Heinz, B.B.HeinzHeyszl, J.J.HeyszlStumpf, F.F.Stumpf2022-03-122022-03-122014https://publica.fraunhofer.de/handle/publica/38738910.1109/ISICIR.2014.7029540We analyze the side-channel countermeasures implemented in a high-throughput AES peripheral of a commercially available microcontroller which is not dedicated to high security applications. We detect and classify the employed countermeasures and examine their effectiveness against first-order DPA attacks. We practically demonstrate, that all of the implemented countermeasures, which are common time-based hiding countermeasures, can easily be nullified with simple preprocessing methods. This is caused by the inherent properties of high-throughput designs (low number of cycles), which offers few choices for such countermeasures. Hence, we found that the effectively achieved side-channel protection is significantly lower than the theoretically expected one due to the way countermeasures are implemented and present ways to improve the effectiveness. We also reveal a design flaw in the implementation which allows timing-based attacks on the device.enconference paper