Abstract
Public knowledge about the structure of a cryptographic system is a standard assumption in the literature and algorithms are expected to guarantee security in a setting where only the encryption key is kept secret. Nevertheless, undisclosed proprietary cryptographic algorithms still find widespread use in applications both in the civil and military domains. Even though side-channel-based reverse engineering attacks that recover the hidden components of custom cryptosystems have been demonstrated for a wide range of constructions, the complete and practical reverse engineering of AES-128-like ciphers remains unattempted.
In this work, we close this gap and propose the first practical reverse engineering of AES-128-like custom ciphers, i.e., algorithms that deploy undisclosed SubBytes, ShiftRows and MixColumns functions. By performing a side-channel-assisted differential power analysis, we show that the amount of traces required to fully recover the undisclosed components are relatively small, hence the possibility of a side-channel attack remains as a practical threat. The results apply to both 8-bit and 32-bit architectures and were validated on two common microcontroller platforms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
For the remainder of this text, we assume that a signal \(\overline{E}(b_{i,F(j)})\) corresponds to a plaintext p, while \(\overline{E}(b'_{i,F(j)})\) refers to \(p'\).
References
AVR-Crypto-Lib. https://wiki.das-labor.org/w/AVR-Crypto-Lib/en. Accessed 03 July 2021
OpenSSL. https://github.com/openssl/openssl. Accessed 03 July 2021
secAES. https://github.com/ANSSI-FR/secAES-ATmega8515. Accessed 03 July 2021
Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: Proceedings of 19th USENIX Security Symposium, Washington, DC, USA, 11–13 August 2010, pp. 307–322. USENIX Association (2010). http://www.usenix.org/events/sec10/tech/full_papers/Backes.pdf
Bhasin, S., Breier, J., Hou, X., Jap, D., Poussier, R., Sim, S.M.: SITM: see-in-the-middle side-channel assisted middle round differential cryptanalysis on SPN block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 95–122 (2020). https://doi.org/10.13154/tches.v2020.i1.95-122
Breier, J., Jap, D., Bhasin, S.: SCADPA: side-channel assisted differential-plaintext attack on bit permutation based ciphers. In: Madsen, J., Coskun, A.K. (eds.) 2018 Design, Automation & Test in Europe Conference & Exhibition, DATE 2018, Dresden, Germany, 19–23 March 2018, pp. 1129–1134. IEEE (2018). https://doi.org/10.23919/DATE.2018.8342180
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Clavier, C.: An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol. 4812, pp. 143–155. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77086-2_11
Clavier, C., Isorez, Q., Wurcker, A.: Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Paul, G., Vaudenay, S. (eds.) Progress in Cryptology - INDOCRYPT 2013–14th International Conference on Cryptology in India, Mumbai, India, 7–10 December 2013. Proceedings. Lecture Notes in Computer Science, vol. 8250, pp. 116–135. Springer (2013). https://doi.org/10.1007/978-3-319-03515-4_8
Le Corre, Y., Großschädl, J., Dinu, D.: Micro-architectural power simulator for leakage assessment of cryptographic software on ARM Cortex-M3 processors. In: Fan, J., Gierlichs, B. (eds.) COSADE 2018. LNCS, vol. 10815, pp. 82–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_5
Jap, D., Bhasin, S.: Practical reverse engineering of secret sboxes by side-channel analysis. In: IEEE International Symposium on Circuits and Systems, ISCAS 2020, Sevilla, Spain, 10–21 October 2020, pp. 1–5. IEEE (2020). https://doi.org/10.1109/ISCAS45731.2020.9180848
Knudsen, L.R.: Dynamic encryption. J. Cyber Secur. Mobil. 357–370 (2014). https://doi.org/10.13052/jcsm2245-1439.341
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer (2007)
Mayer-Sommer, R.: Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44499-8_6
McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering: ’grey box’ modelling for instruction leakages. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, 16–18 August 2017, pp. 199–216. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/mccann
Novak, R.: Side-channel attack on substitution blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45203-4_24
O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10175-0_17
Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45418-7_17
Reparaz, O.: Detecting flawed masking schemes with leakage detection tests. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 204–222. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_11
Rivain, M., Roche, T.: SCARE of secret ciphers with SPN structures. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 526–544. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_27
Veshchikov, N.: SILK: high level of abstraction leakage simulator for side channel analysis. In: Preda, M.D., McDonald, J.T. (eds.) Proceedings of the 4th Program Protection and Reverse Engineering Workshop, PPREW@ACSAC 2014, New Orleans, LA, USA, 9 December 2014, pp. 3:1–3:11. ACM (2014). https://doi.org/10.1145/2689702.2689706
Acknowledgements
We wish to thank Thomas Roche for helping us improve this paper. Fatih Balli and Subhadeep Banik are supported by the Swiss National Science Foundation (SNSF) through the Ambizione Grant PZ00P2_179921.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Supplementary Plots
A Supplementary Plots
Differential power traces \(\overline{E}(b_{l,\mathsf {SB}(0)})\) - \(\overline{E}(b'_{l,\mathsf {SB}(0)})\) on the 8-bit ATXMEGA128D4 platform for different active state columns.
Differential power traces \(\overline{E}(b_{i,\mathsf {AK}(1)})\) - \(\overline{E}(b'_{i,\mathsf {AK}(1)})\) for \(0 \le i \le 3\) on the 32-bit STM32F303 platform with a single inactive byte in the first column.
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Caforio, A., Balli, F., Banik, S. (2022). Complete Practical Side-Channel-Assisted Reverse Engineering of AES-Like Ciphers. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-97348-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97347-6
Online ISBN: 978-3-030-97348-3
eBook Packages: Computer ScienceComputer Science (R0)