research-article

Side-channel leakage and trace compression using normalized inter-class variance

Authors:
Shivam Bhasin

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France
View Profile

,
Jean-Luc Danger

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France and Secure-IC S.A.S., Rennes, France

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France and Secure-IC S.A.S., Rennes, France
View Profile

,
Sylvain Guilley

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France and Secure-IC S.A.S., Rennes, France

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France and Secure-IC S.A.S., Rennes, France
View Profile

,
Zakaria Najm

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France

Institut MINES-TELECOM, TELECOM ParisTech, PARIS Cedex, France
View Profile

HASP '14: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and PrivacyJune 2014Article No.: 7Pages 1–9https://doi.org/10.1145/2611765.2611772

Published:15 June 2014Publication History

HASP '14: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy

Pages 1–9

ABSTRACT

Security and safety critical devices must undergo penetration testing including Side-Channel Attacks (SCA) before certification. SCA are powerful and easy to mount but often need huge computation power, especially in the presence of countermeasures. Few efforts have been done to reduce the computation complexity of SCA by selecting a small subset of points where leakage prevails. In this paper, we propose a method to detect relevant leakage points in side-channel traces. The method is based on Normalized Inter-Class Variance (NICV). A key advantage of NICV over state-of-the-art is that NICV does neither need a clone device nor the knowledge of secret parameters of the crypto-system. NICV has a low computation requirement and it detects leakage using public information like input plaintexts or output cipher-texts only. It is shown that NICV can be related to Pearson correlation and signal to noise ratio (SNR) which are standard metrics. NICV can be used to theoretically compute the minimum number of traces required to attack an implementation. A theoretical rationale of NICV with some practical application on real crypto-systems are provided to support our claims.

