A Countermeasure for Differential Power Analysis Attack (G12a)
The side-channel analysis takes advantage of the key-dependent physical leakages provided by a cryptographic device, in order to recover secret information (key bytes, typically). Most of these attacks exploit the leakages by comparing them with key-dependent models that are available for the target device. Ongoing research on a masking countermeasure for the AES DPA attack is taking place. In which the goal is to modify the hardware implementation of the algorithm such that the breaking point in terms of power leakage is masked using a variety of randomized operations in that interval. Although there are arguments concerning the results of testing masking approaches. It has been decided that due to the sub-theoretical nature of side-channel attacks and to obtain the most tangible results an implementation and evaluation mechanism should be utilized. The experiment set consists of three different AES encryption hardware modules and an oscilloscope. From these modules, one has been developed in house on a microcontroller in which the capability of modifying the implementation is most simple. Randomized algorithms mentioned are programmed onto this configuration on top of the encryption algorithm. For example, in AES, these perturbing algorithms are added during the final round which most DPA attacks occur in. Recent efforts in development of FIPS 1.3 and ISO/IEC 17825 indicate increasing importance in addressing these type of attacks. While these standards enable experiments done in this area to be tested, further research could help improving these standards as well.