Attacking state-of-the-art software countermeasures - A case study for AES

In order to protect, software implementations of secret-key cryptographic primitives against side channel attacks, a software developer has only a limited choice of countermeasures. A combination of masking and randomization of operations in time promises good protection and can be realized without too Pinch overhead. Recently, new advanced DPA methods have been proposed to attack Software implementations with such kind of protection. In this work, we have applied these methods successfully to break a protected AES software implementation on a programmable smart card. Thus, we were able to verify the practicality of the new attacks and to estimate their effectiveness in comparison to traditional DPA attacks on unprotected implementations. I it the course of our work, we have also refined and improved the original attacks, so that they can be mounted more efficiently. Our practical results indicate that the effort required for attacking tale protected implementation with the examined methods is more than two orders of magnitude higher compared to an attack on an unprotected implementation.