# Analysis of Software Implemented Low Entropy Masking Schemes.

1. Introduction

First introduced by Kocher , side channel attacks (SCA) can be used to evaluate the implementation security of cryptographic ciphers by analyzing the time, the electromagnetic radiation, the power consumption, and so on [2-6].

To resist SCA, several valid countermeasures have been proposed [7-10]. Among those countermeasures, masking schemes are most popular and widely applied. The main idea of masking schemes is to make the side channel information independent of the sensitive data by randomizing the intermediate values. In general first-order masking scheme, any sensitive intermediate variable denoted by Z will be split into two shares so that Z = [S.sub.0] [direct sum] [S.sub.1], where the randomly drawn variable S0 is called the mask. All the computations of the cryptographic algorithm are performed on the shared values independently. At the same time, the sensitive data must be recovered by recombining the two shares. For this purpose, every computation function f of cryptographic algorithms should be designed to satisfy f(Z) = [S'.sub.0] [direct sum] [S'.sub.1], where [S'.sub.0] and [S'.sub.1] are the new shares after the operation f. If f is a linear operation with respect to XOR, then [S'.sub.0] = f([S.sub.0]) and [S'.sub.1] = f([S'.sub.1]). When f is the substitution box (S-Box), some adjustment is necessary to make up for its nonlinear property. The adjusted S-Box function changes along with the value of the mask, which makes it hard to compute canceling the sensitive intermediate value analytically. Therefore, precomputing and caching the required masked S-Boxes are more relevant and efficient. However, if the mask is drawn randomly from 2" possible masks, too much memory is required to keep all the possible masked S-Boxes. To offer a reasonable solution to balance the security protection and the performance of implementations, Low Entropy Masking Schemes (LEMS) [10, 11] are designed by limiting the amount of mask entropy.

LEMS use the masks drawn from the limited mask set M = {[m.sub.1], [m.sub.2], ..., [m.sub.s]} [subset] [F.sup.n.sub.2] whose mask entropy is [log.sub.2] (s). The security of LEMS implementations should be guaranteed in two aspects. In the architecture aspect, cryptographic algorithms should carefully be implemented to avoid first-order leakage . Some countermeasure techniques such as shuffling  can also be combined to help defeat certain bivariate and higher order attacks [14-17]. Another aspect is the chosen mask set which plays significant roles in security. Some research studied how to select them for hardware implemented LEMS [11,18]. The selection criterion of the mask sets considered finding secure mask sets under two important assumptions . The first one is that the attackers could only exploit the leakage of the masked value Z [direct sum] M. The second one is that the deterministic part of the leakage function [l.sub.Z[direct sum]M] is linear in the bits of masked variable Z [direct sum] M, such as Hamming weight function. Under those two conditions, the main goal of selecting mask sets for LEMS is to find balanced mask sets resistant to high order univariate CPA (following the definition of , the attack combining n different time instances is called n-variate attack and the nth order attack is the one with nth order statistical moments). Therefore, making E([([l.sub.Z[direct sum]M]).sup.[alpha]] | Z) independent of intermediate Z is the selection criterion of the mask sets for the designer of the hardware countermeasures. However, we find it is not enough for software implemented LEMS. The absolute difference [absolute value of [l.sub.Z[direct sum]M] - [l.sub.z'[direct sum]m']] may bring the unbalance to the intermediate pair (z, z'), which allows attackers to get the information of (z, z') when only the leakages corresponding to the masked values are available.

Our Contributions. In this paper, we study the unbalance in terms of absolute difference on software Low Entropy Masking Schemes (LEMS) implementations and make selection criterion for their mask sets.

(i) We find that the mask sets selected according to selection criteria in [11, 18] have the vulnerabilities based on the absolute difference measurements on software LEMS. Such vulnerabilities make the software LEMS implementations insecure when the leakages corresponding to the masked values could be exploited.

(ii) To fix the vulnerabilities and make software LEMS implementations resistant to high order univariate attacks, we further extend the selection criterion of balanced mask sets. Moreover, we prove the perfect balanced mask sets should not be linear, and their cardinalities should satisfy certain conditions.

