RS-Mask: Random Space Masking as an Integrated Countermeasure against Power and Fault Analysis

While modern masking schemes provide provable security against passive side-channel analysis (SCA), such as power analysis, single faults can be employed to recover the secret key of ciphers even in masked implementations. In this paper, we propose random space masking (RS-Mask) as a countermeasure...

Full description

Saved in:
Bibliographic Details
Published in:2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) pp. 176 - 187
Main Authors: Ramezanpour, Keyvan, Ampadu, Paul, Diehl, William
Format: Conference Proceeding
Language:English
Published: IEEE 07-12-2020
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:While modern masking schemes provide provable security against passive side-channel analysis (SCA), such as power analysis, single faults can be employed to recover the secret key of ciphers even in masked implementations. In this paper, we propose random space masking (RS-Mask) as a countermeasure against both power analysis and statistical fault analysis (SFA) techniques. In the RS-Mask scheme, the distribution of all sensitive variables, faulty and/or correct values is uniform, and it therefore protects the implementations against any SFA technique that exploits the distribution of intermediate variables, including fault sensitivity analysis (FSA), statistical ineffective fault analysis (SIFA) and fault intensity map analysis (FIMA). We implement RS-Mask on AES, and show that a SIFA attack is not able to identify the correct key. We additionally show that an FPGA implementation of AES, protected with RS-Mask, is resistant to power analysis SCA using Welch's t-test. The area of the RSMasked AES is about 3.5 times that of an unprotected AES implementation of similar architecture, and about 2 times that of a known FPGA SCA-resistant AES implementation. Finally, we introduce infective RS-Mask that provides security against differential techniques, such as differential fault analysis (DFA) and differential fault intensity analysis (DFIA), with a slight increase in overhead.
DOI:10.1109/HOST45689.2020.9300266