Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Informatik 2014 P-232, 2437-2448 (2014).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Timing attack on a modified dynamic S-box implementation of the AES invsubbytes operation

Johannes Obermaier , Tobias Laas and Markus Roner


This paper demonstrates a novel timing attack on a software implementation of the AES decryption algorithm. The implementation was optimized to reduce its code and memory footprint by utilizing an inverse S-box operation which directly calculates the substitution values instead of fetching them from a pre-computed look-up table. This code-size optimized implementation was created as part of a laboratory for which a smart-card emulator was designed and physically tested. Later on, we noticed that the implementation shows a data-dependent execution time for which we developed a novel timing attack. It is based on a timing-model which was derived from an analysis of the implementation. The feasibility of the approach was first proved by a simulation. The subsequent application of the attack on the smart-card emulator in a real setup was successful. This paper describes the analysis done to conduct the attack and emphasizes the dangers of incautiously implemented cryptographic algorithms.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-626-8

Last changed 18.11.2014 21:19:36