2006 年 1 巻 2 号 p. 942-952
Side channel attacks are a serious menace to embedded devices with cryptographic applications, which are utilized in sensor and ad hoc networks. In this paper, we discuss how side channel attacks can be applied against message authentication codes, even if the countermeasures are taken to protect the underlying block cipher. In particular, we show that EMAC, OMAC, and PMAC are vulnerable to our attacks. We also point out that our attacks can be applied against RMAC, TMAC, and XCBC. Based on simple power analysis, we show that several key bits can be extracted, and based on differential power analysis, we present a selective forgery against these MACs. Our results suggest that protecting block ciphers against side channel attacks is insufficient, and countermeasures are needed for MACs as well.