(iii) When some feasible mask sets are already picked out by searching algorithms like those in , our selection criterion could be a reference factor to help decide on a more secure one from them.

Organization. The rest of the paper is organized as follows. In Section 2, we introduce the notations and some related background knowledge. Section 3 presents vulnerabilities that make the software LEMS insecure. Section 4 proves the necessary conditions that the balanced mask sets should satisfy and discusses the selection methods of mask sets. Finally, Section 5 concludes the paper.

2. Preliminaries

In this paper, sets are denoted with calligraphic letters (e.g., M). We use capital letters (e.g., M) and lowercase ones (e.g., m) for random variables and their realizations, respectively. Throughout the paper, Z and Z' are independent and uniformly distributed random variables representing intermediates. M and M' are two independent random variables drawn from the uniform distribution in the mask set M.

Let [l.sub.[omega]] be the value of leakage measurements corresponding to the intermediate value [omega], [omega] [member of] [F.sup.n.sub.2]. To match with realistic leakage functions in practice, the widely applied Hamming weight leakage model is used during the choice of the mask sets in this paper. Thus, in software environments, [l.sub.[omega]] = [epsilon]HW[[omega]] + [delta], where e is an unknown constant and S is the Gaussian distributed (N(0, [[sigma].sup.2])) noise. In hardware environments, [l.sub.[omega]] = [epsilon]HW[[omega]] (to describe the theories in [11, 18] more clearly, we use the same no noise model here). We further denote the absolute difference of two measurements corresponding to the values [mathematical expression not reproducible].

Mean and variance are denoted by E and Var, respectively. Let [X.sub.1] and [X.sub.2] be two independent random variables and f be a certain function. [X.sub.1] is randomly drawn from X. E(f([X.sub.1], [X.sub.2]) | [X.sub.1] = [x.sub.1] is the conditional expectation when [X.sub.1] = [x.sub.1]. The variance among those conditional expectations is

[mathematical expression not reproducible] (1)

which can measure the dispersion degree of E(f([X.sub.1], [X.sub.2]) | [X.sub.1]). Obviously, when Var(E(f([X.sub.1], [X.sub.2]) | [X.sub.1])) = 0, the specific value of [X.sub.1] cannot be recognized according to E(f([X.sub.1], [X.sub.2]) | [X.sub.1]). This property was mainly applied by some works [11,18] studying the selection criterion of mask sets for hardware LEMS. Their theories are as follows.

To defeat high order univariate CPA, the value of intermediate Z should be independent of the statistic values of [l.sub.Z[direct sum]M] = [epsilon]HW[Z [direct sum] M]. Usually, those statistics indicate [alpha]th moments denoted by E([([epsilon]HW[Z [direct sum] M]).sup.[alpha]]). Hence, Var(E([([epsilon]HW[Z [direct sum] M]).sup.[alpha]] | Z)) = 0 is the selection criterion. The mask set is said to resist univariate dth-order attacks if [for all] 1 [less than or equal to] a [less than or equal to] d, [alpha] [member of] N, Var(E([([epsilon]HW[Z [direct sum] M]).sup.[alpha]] | Z)) = 0.

The work in  proved that only 12 mask values are sufficient for d = 2 when n = 8, ([M.sub.12] = {03, 18, 3F, 55, 60, 6E, 8C, AS, B2, CB, D6, F9}). The work in  further studied the linear code mask sets for different d and n. For example, in [8,4,4] linear code mask set can reach the standard of d = 3 with 16 mask values when n = 8 (like [M.sub.16] = {00, 0F, 36, 39, 53, 5C, 65, 6A, 95, 9A, A3, AC, C6, C9, F0, FF} used in DPA Contest v4). The linear mask set M has the property that [m.sub.i] [direct sum] [m.sub.j], [member of] M, [m.sub.i], [m.sub.j] [member of] M . We will discuss and use the property in the following sections.

