Side-Channel Analysis Against SecOC-Compliant AES-CMAC

This brief presents a side-channel analysis (SCA) attack for AES-CMAC, which is used in the controller area network (CAN) protocol for in-vehicle networks. It is difficult to apply conventional SCAs that focus on a single round of Sboxes in the AES-CMAC, as is the case in the AES-CMAC/CTR because the AES input values are unknown to the attacker owing to its structure. The proposed method focuses on the Sboxes of the first three rounds of AES continuously and obtains the secret key by sequentially estimating the intermediate values using a first-order SCA. Our method can be applied to all versions of the Secure Onboard Communication (SecOC) standard for securing CAN protocols. We apply a deep-learning-based SCA to implement the proposed attack, in addition to conventional correlation power analysis. We demonstrate the effectiveness of the attack through an experiment using AES-CMAC software that is implemented on the PASTA automotive security evaluation platform, which is compliant with the SecOC standard that is defined in the AUTomotive Open System ARchitecture. The results show that the proposed attack can successfully reveal the secret key of AES-CMAC with at most 400,000 and 150 measurements using conventional non-profiling SCA and deep-learning-based SCA, respectively.