Abstract
During the last years, several masking schemes for AES have been proposed to secure hardware implementations against DPA attacks. In order to investigate the effectiveness of these countermeasures in practice, we have designed and manufactured an ASIC. The chip features an unmasked and two masked AES-128 encryption engines that can be attacked independently. In addition to conventional DPA attacks on the output of registers, we have also mounted attacks on the output of logic gates. Based on simulations and physical measurements we show that the unmasked and masked implementations leak side-channel information due to glitches at the output of logic gates. It turns out that masking the AES S-Boxes does not prevent DPA attacks, if glitches occur in the circuit.
| Translated title of the contribution | Successfully Attacking Masked AES Hardware Implementations |
|---|---|
| Original language | English |
| Title of host publication | Cryptographic Hardware and Embedded Systems – CHES 2005 |
| Subtitle of host publication | 7th International Workshop, Edinburgh, UK, August 29 – September 1, 2005. Proceedings |
| Publisher | Springer Berlin Heidelberg |
| Pages | 157-171 |
| Number of pages | 15 |
| ISBN (Electronic) | 9783540284405 |
| ISBN (Print) | 9783540284741 |
| DOIs | |
| Publication status | Published - 2005 |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| Publisher | Springer Berlin Heidelberg |
| Volume | 3659 |
Bibliographical note
Editors: Rao, JR and Sunar, BISBN: 9783540284741
Publisher: Springer
Name and Venue of Conference: Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, August 29 - September 1, 2005
Conference Organiser: IACR