Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model

Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, Franck Rondepierre

2013

Abstract

As any algorithm manipulating secret data, HMAC is potentially vulnerable to side channel attacks. In 2007, McEvoy et al. proposed a differential power analysis attack against HMAC instantiated with hash functions from the SHA-2 family. Their attack works in the Hamming distance leakage model and makes strong assumptions on the target implementation. In this paper, we present an attack on HMAC SHA-2 in the Hamming weight leakage model, which advantageously can be used when no information is available on the targeted implementation. Furthermore, our attack can be adapted to the Hamming distance model with weaker assumptions on the implementation. We show the feasibility of our attack on simulations, and we study its overall cost and success rate. We also provide an evaluation of the performance overhead induced by the countermeasures necessary to avoid the attack.

References

  1. Arkko, J. and Haverinen, H. (2006). RFC 4187: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA).
  2. Bellare, M., Canetti, R., and Krawczyk, H. (1996). Keying Hash Functions for Message Authentication. In Koblitz, N., editor, Advances in Cryptology - CRYPTO 7896, volume 1109 of LNCS, pages 1-15. Springer.
  3. Bertoni, G., Daemen, J., Debande, N., Le, T.-H., Peeters, M., and Van Assche, G. (2013). Power Analysis of Hardware Implementations Protected with Secret Sharing. IACR Cryptology ePrint Archive Report 2013/67.
  4. Brassard, G., editor (1989). Advances in Cryptology - CRYPTO 7889, volume 435 of LNCS. Springer.
  5. Brier, E., Clavier, C., and Olivier, F. (2004). Correlation Power Analysis with a Leakage Model. In (Joye and Quisquater, 2004), pages 16-29.
  6. Chari, S., Rao, J., and Rohatgi, P. (2002). Template Attacks. In Kaliski Jr., B., Koc¸, C¸ ., and Paar, C., editors, Cryptographic Hardware and Embedded Systems - CHES 2002, volume 2523 of LNCS, pages 13-29. Springer.
  7. Clavier, C. and Gaj, K., editors (2009). Cryptographic Hardware and Embedded Systems - CHES 2009, volume 5747 of LNCS. Springer.
  8. Damga°rd, I. (1989). A Design Principle for Hash Functions. In (Brassard, 1989), pages 416-427.
  9. FIPS 198-1 (2008). The Keyed-Hash Message Authentication Code (HMAC). National Institute of Standards and Technology.
  10. Fouque, P.-A., Leurent, G., Réal, D., and Valette, F. (2009). Pratical Electromgnetic Template Attack on HMAC. In (Clavier and Gaj, 2009), pages 66-80.
  11. Gauravaram, P. and Okeya, K. (2007). An Update on the Side Channel Cryptanalysis of MACs Based on Cryptographic Hash Functions. In Srinathan, K., Rangan, C. P., and Yung, M., editors, Progress in Cryptology - INDOCRYPT 2007, volume 4859 of LNCS, pages 393-403. SV.
  12. Gauravaram, P. and Okeya, K. (2008). Side Channel Analysis of Some Hash Based MACs: A Response to SHA3 Requirements. In Chen, L., Ryan, M. D., and Wang, G., editors, Information and Communications Security - ICISC 2008, volume 5308 of LNCS, pages 111- 127. Springer.
  13. Haverinen, H. and Salowey, J. (2006). RFC 4186: Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM).
  14. Joye, M. and Quisquater, J.-J., editors (2004). Cryptographic Hardware and Embedded Systems - CHES 2004, volume 3156 of LNCS. Springer.
  15. Kocher, P., Jaffe, J., and Jun, B. (1999). Differential Power Analysis. In Wiener, M., editor, Advances in Cryptology - CRYPTO 7899, volume 1666 of LNCS, pages 388-397. Springer.
  16. Lemke, K., Schramm, K., and Paar, C. (2004). DPA on n-Bit sized Boolean and Arithmetic Operations and its Application to IDEA, RC6, and the HMACConstruction. In (Joye and Quisquater, 2004), pages 205-219.
  17. Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks - Revealing the Secrets of Smartcards. Springer.
  18. McEvoy, R., Tunstall, M., Murphy, C. C., and Marnane, W. P. (2008). Differential Power Analysis of HMAC based on SHA-2, and Countermeasures. In Kim, S., Yung, M., and Lee, H.-W., editors, WISA 2007, volume 4867 of LNCS, pages 317-332. Springer.
  19. Merkle, R. C. (1989). A Certified Digital Signature. In (Brassard, 1989), pages 218-238.
  20. Messerges, T. (2000). Using Second-order Power Analysis to Attack DPA Resistant Software. In Koc¸, C¸ . and Paar, C., editors, Cryptographic Hardware and Embedded Systems - CHES 2000, volume 1965 of LNCS, pages 238-251. Springer.
  21. Okeya, K. (2006). Side Channel Attacks Against HMACs Based on Block-Cipher Based Hash Functions. In Batten, L. M. and Safavi-Naini, R., editors, ACISP, volume 4058 of LNCS, pages 432-443. Springer.
  22. Rivain, M., Prouff, E., and Doget, J. (2009). Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers. In (Clavier and Gaj, 2009), pages 171-188.
  23. Tunstall, M., Hanley, N., McEvoy, R., Whelan, C., Murphy, C., and Marnane, W. (2007). Correlation Power Analysis of Large Word Sizes. In IET Irish Signals and System Conference - ISSC 2007, pages 145-150.
  24. Zhang, F. and Shi, Z. J. (2011). Differential and Correlation Power Analysis Attacks on HMAC-Whirlpool. In ITNG'11, pages 359-365. IEEE Computer Society.
  25. Zohner, M., Kasper, M., Stöttinger, M., and Huss, S. A. (2012). Side Channel Analysis of the SHA-3 Finalists. In Rosenstiel, W. and Thiele, L., editors, Design, Automation & Test in Europe Conference & Exhibition, DATE 2012, pages 1012-1017. IEEE Computer Society.
Download


Paper Citation


in Harvard Style

Belaïd S., Bettale L., Dottax E., Genelle L. and Rondepierre F. (2013). Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 230-241. DOI: 10.5220/0004532702300241


in Bibtex Style

@conference{secrypt13,
author={Sonia Belaïd and Luk Bettale and Emmanuelle Dottax and Laurie Genelle and Franck Rondepierre},
title={Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={230-241},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004532702300241},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model
SN - 978-989-8565-73-0
AU - Belaïd S.
AU - Bettale L.
AU - Dottax E.
AU - Genelle L.
AU - Rondepierre F.
PY - 2013
SP - 230
EP - 241
DO - 10.5220/0004532702300241