Abstract
Cryptographic algorithms, irrespective of their theoretical strength, can be broken through weaknesses in their implementations. The most successful of these attacks are side-channel attacks which exploit unintended information leakage, e.g., timing information, power consumption, etc., from the implementation to extract the secret key. We propose a novel framework for implementing side-channel attacks where the attack is modeled as a search problem which takes the leaked information as its input, and deduces the secret key by using a satisfiability solver, a powerful Boolean reasoning technique. This approach can substantially enhance the scope of side-channel attacks by allowing a potentially wide range of internal variables to be exploited (not just those that are trivially related to the key). The proposed technique is particularly suited for attacking cryptographic software implementations which may inadvertently expose the values of intermediate variables in their computations (even though, they are very careful in protecting secret keys through the use of on-chip key generation and storage). We demonstrate our attack on standard software implementions of three popular cryptographic algorithms: DES, 3DES, and AES. Our attack technique is automated and does not require mathematical expertise on the part of the attacker.
Original language | English (US) |
---|---|
Pages (from-to) | 465-470 |
Number of pages | 6 |
Journal | IEEE Transactions on Very Large Scale Integration (VLSI) Systems |
Volume | 15 |
Issue number | 4 |
DOIs | |
State | Published - Apr 2007 |
All Science Journal Classification (ASJC) codes
- Software
- Hardware and Architecture
- Electrical and Electronic Engineering
Keywords
- 3DES
- AES
- Cryptanalysis
- DES
- Satisfiability
- Security
- Side-channel attacks
- Software