Attacking Embedded ECC Implementations Through cmov Side Channels
| العنوان: | Attacking Embedded ECC Implementations Through cmov Side Channels |
|---|---|
| المؤلفون: | Nascimento, E., Chmielewski, L., Oswald, D., Schwabe, P., Avanzi, R. |
| المساهمون: | Avanzi, R. |
| المصدر: | Lecture Notes in Computer Science ISBN: 9783319694528 SAC Avanzi, R. (ed.), Selected Areas in Cryptology – SAC 2016: 23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers, pp. 99-119 SAC 2016 Avanzi, R. (ed.), Selected Areas in Cryptology – SAC 2016: 23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers, 99-119. Berlin : Springer STARTPAGE=99;ENDPAGE=119;ISSN=0302-9743;TITLE=Avanzi, R. (ed.), Selected Areas in Cryptology – SAC 2016: 23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers Lecture Notes in Computer Science Lecture Notes in Computer Science-Selected Areas in Cryptography – SAC 2016 |
| بيانات النشر: | Springer International Publishing, 2017. |
| سنة النشر: | 2017 |
| مصطلحات موضوعية: | Computer science, business.industry, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Power analysis, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, State (computer science), Digital Security, Telecommunications, business, Implementation, computer, TRACE (psycholinguistics) |
| الوصف: | Side-channel attacks against implementations of elliptic-curve cryptography have been extensively studied in the literature and a large tool-set of countermeasures is available to thwart different attacks in different contexts. The current state of the art in attacks and countermeasures is nicely summarized in multiple survey papers, the most recent one by Danger et al. [21]. However, any combination of those countermeasures is ineffective against attacks that require only a single trace and directly target a conditional move (cmov) – an operation that is at the very foundation of all scalar-multiplication algorithms. This operation can either be implemented through arithmetic operations on registers or through various different approaches that all boil down to loading from or storing to a secret address. In this paper we demonstrate that such an attack is indeed possible for ECC software running on AVR ATmega microcontrollers, using a protected version of the popular \(\mu \)NaCl library as an example. For the targeted implementations, we are able to recover 99.6% of the key bits for the arithmetic approach and 95.3% of the key bits for the approach based on secret addresses, with confidence levels 76.1% and 78.8%, respectively. All publicly available ECC software for the AVR that we are aware of uses one of the two approaches and is thus in principle vulnerable to our attack. |
| وصف الملف: | application/pdf |
| ردمك: | 978-3-319-69452-8 978-3-319-69453-5 |
| تدمد: | 0302-9743 1611-3349 |
| URL الوصول: | https://explore.openaire.eu/search/publication?articleId=doi_dedup___::818f437ff61e58cb707e296b96da0ecd https://doi.org/10.1007/978-3-319-69453-5_6 |
| حقوق: | OPEN |
| رقم الأكسشن: | edsair.doi.dedup.....818f437ff61e58cb707e296b96da0ecd |
| قاعدة البيانات: | OpenAIRE |
| ردمك: | 9783319694528 9783319694535 |
|---|---|
| تدمد: | 03029743 16113349 |