract descriptions of cryptographic methods are attacked but their practical realizations in cryptographic devices. This opens up a wide range of powerful attacks, which are introduced in this article. Also the main approaches to counteract implementation attacks are discussed.

References

[1]

A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, ser. Discrete Mathematics and its Applications. CRC Press, 1997, ISBN 0-8493-8523-7. {Online}. Available: http://www.cacr.math.uwaterloo.ca/hac/

[2]

National Institute of Standards and Technology (NIST), "FIPS-197: Advanced Encryption Standard," November 2001. {Online}. Available: http://www.itl.nist.gov/fipspubs/

[3]

National Institute of Standards and Technology (NIST), "FIPS-180-3: Secure Hash Standard," October 2008. {Online}. Available: http://www.itl.nist.gov/fipspubs/

[4]

R. L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, February 1978.

Digital Library

[5]

H. H. Thompson, "How I Stole Someone's Identity," August 2008. {Online}. Available: http://www.scientificamerican. com/article.cfm?id=anatomy-of-a-social-hack

[6]

E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, 1st ed. Springer, May 1993, ISBN 978-0387979304.

Digital Library

[7]

K. Nohl, D. Evans, Starbug, and H. Plötz, "Reverse-Engineering a Cryptographic RFID Tag," in USENIX Security Symposium, San Jose, CA, USA, 31 July, 2008. USENIX, 2008, pp. 1-9.

Digital Library

[8]

F. D. Garcia, P. van Rossum, R. Verdult, and R. W. Schreur, "Wirelessly Pickpocketing a Mifare Classic Card," in 30th IEEE Symposium on Security and Privacy (S&P 2009), Oakland, CA, USA, 17-20 May, 2009, Proceedings. IEEE Computer Society, May 2009.

Digital Library

[9]

P. C. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," in Advances in Cryptology - CRYPTO '96, 16th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 1996, Proceedings, ser. LNCS, N. Koblitz, Ed., no. 1109. Springer, 1996, pp. 104-113.

Digital Library

[10]

D. Brumley and D. Boneh, "Remote timing attacks are practical," Computer Networks, vol. 48, no. 5, pp. 701-716, 2005.

Digital Library

[11]

D. J. Bernstein, "Cache-timing attacks on AES," April 2005. {Online}. Available: http://cr.yp.to/antiforgery/ cachetiming-20050414.pdf

[12]

P. C. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," in Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 1999, Proceedings, ser. LNCS, M. Wiener, Ed., vol. 1666. Springer, 1999, pp. 388-397.

Digital Library

[13]

K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic Analysis: Concrete Results," in Cryptographic Hardware and Embedded Systems - CHES 2001, Third International Workshop, Paris, France, May 14-16, 2001, Proceedings, ser. LNCS, Çetin Kaya Koç, D. Naccache, and C. Paar, Eds., vol. 2162. Springer, 2001, pp. 251-261.

Digital Library

[14]

S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks -- Revealing the Secrets of Smart Cards. Springer, 2007, ISBN 978-0-387-30857-9.

Digital Library

[15]

T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani, "On the Power of Power Analysis in the Real World: A Complete Break of the KEELOQ Code Hopping Scheme," in Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, Proceedings, ser. LNCS, D. Wagner, Ed., no. 5157. Springer, 2008, pp. 203-220.

Digital Library

[16]

D. Boneh, R. A. DeMillo, and R. J. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract)," in Advances in Cryptology - EUROCRYPT '97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11- 15, 1997, Proceedings, ser. LNCS, W. Fumy, Ed., vol. 1233. Springer, 1997, pp. 37-51.

Digital Library

[17]

S. P. Skorobogatov, "Semi-invasive attacks - A new approach to hardware security analysis," Ph.D. dissertation, University of Cambridge - Computer Laboratory, 2005. {Online}. Available: http://www.cl.cam.ac.uk/TechReports/

[18]

M. Otto, "Fault Attacks and Countermeasures," Ph.D. dissertation, Universität Paderborn, 2005.

[19]

H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan, "The Sorcerer's Apprentice Guide to Fault Attacks," Cryptology ePrint Archive, Report 2004/100, 2004. {Online}. Available: http://eprint.iacr.org/

Cited By

Falas SKonstantinou CMichael M(2021)A Modular End-to-End Framework for Secure Firmware Updates on Embedded SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/346023418:1(1-19)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3460234
Aldaya ABrumley BSarmiento ASánchez-Solano S(2019)Memory Tampering Attack on Binary GCD Based Inversion AlgorithmsInternational Journal of Parallel Programming10.1007/s10766-018-0610-x47:4(621-640)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1007/s10766-018-0610-x

Index Terms

An introduction to implementation attacks and countermeasures

Recommendations

Countermeasures against fault attacks: The good, the bad, and the ugly
IOLTS '11: Proceedings of the 2011 IEEE 17th International On-Line Testing Symposium

Hardware implementations of cryptographic systems are becoming common, due to new market needs and to reduced costs. However, the security of a system may be seriously compromised by implementation attacks, such as side channel analysis or fault ...
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography Engineering
Abstract
Deep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MEMOCODE'09: Proceedings of the 7th IEEE/ACM international conference on Formal Methods and Models for Codesign

July 2009

180 pages

ISBN:9781424448067

Sponsors

Publisher

IEEE Press

Publication History

Published: 13 July 2009

Check for updates

Author Tags

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 34 of 82 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
251
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Falas SKonstantinou CMichael M(2021)A Modular End-to-End Framework for Secure Firmware Updates on Embedded SystemsACM Journal on Emerging Technologies in Computing Systems10.1145/346023418:1(1-19)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3460234
Aldaya ABrumley BSarmiento ASánchez-Solano S(2019)Memory Tampering Attack on Binary GCD Based Inversion AlgorithmsInternational Journal of Parallel Programming10.1007/s10766-018-0610-x47:4(621-640)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1007/s10766-018-0610-x

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents