First Full-fledged Side Channel Attack on HMAC-SHA-2
June 18, 2021 -- FortifyIQ, Inc. will present groundbreaking work titled “First Full-fledged Side Channel Attack on HMAC-SHA-2” at Constructive Side-Channel Analysis and Secure Design (COSADE) 2021. FortifyIQ is proud to be a Gold Sponsor at this event.
Side-channel attacks pose a threat to cryptographic algorithms. Hash functions, those from the SHA-2 family, can also be an interesting target if some of their inputs are secret. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker. Despite a few publications that discuss applications of power analysis techniques to attack HMAC-SHA-2, no method has ever demonstrated a full attack on its hardware implementation until now. FortifyIQ presents a novel practical template attack on HMAC-SHA-2, intended primarily against its implementations in hardware. FortifyIQ’s pre-silicon tools took less than two hours including the profiling and attack stages to discover the key derivatives that allow forging of HMAC signatures.
The eleventh annual COSADE will be held in Lugano, Switzerland, and on-line October 25 – 27, 2021.
COSADE’s program committee is comprised of security experts hailing from organizations including but not limited to Rambus, Infineon, Microsoft Research, ST Microelectronics, and universities including University of Adelaide, AU; TU Darmstadt, DE; Yale University, US; University of Bristol, UK; and many others. COSADE’s program committee selected FortifyIQ’s paper titled “First Full-fledged Side Channel Attack on HMAC-SHA-2.”
The COSADE program committee stated: “Generic power analysis attacks on HMAC-SHA2 are non-trivial due to the complexity of the intermediate result mixing. Thus, previous work in the area were “full” attacks, but often exploited some artifact of the usage or implementation to “simplify” the attack design. This meant the previous work was not directly applicable to other implementations or usages.
“By comparison, this paper explores a “full” power analysis attack of an open-source HMAC-SHA256 hardware implementation being used in a generic setting. This means it is applicable to almost all usages of HMAC-SHA256 and represents a useful research contribution (even to show that the algorithm is fundamentally attackable).
“The background (including showing the algorithm and leakage) is excellent, and helps this paper serve as a nice “one-stop-shop” for showing the leakage potential, which is valuable for those working on countermeasures.”
Related Semiconductor IP
- 1.8V/3.3V I/O library with ODIO and 5V HPD in TSMC 16nm
- 1.8V/3.3V I/O Library with ODIO and 5V HPD in TSMC 12nm
- 1.8V to 5V GPIO, 1.8V to 5V Analog in TSMC 180nm BCD
- 1.8V/3.3V GPIO Library with HDMI, Aanlog & LVDS Cells in TSMC 22nm
- Specialed 20V Analog I/O in TSMC 55nm
Related News
- Analog IP tackles side channel attacks
- Microsemi's SmartFusion2 Secure Boot Solution Addresses Side Channel Analysis Vulnerabilities in Competitors' FPGAs Requiring External Configuration
- Cryptography Research and Actel Announce License Agreement Enhancing Security of Actel FPGAs by Protecting Against Side-Channel Attacks
- Rambus Signs License Agreement with Gemalto to Protect Against Side-Channel Attacks
Latest News
- Will RISC-V reduce auto MCU’s future risk?
- Frontgrade Gaisler Launches New GRAIN Line and Wins SNSA Contract to Commercialize First Energy-Efficient Neuromorphic AI for Space Applications
- Continuous-Variable Quantum Key Distribution (CV-QKD) system demonstration
- Latest intoPIX JPEG XS Codec Powers FOR-A’s FA-1616 for Efficient IP Production at NAB 2025
- VeriSilicon Launches ISP9000: The Next-Generation AI-Embedded ISP for Intelligent Vision Applications