3. Vulnerabilities on Software LEMS

As stated in Section 2, the selection of the mask sets for hardware LEMS considers the balance between the intermediate values Z and the leakage measurements [l.sub.Z[direct sum]M] to avoid leaking the information of Z. Nonetheless, the unbalance of absolute difference measurements [absolute value of [l.sub.Z[direct sum]M] - [l.sub.z'[direct sum]M']] may leak the information of intermediate pair (Z, Z') in software LEMS. In this section, we will study (a represents the order with respect to the absolute difference; indeed, the absolute difference itself is not first order according to Taylor expansion ; hence, the order with respect to the original leakage measurement here is higher than [alpha]) [E.sup.([alpha]).sub.(Z,Z')] = E([[absolute value of [l.sub.Z[direct sum]M] - [l.sub.Z'[direct sum]M']].sup.[alpha]] | Z, Z'), [alpha] = 1, 2. The proofs will show that [E.sup.(2).sub.(Z,Z')], is independent of (Z, Z') if the mask set satisfies the hardware selection criterion: Var(E(HW[[Z [direct sum] M].sup.[alpha]] | Z)) = 0, [alpha] = 1,2. And it is uncertain for [E.sup.(1).sub.(Z,Z')]. The unbalanced [E.sup.(1).sub.(Z,Z')] leads to the unbalanced variance and coefficient of variation (coefficient of variation is the ratio of standard deviation to mean), which can also help identify the intermediate pair (Z,Z') in attacks. The results of experiments show that the unbalance of [E.sup.(1).sub.(Z,Z')] makes the implementations insecure. Those vulnerabilities are the properties of mask sets and cannot be fixed by the architectures of specific implementations like shuffling. So finding the balanced mask sets in terms of absolute difference is necessary for software LEMS, which will be discussed in the next section.

[mathematical expression not reproducible] according to Appendix A. We deduce that

[E.sup.(1).sub.(z,z')] = E([absolute value of [l.sub.Z[direct sum]M] - [l.sub.z'[direct sum]m']] | Z = z, Z' = Z') (2)

= 1/[[absolute value of M].sup.2] [[summation over (m,m'[member of]M)] E([l.sub.Z[direct sum]m] - [l.sub.z'[direct sum]m']]) (3)

1/[[absolute value of M].sup.2] [[summation over (m,m'[member of]M)] f([epsilon](HW [z [direct sum] m] - HW [z' [direct sum] m']), [square root of 2] [sigma], (4)

[E.sup.(2).sub.(z,z')] = E([([l.sub.Z[direct sum]M] - [l.sub.z'[direct sum]M']).sup.2] | Z = z, Z' = z') (5)

= 1/[[absolute value of M].sup.2] [[summation over (m,m'[member of]M)] E([([l.sub.Z[direct sum]m] - [l.sub.z'[direct sum]m']).sup.2]) (6)

= 1/[[absolute value of M].sup.2] [[summation over (m,m'[member of]M)] ([([epsilon]HW [z [direct sum] m] - [epsilon]HW [z' [direct sum] m]).sup.2]

+ 2[[sigma].sup.2]) (7)

[mathematical expression not reproducible] (8)

Obviously, for the mask set M which satisfies the hardware selection criterion (Var(E([([epsilon]HW[Z [direct sum] M]).sup.[alpha]] | Z)) = 0, [alpha] = 1, 2), [E.sup.(2).sub.(Z,Z')], is independent of (Z, Z').

[E.sup.(1).sub.(Z,Z')], is associated with the noise. For certain value [sigma], the value of [E.sup.(1).sub.(Z,Z')] converges from 2[sigma]/[square root of [pi]] to ([epsilon]/ [[absolute value of M].sup.2]) [[summation].sub.m,m'[member of]M] [absolute value of HW[z [direct sum] m] -HW[z' [direct sum] m']] along with [epsilon]/[sigma] = 0 [right arrow] [infinity]. Hence, we can evaluate the unbalance of [E.sup.(1).sub.(Z,Z')] for a certain mask set with (1/[[absolute value of M].sup.2]) [[summation].sub.m,m'[member of]M] [absolute value of HW[z [direct sum] m] - HW[z' [direct sum] m']]. We take the mask set [M.sub.12] [subset] [F.sup.8.sub.2] mentioned in Section 2 as an example and draw values of [E.sup.(1).sub.(Z,Z')], for [2.sup.2*8] intermediate pairs (Z, Z') in Figure 1 which shows that [M.sub.12] has vulnerabilities in terms of the absolute difference. Univariate attacks using these vulnerabilities can be performed on one S-Box.

The results of experiments in Appendix B verify that such vulnerabilities we highlighted can really threaten the security of software LEMS implementations. To make software LEMS implementations resistant to high order univariate attacks (CPA and also attacks based on the vulnerabilities above), specific implementations like shuffling are not enough and selecting the balanced mask sets in terms of the absolute difference is necessary.

4. Selection of Balanced Mask Sets

In this section, we will modify the selection criterion to find the balanced mask sets. The proofs give two conditions that the balanced mask sets should satisfy, which considerably narrow down the search for the mask sets.

The selection of the mask sets should first satisfy the criteria for hardware selections: Var(E(HW[[Z[direct sum]M].sup.[alpha]]) | Z) = 0 at least for [alpha] = 1, 2. In such a condition, [E.sup.(2).sub.(Z,Z')] is balanced as analyzed in Section 3. Hence, if Var([E.sup.(1).sub.(Z,Z')] | Z,Z') = 0, [E.sup.(1)], [Var.sub.(Z, Z')] and [CV.sub.(Z.Z')] will also be balanced. According to (4), [E.sup.(1).sub.(Z,Z')]. can further be denoted by [sigma][f.sub.e].([epsilon]/[sigma], z, z'). We can deduce that

[mathematical expression not reproducible]. (9)

Var([E.sup.(1).sub.(Z,Z')] | Z, Z') will converge from 0 to [gamma] Var(E([absolute value of [epsilon]HW[Z [direct sum] M]] - [epsilon]HW[Z' [direct sum] M']] | Z, Z')) when [epsilon]/[sigma] for any fixed value a.

The value of [gamma] is an intrinsic property of the mask set. Thus, [gamma] = 0 is the selection criterion. In this case, [E.sup.(1).sub.(Z,Z')], will be balanced for any e/a. Aiming at the selection criterion, we can deduce the following conclusions to help select mask sets.

[gamma] = 0 indicates E([absolute value of HW[Z [direct sum] M] - HW[Z' [direct sum] M']] | Z, Z')is a constant, the value of which is E([absolute value of HW [Z [direct sum] M] - HW [Z' [direct sum] M']]). We have the following.

Lemma 1. E([absolute value of HW[Z [direct sum] M] - HW[Z' [direct sum] M']]) - (2n - 1)!!/[2.sup.n](n - 1)!.

Proof. Let [W.sub.a] - E([absolute value of HW[Z] - HW[Z']] | HW[Z [direct sum] Z'] = a). [W.sub.0] = 0, obviously. For k [member of] N, we can deduce that

[mathematical expression not reproducible] (10)

The second equality uses [mathematical expression not reproducible].

The third one is according to [mathematical expression not reproducible].

Similarly, [W.sub.2k+2] = (2k + 1)!!/(2k)!! = [W.sub.2k+1] = ((2k + 1)/2k)[W.sub.2k]. Hence

[mathematical expression not reproducible] (11)

We will use mathematical induction to prove [mathematical expression not reproducible].

When [mathematical expression not reproducible]. If n is odd, we have

[mathematical expression not reproducible] (12)

The second equality is based on [mathematical expression not reproducible]. The fourth one follows [W.sub.2i+1] - [W.sub.2i+2], and the fifth one uses [W.sub.2i] = (2i/(2i + 1)) [W.sub.2i+1].

The situation when n is even can be proved similarly. Thus, E([absolute value of HW[Z [direct sum] M]--HW[Z' [direct sum] M']]) = [A.sub.n]/[2.sup."] = (2n -1)!!/[2.sup.n](n - 1)!.

As stated above, E([absolute value of HW[Z [direct sum] M] - HW[Z' [direct sum] M']] | Z, Z') for any pair (Z, Z') and the means of their combinations such as [E.sub.M] = E(E([absolute value of HW[Z [direct sum] M'] - HW[Z [direct sum] M']] | Z)) should be equal to the constant value (2n - 1)!!/[2.sup.n](n - 1)!. We can prove two necessary conditions for balanced mask set M by analyzing [E.sub.M] - (2n - 1)!!/[2.sup.n](n - 1)!.

Theorem 2. One necessary condition for [gamma] - 0 is [absolute value of M] = [k2.sup.[??]n/2[??]+1], k [member of] N.

Proof. We deduce that

[E.sub.M] = E(E([absolute value of HW [Z [direct sum] M] - HW [Z [direct sum] M']] | Z)) (13)

[mathematical expression not reproducible] (14)

[mathematical expression not reproducible] (15)

= 1/[[absolute value of M].sup.2] [summation over (m,m' [member of] M)] E([absolute value of HW [Z] - HW [z']] | Z [direct sum] Z' = m

[direct sum] m'). (16)

Let [C.sub.i] = [[summation].sub.m,m' [member of] M)] (m [direct sum] m'), where

[mathematical expression not reproducible] (17)

0, otherwise.

As [mathematical expression not reproducible], we can deduce

[mathematical expression not reproducible] (18)

The reason of the second arrow is as follows: Recall [W.sub.2k+2] = [W.sub.2k+2+1] = (2k + 1)!!/(2k)!! in Lemma 1. [for all]n > 2k + 1, [mathematical expression not reproducible]. Therefore, [[absolute value of M].sup.2] must be divisible by [2.sup.n+1].

Hence, [absolute value of M] = [k2.sup.[[??]n/2[??]+1], k [member of] N.

Theorem 3. [for all][absolute value of M] < [2.sup.n] [member of] N, if M is a linear mask set, [gamma] = 0.

Proof. If M is linear, m [direct sum] m' [member of] M, m, m' [member of] M. Let [D.sub.m] = {m [direct sum] m' | m' [member of] M}. Obviously, [for all]m [member of] M, [D.sub.m] = M. And (16) will further be

[E.sub.m] = 1/[[absolute value of M].sup.2] [k.summation over (m,m' [member of] M)] E ([absolute value of HW [Z] - HW [Z']] | Z [direct sum] Z'

[mathematical expression not reproducible], (19)

where [C.sub.i] = [[summation].sub.m[member of]] [[??].sub.i](m). [[??].sub.i](*) is defined by (17).

If [E.sub.m] = (2n - 1)!!/[2.sup.n](n - 1)!, we can deduce

[mathematical expression not reproducible] (20)

which contradicts [absolute value of M] < [2.sup.n]. Thus, [E.sub.m] = (2n - 1)!!/[2.sup.n](n - 1)!, which indicates Var(E([absolute value of HW[Z [direct sum] M] - HW[Z' [direct sum] M']] | Z, Z')) = 0.

Theorem 2 indicates that the search should be among mask sets satisfying [absolute value of M] = [k2.sup.[[??]n/2[??]+1], k [member of] N, to find the perfect balanced mask set with [gamma] = 0. However, in consideration of the effect of the noise, [gamma] = 0 could not be necessary. According to Theorem 3 and the results in Appendix B, the linear mask sets will be more vulnerable because of their linear property. Hence, one can first use the searching algorithms like those in  to get some nonlinear mask sets and use our selection criterion as a reference factor to select the one with smaller [gamma].

5. Conclusion

In this paper, we analyzed the vulnerabilities on the mask sets of software Low Entropy Masking Schemes implementations. We found that satisfying the conditions in [11, 18] was not enough for mask sets used in software LEMS implementations. The experiments verified that such vulnerabilities certainly made the software LEMS implementations insecure. To fix the vulnerabilities, we further gave a selection criterion. Moreover, two theorems were proved, and our selection criterion could be a reference factor when selecting the mask sets picked out by searching algorithms like those in .

For future work, there remain two research directions. The first direction is the proof of the existence of such perfect balanced mask sets. The second one is designing more feasible search algorithms and giving the masking values selection rules based on those conditions.

Appendix

A. The Proof of f([mu], [sigma])

f([mu], [sigma]) = E([absolute value of X]), where random variable X ~ N([mu], [[sigma].sup.2]). We can deduce that

[mathematical expression not reproducible]. (A.1)

Here

[mathematical expression not reproducible]. (A.2)

[mathematical expression not reproducible], (A.3)

[mathematical expression not reproducible], (A.4)

where [mathematical expression not reproducible] can be checked on the normal distribution table.

Therefore, using (A.3) and (A.4)

[mathematical expression not reproducible]. (A.5)

B. Results of Experiments

We take atypical [8,4,4] linear code mask set M16 mentioned in Section 2 and its variant [M'.sub.16] = [m [direct sum] 0 x 03 | m [member of] [M.sub.16]}, which are, respectively, used in the RSM (Rotating S-Box Masking (RSM)  is a realization of LEMS.) implementations of DPA Contest v4 and DPA Contest v4.2 , as examples to analyze the security in different SNR environment in practice. The software implementation of AES-256 in DPAcv4 is protected by basic RSM countermeasure, and the traces are collected from an ATMega-163 smart card. Our attacks are performed on the leakage of the outputs of S-Boxes in first-round AES. As the implementation of AES-128 in DPAcv4.2 is protected by enhanced RSM countermeasure using shuffling techniques, we carry out the attacks on the leakage of the ShiftRow in the first round where the noise is bigger.

Aiming at the vulnerabilities of unbalanced [E.sup.(1).sub.(Z,Z')], lots of distinguishers can be designed. Here, we will present examples combined with the linear property of the mask set M: [for all]m, m' [member of] M, m [direct sum] m' [member of] M.

Such property results in the following: for any intermediate z, [M.sup.z] = [z [direct sum] m | m [member of] M} is the same as that of [z.sub.i] = z [direct sum] [m.sub.i] . The reason is, [for all]m [member of] M, [z.sub.i] [direct sum] m = z [direct sum] ([m.sub.i] [direct sum] m) [member of] [M.sup.z], which means [mathematical expression not reproducible]. Hence, [mathematical expression not reproducible]. We further find the variants of the linear mask set [m [direct sum] C | m [member of] M}, where C is a constant also having the same properties. Gathering the intermediates with the same masked values together, [F.sup.2.sub.n] is divided into several sets [J.sub.i], i = 1, 2, ..., c(z, z' [member of] J, if [M.sup.z] = [M.sup.z']).

Let O be the set of all the measurements. [O.sup.k.sub.i] represents the set of measurements whose corresponding plaintext p satisfies [psi](p, k) [member of] [J.sub.i], where [psi](*, *) is the function of sensitive intermediate. The distinguisher could be

[mathematical expression not reproducible], (B.1)

where [??](*, *) is the estimated statistic value of absolute difference values between two measurements sets. When k is wrong, the classification [O.sup.k.sub.i] will be wrong and random, which makes the values of numerator and denominator approximate. When k is the correct key, the value of numerator will differ from that of denominator (Theorem 3 in Section 4 will prove this). [k.sup.*] = arg [max.sub.k][D(k)} or [k.sup.*] = arg [min.sub.k][D(k)}.

[??] can be [E.sup.(1)], obviously. As [E.sup.(2)] is independent of (Z, z!) and Var(X) = E([X.sup.2]) - [(E(X)).sup.2], CV(X) = [square root of Var(X)]/E(X), we can also use Var and CV as [??]. We name those distinguishes for different statistics as [r.sub.v], [r.sub.cv], and [r.sup.(1).sub.m]), respectively.

