Leakage Power Analysis in Different S-Box Masking Protection Schemes
Loading...
Links to Files
Permanent Link
Author/Creator ORCID
Date
2021-12-17
Type of Work
Department
Program
Citation of Original Publication
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Subjects
Abstract
Internet-of-Things (IoT) devices are natural targets
for side-channel attacks. Still, side-channel leakage can be com plex: its modeling can be assisted by statistical tools. Projection
of the leakage into an orthonormal basis allows to understand
its structure, typically linear (1st-order leakage) or non-linear
(sometimes referred to as glitches). In order to ensure cryptosys tems protection, several masking methods have been published.
Unfortunately, they follow different strategies; thus it is hard to
compare them. Namely, ISW is constructive, GLUT is systematic,
RSM is a low-entropy version of GLUT, RSM-ROM is a further
optimization aiming at balancing the leakage further, and TI aims
at avoiding, by design, the leakage arising from the glitches. In
practice, no study has compared these styles on an equal basis.
Accordingly, in this paper, we present a consistent methodology
relying on a Walsh-Hadamard transform in this respect. We
consider different masked implementations of substitution boxes
of PRESENT algorithm, as this function is the most leaking in
symmetric cryptography. We show that ISW is the most secure
among the considered masking implementations. For sure, it takes
strong advantage of the knowledge of the PRESENT substitution
box equation. Tabulated masking schemes appear as providing a
lesser amount of security compared to unprotected counterparts.
The leakage is assessed over time, i.e., considering device aging
which contributes to mitigate the leakage differently according to
the masking style.