Compiler assisted masking

Andrew D Moss; Elisabeth Oswald; Daniel Page; Mike Tunstall

doi:10.1007/978-3-642-33027-8_4

Compiler assisted masking

Andrew D Moss, Elisabeth Oswald, Daniel Page, Mike Tunstall

Cryptography and Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

61 Citations (Scopus)

Abstract

Differential Power Analysis (DPA) attacks find a statistical
correlation between the power consumption of a cryptographic device
and intermediate values within the computation. Randomization via
(Boolean) masking of intermediate values breaks this statistical dependence
and thus prevents such attacks (at least up to a certain order). Especially
for software implementations, (first-order) masking schemes are
popular in academia and industry, albeit typically not as the sole countermeasure.
The current practice then is to manually ‘insert’ Boolean
masks: essentially software developers need to manipulate low-level assembly
language to implement masking. In this paper we make a first
step to automate this process, at least for first-order Boolean masking,
allowing the development of compilers capable of protecting programs
against DPA.

Original language	English
Title of host publication	Cryptographic Hardware and Embedded Systems - CHES
Publisher	Springer Berlin Heidelberg
Pages	58-75
Volume	7428
ISBN (Print)	9783642330261
DOIs	https://doi.org/10.1007/978-3-642-33027-8_4
Publication status	Published - 2012

Access to Document

10.1007/978-3-642-33027-8_4

Handle.net

Persistent link

SILENT: Rework of Side channels-theory and implications for society
Oswald, M. E. (Principal Investigator)
1/01/11 → 1/04/16
Project: Research
Architectural and Micro-architectural Countermeasures against Physical Attack
Page, D. (Principal Investigator)
1/10/09 → 1/04/14
Project: Research

Cite this

@inproceedings{f48f8f2cb1e34108a9681d1f0e3b35fb,

title = "Compiler assisted masking",

abstract = "Differential Power Analysis (DPA) attacks find a statisticalcorrelation between the power consumption of a cryptographic deviceand intermediate values within the computation. Randomization via(Boolean) masking of intermediate values breaks this statistical dependenceand thus prevents such attacks (at least up to a certain order). Especiallyfor software implementations, (first-order) masking schemes arepopular in academia and industry, albeit typically not as the sole countermeasure.The current practice then is to manually {\textquoteleft}insert{\textquoteright} Booleanmasks: essentially software developers need to manipulate low-level assemblylanguage to implement masking. In this paper we make a firststep to automate this process, at least for first-order Boolean masking,allowing the development of compilers capable of protecting programsagainst DPA.",

author = "Moss, {Andrew D} and Elisabeth Oswald and Daniel Page and Mike Tunstall",

year = "2012",

doi = "10.1007/978-3-642-33027-8_4",

language = "English",

isbn = "9783642330261",

volume = "7428",

pages = "58--75",

booktitle = "Cryptographic Hardware and Embedded Systems - CHES",

publisher = "Springer Berlin Heidelberg",

address = "Germany",

}

TY - GEN

T1 - Compiler assisted masking

AU - Moss, Andrew D

AU - Oswald, Elisabeth

AU - Page, Daniel

AU - Tunstall, Mike

PY - 2012

Y1 - 2012

N2 - Differential Power Analysis (DPA) attacks find a statisticalcorrelation between the power consumption of a cryptographic deviceand intermediate values within the computation. Randomization via(Boolean) masking of intermediate values breaks this statistical dependenceand thus prevents such attacks (at least up to a certain order). Especiallyfor software implementations, (first-order) masking schemes arepopular in academia and industry, albeit typically not as the sole countermeasure.The current practice then is to manually ‘insert’ Booleanmasks: essentially software developers need to manipulate low-level assemblylanguage to implement masking. In this paper we make a firststep to automate this process, at least for first-order Boolean masking,allowing the development of compilers capable of protecting programsagainst DPA.

AB - Differential Power Analysis (DPA) attacks find a statisticalcorrelation between the power consumption of a cryptographic deviceand intermediate values within the computation. Randomization via(Boolean) masking of intermediate values breaks this statistical dependenceand thus prevents such attacks (at least up to a certain order). Especiallyfor software implementations, (first-order) masking schemes arepopular in academia and industry, albeit typically not as the sole countermeasure.The current practice then is to manually ‘insert’ Booleanmasks: essentially software developers need to manipulate low-level assemblylanguage to implement masking. In this paper we make a firststep to automate this process, at least for first-order Boolean masking,allowing the development of compilers capable of protecting programsagainst DPA.

U2 - 10.1007/978-3-642-33027-8_4

DO - 10.1007/978-3-642-33027-8_4

M3 - Conference Contribution (Conference Proceeding)

AN - SCOPUS:84866710683

SN - 9783642330261

VL - 7428

SP - 58

EP - 75

BT - Cryptographic Hardware and Embedded Systems - CHES

PB - Springer Berlin Heidelberg

ER -

Compiler assisted masking

Abstract

Access to Document

Handle.net

Fingerprint

Projects

SILENT: Rework of Side channels-theory and implications for society

Architectural and Micro-architectural Countermeasures against Physical Attack

Cite this