Using the traces in DPAcv4, we obtain 256 [r.sub.v], [r.sub.cv], and [r.sup.(1).sub.m]) curves and show the time samples around the output of one S-Box in Figure 2(a). The correct key's [r.sub.v] and [r.sub.cv] curves have apparent peaks with 1000 traces. Furthermore, we generate [r.sup.(1).sub.m]), [r.sub.v] and [r.sub.cv] curves over the number of traces at the peak time sample and show the results in Figure 2(b). The black and 255 grey curves represent the cases of the correct key and wrong key hypotheses, respectively. The results show that all those distinguishers can recover the key with enough traces.

We then do the second experiment using traces in DPAcv4.2 at the ShiftRow in the first round where the weaker information is leaked. The three distinguishers succeed with about 6000 traces because of the lower SNR. We omit similar figures here.

https://doi.org/10.1155/2018/7206835

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This research was supported by National Key Research and Development Program of China (Grant no. 2017YFA0303903), National Natural Science Foundation of China (Grant nos. 61402536 and 61402252), Beijing Natural Science Foundation (Grant no. 4162053), National Cryptography Development Fund (Grant no. MMJJ20170201), and 973 Program (Grant no. 2013CB834205).

References

 P. C. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems," in Proceedings of the 16th Annual International Cryptology Conference, CRYPTO '96, Lecture Notes in Computer Science, pp. 104-113, Springer, August 1996.

 S. Bhasin, J.-L. Danger, S. Guilley, and Z. Najm, "Side-channel leakage and trace compression using normalized inter-class variance," in Proceedings of the 3rd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2014, pp. 7:1-7:9, ACM, USA, June 2014.

 G. Dabosville, J. Doget, and E. Prouff, "A new second-order side channel attack based on linear regression," IEEE Transactions on Computers, vol. 62, no. 8, pp. 1629-1640, 2013.

 M. Kayaalp, N. Abu-Ghazaleh, D. Ponomarev, and A. Jaleel, "A high-resolution side-channel attack on last-level cache," in Proceedings of the 53rd Annual ACM IEEE Design Automation Conference, DAC 2016, USA, June 2016.

 A. A. Pammu, K.-S. Chong, W.-G. Ho, and B.-H. Gwee, "Interceptive side channel attack on AES-128 wireless communications for IoT applications," in Proceedings of the 2016 IEEE Asia Pacific Conference on Circuits and Systems, APCCAS 2016, pp. 650-653, Republic of Korea, October 2016.

 Y. Li, M. Chen, and J. Wang, "Introduction to side-channel attacks and fault attacks," in Proceedings of the 7th Asia-Pacific International Symposium on Electromagnetic Compatibility, APEMC 2016, pp. 573-575, May 2016.

 R. Lumbiarres-Lopez, M. Lopez-Garcia, and E. Canto-Navarro, "Hardware architecture implemented on FPGA for protecting cryptographic keys against side-channel attacks," IEEE Transactions on Dependable and Secure Computing, 2016.

 T. Backenstrass, M. Blot, S. Pontie, and R. Leveugle, "Protection of ECC computations against side-channel attacks for lightweight implementations," in Proceedings of the 1st IEEE International Verification and Security Workshop, IVSW 2016, pp. 1-6, July 2016.

 M.-L. Akkar and C. Giraud, "An implementation of DES and AES, secure against some attacks," in Proceedings of the third International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2001, vol. 2162 of Lecture Notes in Computer Science, pp. 309-318, Springer, May 2001.

 M. Nassar, Y. Souissi, S. Guilley, and J.-L. Danger, "RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs," in Proceedings of the 2012 Design, Automation & Test in Europe Conference & Exhibition, DATE 2012, pp. 1173-1178, Dresden, Germany, March 2012.

 M. Nassar, S. Guilley, and J.-L. Danger, "Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks," in Proceedings of the 12th International Conference on Cryptology, INDOCRYPT2011, vol. 7107 of Lecture Notes in Computer Science, pp. 22-39, Springer, December 2011.