References

M. A. E. Aabid, S. Guilley, and P. Hoogvorst. Template Attacks with a Power Model. Cryptology ePrint Archive, Report 2007/443, December 2007. http://eprint.iacr.org/2007/443/.Google Scholar
C. Archambeau, É. Peeters, F.-X. Standaert, and J.-J. Quisquater. Template Attacks in Principal Subspaces. In CHES, volume 4249 of LNCS, pages 1--14. Springer, October 10-13 2006. Yokohama, Japan. Google ScholarDigital Library
L. Batina, B. Gierlichs, and K. Lemke-Rust. Differential Cluster Analysis. In C. Clavier and K. Gaj, editors, Cryptographic Hardware and Embedded Systems -- CHES 2009, volume 5747 of Lecture Notes in Computer Science, pages 112--127, Lausanne, Switzerland, 2009. Springer-Verlag. Google ScholarDigital Library
É. Brier, C. Clavier, and F. Olivier. Correlation Power Analysis with a Leakage Model. In CHES, volume 3156 of LNCS, pages 16--29. Springer, August 11--13 2004. Cambridge, MA, USA.Google Scholar
S. Chari, J. R. Rao, and P. Rohatgi. Template Attacks. In CHES, volume 2523 of LNCS, pages 13--28. Springer, August 2002. San Francisco Bay (Redwood City), USA. Google ScholarDigital Library
O. Choudary and M. G. Kuhn. Efficient Template Attacks. Cryptology ePrint Archive, Report 2013/770, 2013. http://eprint.iacr.org/2013/770.Google Scholar
C. C. Consortium. Common Criteria (aka CC) for Information Technology Security Evaluation (ISO/IEC 15408), 2013. Website: http://www.commoncriteriaportal.org/.Google Scholar
J. Cooper, G. Goodwill, J. Jaffe, G. Kenworthy, and P. Rohatgi. Test Vector Leakage Assessment (TVLA) Methodology in Practice, Sept 24--26 2013. International Cryptographic Module Conference (ICMC), Holiday Inn Gaithersburg, MD, USA.Google Scholar
J.-S. Coron, P. C. Kocher, and D. Naccache. Statistics and Secret Leakage. In Financial Cryptography, volume 1962 of Lecture Notes in Computer Science, pages 157--173. Springer, February 20-24 2000. Anguilla, British West Indies. Google ScholarDigital Library
J.-L. Danger, N. Debande, S. Guilley, and Y. Souissi. High-order timing attacks. In Proceedings of the First Workshop on Cryptography and Security in Computing Systems, CS2 '14, pages 7--12, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
J. Doget, E. Prouff, M. Rivain, and F.-X. Standaert. Univariate side channel attacks and leakage modeling. J. Cryptographic Engineering, 1(2):123--144, 2011.Google ScholarCross Ref
R. J. Easter, J.-P. Quemard, and J. Kondo. Text for ISO/IEC 1st CD 17825 -- Information technology -- Security techniques -- Non-invasive attack mitigation test metrics for cryptographic modules, March 22 2014. Prepared within ISO/IEC JTC 1/SC 27/WG 3. (Online).Google Scholar
Y. Fei, Q. Luo, and A. A. Ding. A Statistical Model for DPA with Novel Algorithmic Confusion Analysis. In E. Prouff and P. Schaumont, editors, CHES, volume 7428 of LNCS, pages 233--250. Springer, 2012. Google ScholarDigital Library
B. Gierlichs, K. Lemke-Rust, and C. Paar. Templates vs. Stochastic Methods. In CHES, volume 4249 of LNCS, pages 15--29. Springer, October 10-13 2006. Yokohama, Japan. Google ScholarDigital Library
G. Goodwill, B. Jun, J. Jaffe, and P. Rohatgi. A testing methodology for side-channel resistance validation, September 2011. NIST Non-Invasive Attack Testing Workshop, http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf.Google Scholar
S. Guilley, S. Chaudhuri, L. Sauvage, P. Hoogvorst, R. Pacalet, and G. M. Bertoni. Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks. IEEE Transactions on Computers, 57(11):1482--1497, nov 2008. Google ScholarDigital Library
S. Guilley, R. Nguyen, and L. Sauvage. Non-Invasive Attacks Testing: Feedback on Relevant Methods, Sept 24--26 2013. International Cryptographic Module Conference (ICMC), Holiday Inn Gaithersburg, MD, USA.Google Scholar
A. Heuser, W. Schindler, and M. Stöttinger. Revealing side-channel issues of complex circuits by enhanced leakage models. In W. Rosenstiel and L. Thiele, editors, DATE, pages 1179--1184. IEEE, 2012. Google ScholarDigital Library
I. T. Jolliffe. Principal Component Analysis. Springer Series in Statistics, 2002. ISBN: 0387954422.Google Scholar
P. Karsmakers, B. Gierlichs, K. Pelckmans, K. D. Cock, J. Suykens, B. Preneel, and B. D. Moor. Side channel attacks on cryptographic devices as a classification problem. COSIC technical report, 2009.Google Scholar
V. Lomné, E. Prouff, and T. Roche. Behind the scene of side channel attacks. In K. Sako and P. Sarkar, editors, ASIACRYPT (1), volume 8269 of LNCS, pages 506--525. Springer, 2013.Google Scholar
S. Mangard. Hardware Countermeasures against DPA -- A Statistical Analysis of Their Effectiveness. In CT-RSA, volume 2964 of Lecture Notes in Computer Science, pages 222--235. Springer, 2004. San Francisco, CA, USA.Google Scholar
S. Mangard, E. Oswald, and F.-X. Standaert. One for All - All for One: Unifying Standard DPA Attacks. Information Security, IET, 5(2):100--111, 2011. ISSN: 1751-8709; Digital Object Identifier: 10.1049/iet-ifs.2010.0096.Google Scholar
A. Moradi, S. Guilley, and A. Heuser. Detecting Hidden Leakages. In I. Boureanu, P. Owesarski, and S. Vaudenay, editors, ACNS, volume 8479. Springer, June 10-13 2014. 12th International Conference on Applied Cryptography and Network Security, Lausanne, Switzerland.Google Scholar
A. Moradi, O. Mischke, and T. Eisenbarth. Correlation-Enhanced Power Analysis Collision Attack. In CHES, volume 6225 of Lecture Notes in Computer Science, pages 125--139. Springer, August 17-20 2010. Santa Barbara, CA, USA. Google ScholarDigital Library
E. Prouff, M. Rivain, and R. Bevan. Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Computers, 58(6):799--811, 2009. Google ScholarDigital Library
M. Renauld, F.-X. Standaert, N. Veyrat-Charvillon, D. Kamel, and D. Flandre. A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. In EUROCRYPT, volume 6632 of LNCS, pages 109--128. Springer, May 2011. Tallinn, Estonia. Google ScholarDigital Library
W. Schindler, K. Lemke, and C. Paar. A Stochastic Model for Differential Side Channel Cryptanalysis. In LNCS, editor, CHES, volume 3659 of LNCS, pages 30--46. Springer, Sept 2005. Edinburgh, Scotland, UK. Google ScholarDigital Library
Y. Souissi, M. Nassar, S. Guilley, J.-L. Danger, and F. Flament. First Principal Components Analysis: A New Side Channel Distinguisher. In K. H. Rhee and D. Nyang, editors, ICISC, volume 6829 of Lecture Notes in Computer Science, pages 407--419. Springer, 2010. Google ScholarDigital Library
F.-X. Standaert, B. Gierlichs, and I. Verbauwhede. Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In ICISC, volume 5461 of LNCS, pages 253--267. Springer, December 3-5 2008. Seoul, Korea.Google Scholar
A. Thillard, E. Prouff, and T. Roche. Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack. In G. Bertoni and J.-S. Coron, editors, CHES, volume 8086 of Lecture Notes in Computer Science, pages 21--36. Springer, 2013. Google ScholarDigital Library
C. Whitnall, E. Oswald, and F.-X. Standaert. The myth of generic DPA...and the magic of learning. Cryptology ePrint Archive, Report 2012/256, 2012. http://eprint.iacr.org/2012/256.Google Scholar
D. W. Zimmerman, B. D. Zumbo, and R. H. Williams. Bias in Estimation and Hypothesis Testing of Correlation. Psicológica, 24:133--158, 2003.Google Scholar

Index Terms

Side-channel leakage and trace compression using normalized inter-class variance
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
      1. Embedded hardware
  2. Real-time systems
2. Hardware
  1. Very large scale integration design
    1. Application-specific VLSI designs
      1. Application specific integrated circuits

Recommendations

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. ...
Read More
Side-Channel Attacks on Cryptographic Software

When it comes to cryptographic software, side channels are an often-overlooked threat. A side channel is any observable side effect of computation that an attacker could measure and possibly influence. In the software world, side-channel attacks have ...
Read More
Side-channel indistinguishability
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

We introduce a masking strategy for hardware that prevents any side-channel attacker from recovering uniquely the secret key of a cryptographic device. In this masking scheme, termed homomorphic, the sensitive data is exclusive-ored with a random value ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
HASP '14: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy
June 2014
89 pages
ISBN:9781450327770
DOI:10.1145/2611765
Conference Chairs:
Ruby Lee
Princeton University
,
Weidong Shi
University of Houston
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 June 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
AES
ANOVA
Cryptography
NICV
SNR
TVLA
correlation power analysis (CPA)
leakage detection
linear regression analysis (LRA)
side-channel analysis
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate9of13submissions,69%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 29
  Total Citations
  View Citations
- 290
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Side-channel leakage and trace compression using normalized inter-class variance

HASP '14: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Side-Channel Attacks on Cryptographic Software

Side-channel indistinguishability