Abstract
We present DPA attacks on an ARM Cortex-A8 processor running at 1GHz. This high-end processor is typically found in portable devices such as phones and tablets. In our case, the processor sits in a single board computer and runs a full-fledged Linux operating system. The targeted AES implementation is bitsliced and runs in constant time and constant flow. We show that, despite the complex hardware and software, high clock frequencies and practical measurement issues, the implementation can be broken with DPA starting from a few thousand measurements of the electromagnetic emanation of a decoupling capacitor near the processor. To harden the bitsliced implementation against DPA attacks, we mask it using principles of hardware gate-level masking. We evaluate the security of our masked implementation against firstorder and second-order attacks. Our experiments show that successful attacks require roughly two orders of magnitude more measurements.
Author supplied keywords
Cite
CITATION STYLE
Balasch, J., Gierlichs, B., Reparaz, O., & Verbauwhede, I. (2015). DPA, bitslicing and masking at 1 GHZ. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9293, pp. 599–619). Springer Verlag. https://doi.org/10.1007/978-3-662-48324-4_30
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
