Abstract
In this paper, we show a very efficient side channel attack against HMAC. Our attack assumes the presence of a side channel that reveals the Hamming distance of some registers. After a profiling phase in which the adversary has access to a device and can configure it, the attack recovers the secret key by monitoring a single execution of HMAC-SHA-1. The secret key can be recovered using a "template attack" with a computation of about 2 323κ compression functions, where κ is the number of 32-bit words of the key. Finally, we show that our attack can also be used to break the secrecy of network protocols usually implemented on embedded devices. We have performed experiments using a NIOS processor executed on a Field Programmable Gate Array (FPGA) to confirm the leakage model. We hope that our results shed some light on the requirements in term of side channel attack for the future SHA-3 function. © 2009 Springer.
Cite
CITATION STYLE
Fouque, P. A., Leurent, G., Réal, D., & Valette, F. (2009). Practical electromagnetic template attack on HMAC. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5747 LNCS, pp. 66–80). https://doi.org/10.1007/978-3-642-04138-9_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
