| This paper presents hardware implementations of a DES cryptoprocessor with masking countermeasures and their evaluation against side-channel attacks (SCAs) in FPGAs. The masking protection has been mainly studied from a theoretical viewpoint without any thorough test in a noisy real world design. In this study the masking countermeasure is tested with firstorder and higher-order SCAs on a fully-fledged DES. Beside a classical implementation of the DES substitution boxes (SBoxes) a simple structure called Universal Substitution boxes with Masking (USM) is proposed. It meets the constraint of low complexity as state-of-the-art masked S-Boxes are mostly built from large look-up tables or complex calculations with combinatorial logic gates. However attacks on USM has underlined some security weaknesses. ROM masked implementation exhibits greater robustness as it cannot be attacked with first-order DPA. Nevertheless any masking implementation remains sensitive to Higher-Order Differential Power Analysis (HO-DPA) as shown in a proposed attack, nicknamed VPA. This attack is based on a variance analysis of the observed power consumption and it clearly shows the vulnerabilities of masking countermeasures. |
Récupérer au format
