Authors:
Sonia Belaïd
1
;
Luk Bettale
2
;
Emmanuelle Dottax
2
;
Laurie Genelle
2
and
Franck Rondepierre
2
Affiliations:
1
École Normale Supérieure and Thales Communications & Security, France
;
2
Oberthur Technologies, France
Keyword(s):
Side Channel Analysis, Differential Power Analysis, Hamming Weight, HMAC, SHA-2.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Security Engineering
;
Security in Information Systems
;
Software Security
Abstract:
As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2007, McEvoy et al. proposed a differential power analysis attack against HMAC instantiated with hash functions from the SHA-2 family. Their attack works in the Hamming distance leakage model and makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted
implementation. Furthermore, our attack can be adapted to the Hamming distance model with weaker assumptions on the implementation. We show the feasibility of our attack on simulations, and we study its overall cost and success rate. We also provide an evaluation of the performance overhead induced by the countermeasures necessary to avoid the attack.