Presented at COSADE 2021 conference
FIRST FULL-FLEDGED SIDE CHANNEL ATTACK ON HMAC-SHA-2
FortifyIQ presents a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware.
Side-channel attacks pose a threat to cryptographic algorithms. HMAC is an important use case of a hash function, in which the input is partially secret and thus unknown to the attacker. Despite a few publications that discuss applications of power analysis techniques to attack HMAC-SHA-2, this is the first generic method that shows a full attack on its hardware implementation.
FortifyIQ details what is believed to be the first practical attack of this type on a true hardware implementation. All the stages of the attack are discussed, and validated experimentally, demonstrating a full attack implementation up to the discovery of the key derivatives that allow for forging HMAC signatures.