FortifyIQ has demonstrated the first full side channel attack on an encryption engine from monitoring the power consumption.
A paper describing the attack is to be presented at the 2021 Constructive Side-Channel Analysis and Secure Design (CoSADe) conference in Lausanne, Switzerland in October
Side-channel attacks pose a threat to cryptographic algorithms. Hash functions, those from the SHA-2 family, can also be an interesting target if some of their inputs are secret. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker.
Some applications of power analysis techniques to attack HMAC-SHA-2 , no method has ever demonstrated a full attack on its hardware implementation until now, says the California-based company.
FortifyIQ developed a practical template attack on HMAC-SHA-2, intended primarily against its implementations in hardware. FortifyIQ’s pre-silicon tools took less than two hours including the profiling and attack stages to discover the key derivatives that allow forging of HMAC signatures.
“Generic power analysis attacks on HMAC-SHA2 are non-trivial due to the complexity of the intermediate result mixing. This paper explores a full power analysis attack of an open-source HMAC-SHA256 hardware implementation being used in a generic setting. This means it is applicable to almost all usages of HMAC-SHA256 and represents a useful research contribution (even to show that the algorithm is fundamentally attackable),” said the programme committee of the conference.
“The background (including showing the algorithm and leakage) is excellent, and helps this paper serve as a nice “one-stop-shop” for showing the leakage potential, which is valuable for those working on countermeasures.”
FortifyIQ’s SideChannel Studio is a software tool which simulates side-channel attacks in a hardware device, using standard design data formats as inputs, and analyzes the simulation’s results. SideChannel Studio consists of an SCA simulation engine, SCOPE IQ – Side Channel Optimized Probe Emulator, a “virtual oscilloscope probe”, and an SCA data analyzer, SCORE IQ – Side Channel Output Results Evaluator. SCOPE IQ uses a patent-pending method of accurately simulating the side channel leakages which threaten the designed chip. SCOPE IQ has extremely high performance which may be even further boosted using distributed processing.
Related side channel attack articles
- Intel chips vulnerable to power attack
- Post quantum encryption will drive power vulnerabilities
- Team attacks ARM TrustZone via power management software
- Processor core hides activity to protect against power analysis
Other articles on eeNews Power