TY - GEN
T1 - Performance evaluation of protocols resilient to physical attacks
AU - Guilley, Sylvain
AU - Sauvage, Laurent
AU - Danger, Jean Luc
AU - Selmane, Nidhal
AU - Real, Denis
PY - 2011/8/29
Y1 - 2011/8/29
N2 - Cryptographic implementations are vulnerable to physical attacks. Many countermeasures to resist them have been proposed in the past. However, they are all specific to a given attacker and allow to mitigate the risk only up to a certain level: improved attacks on those countermeasures can most of the time be devised. Therefore, a new trend consists in making cryptographic implementations resilient to physical attacks. This strategy makes it possible to prove the countermeasure against all possible types of attackers captured by a security model. Several resilient schemes for the protection of block ciphers exist. For a given security objective, they all permit to reach the same security level. Therefore, they differentiate only according to their efficiency. We first show that the genuine versions of these protocols achieve different I/O bandwidth and computational performance. Our second contribution is to improve those protocols thanks to a message blinding, assuming passive attacks require more than two traces to be successful. Then, we bring as a third contribution the fact that the improved versions of the protocols are very much alike, and that the difference between them depends only from the specific details of their instantiation.
AB - Cryptographic implementations are vulnerable to physical attacks. Many countermeasures to resist them have been proposed in the past. However, they are all specific to a given attacker and allow to mitigate the risk only up to a certain level: improved attacks on those countermeasures can most of the time be devised. Therefore, a new trend consists in making cryptographic implementations resilient to physical attacks. This strategy makes it possible to prove the countermeasure against all possible types of attackers captured by a security model. Several resilient schemes for the protection of block ciphers exist. For a given security objective, they all permit to reach the same security level. Therefore, they differentiate only according to their efficiency. We first show that the genuine versions of these protocols achieve different I/O bandwidth and computational performance. Our second contribution is to improve those protocols thanks to a message blinding, assuming passive attacks require more than two traces to be successful. Then, we bring as a third contribution the fact that the improved versions of the protocols are very much alike, and that the difference between them depends only from the specific details of their instantiation.
UR - https://www.scopus.com/pages/publications/80051994218
U2 - 10.1109/HST.2011.5954995
DO - 10.1109/HST.2011.5954995
M3 - Conference contribution
AN - SCOPUS:80051994218
SN - 9781457710575
T3 - 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011
SP - 51
EP - 56
BT - 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011
T2 - 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011
Y2 - 5 June 2011 through 6 June 2011
ER -