 A. Moradi, S. Guilley, and A. Heuser, "Detecting Hidden Leakages," in Proceedings of the 12th International Conference on Applied Cryptography and Network Security, ACNS 2014, vol. 8479 of Lecture Notes in Computer Science, pp. 324-342, Springer International Publishing, June 2014.

 C. Herbst, E. Oswald, and S. Mangard, "An AES smart card implementation resistant to power analysis attacks," in Proceedings of the 4th International Conference on Applied Cryptography and Network Security, ACNS 2006, vol. 3989 of Lecture Notes in Computer Science, pp. 239-252, Springer, June 2006.

 P. Belgarric, S. Bhasin, N. Bruneau et al., "Time-Frequency Analysis for Second-Order Attacks," in Smart Card Research and Advanced Applications, vol. 8419 of Lecture Notes in Computer Science, pp. 108-122, Springer International Publishing, Cham, 2014.

 S. Bhasin, N. Bruneau, J.-L. Danger, S. Guilley, and Z. Najm, "Analysis and improvements of the DPA contest v4 implementation," in Proceedings of the 4th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2014, vol. 8804 of Lecture Notes in Computer Science, pp. 201218, Springer, October 2014.

 C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, and V. Verneuil, "Improved collision-correlation power analysis on first order protected AES," in Proceedings of the 13th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2011, vol. 6917, pp. 49-62, Springer, October 2011.

 X. Ye and T. Eisenbarth, "On the Vulnerability of Low Entropy Masking Schemes," in Proceedings of the 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013, vol. 8419 of Lecture Notes in Computer Science, pp. 44-60, Springer International Publishing, November 2014.

 S. Bhasin, C. Carlet, and S. Guilley, "Theory of masking with codewords in hardware: low-weight dth-order correlation-immune boolean functions," Cryptology ePrint Archive, IACR, vol. 2013, p. 303, 2013.

 V. Grosso, F.-X. Standaert, and E. Prouff, "Low entropy masking schemes, revisited," in Proceedings of the 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013, vol. 8419 of Lecture Notes in Computer Science, pp. 33-43, Springer, November 2014.

 A. Moradi and O. Mischke, "How far should theory be from practice?--evaluation of a countermeasure," in Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2012, vol. 7428 of Lecture Notes in Computer Science, pp. 92-106, Springer, September 2012.

 B. Ege, T. Eisenbarth, and L. Batina, "Near collision side channel attacks," in Proceedings of the 22nd International Conference on Selected Areas in Cryptography, SAC 2015, vol. 9566 of Lecture Notes in Computer Science, pp. 277-292, Springer, August 2015.

 http://functions.wolfram.com/ComplexComponents/Abs/06/ ShowAll.html.

Dan Li, (1,2) Jiazhe Chen (iD), (2) An Wang (iD), (3) and Xiaoyun Wang (iD) (1,4)

(1) Institute for Advanced Study, Tsinghua University, Beijing 100084, China

(2) China Information Technology Security Evaluation Center, Beijing 100085, China

(3) School of Computer Science, Beijing Institute of Technology, Beijing 100081, China

(4) Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

Correspondence should be addressed to Jiazhe Chen; jiazhechen@gmail.com and Xiaoyun Wang; xiaoyunwang@mail.tsinghua.edu.cn

Received 31 October 2017; Accepted 16 January 2018; Published 26 March 2018

Academic Editor: Emanuele Maiorana

Caption: Figure 1: [E.sup.(2).sub.(Z,Z')] over [M.sub.12].

Caption: Figure 2: [r.sub.v], [r.sub.cv], and [r.sup.(1).sub.m] over (a) time samples using 1000 traces (b) and number of traces at the peak location.
COPYRIGHT 2018 Hindawi Limited
No portion of this article can be reproduced without the express written permission from the copyright holder.
Title Annotation: Printer friendly Cite/link Email Feedback Research Article Li, Dan; Chen, Jiazhe; Wang, An; Wang, Xiaoyun Security and Communication Networks Report 9CHIN Jan 1, 2018 5272 Trust Management in Collaborative Systems for Critical Infrastructure Protection. OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries.