ABSTRACT
Security and safety critical devices must undergo penetration testing including Side-Channel Attacks (SCA) before certification. SCA are powerful and easy to mount but often need huge computation power, especially in the presence of countermeasures. Few efforts have been done to reduce the computation complexity of SCA by selecting a small subset of points where leakage prevails. In this paper, we propose a method to detect relevant leakage points in side-channel traces. The method is based on Normalized Inter-Class Variance (NICV). A key advantage of NICV over state-of-the-art is that NICV does neither need a clone device nor the knowledge of secret parameters of the crypto-system. NICV has a low computation requirement and it detects leakage using public information like input plaintexts or output cipher-texts only. It is shown that NICV can be related to Pearson correlation and signal to noise ratio (SNR) which are standard metrics. NICV can be used to theoretically compute the minimum number of traces required to attack an implementation. A theoretical rationale of NICV with some practical application on real crypto-systems are provided to support our claims.
- M. A. E. Aabid, S. Guilley, and P. Hoogvorst. Template Attacks with a Power Model. Cryptology ePrint Archive, Report 2007/443, December 2007. http://eprint.iacr.org/2007/443/.Google Scholar
- C. Archambeau, É. Peeters, F.-X. Standaert, and J.-J. Quisquater. Template Attacks in Principal Subspaces. In CHES, volume 4249 of LNCS, pages 1--14. Springer, October 10-13 2006. Yokohama, Japan. Google ScholarDigital Library
- L. Batina, B. Gierlichs, and K. Lemke-Rust. Differential Cluster Analysis. In C. Clavier and K. Gaj, editors, Cryptographic Hardware and Embedded Systems -- CHES 2009, volume 5747 of Lecture Notes in Computer Science, pages 112--127, Lausanne, Switzerland, 2009. Springer-Verlag. Google ScholarDigital Library
- É. Brier, C. Clavier, and F. Olivier. Correlation Power Analysis with a Leakage Model. In CHES, volume 3156 of LNCS, pages 16--29. Springer, August 11--13 2004. Cambridge, MA, USA.Google Scholar
- S. Chari, J. R. Rao, and P. Rohatgi. Template Attacks. In CHES, volume 2523 of LNCS, pages 13--28. Springer, August 2002. San Francisco Bay (Redwood City), USA. Google ScholarDigital Library
- O. Choudary and M. G. Kuhn. Efficient Template Attacks. Cryptology ePrint Archive, Report 2013/770, 2013. http://eprint.iacr.org/2013/770.Google Scholar
- C. C. Consortium. Common Criteria (aka CC) for Information Technology Security Evaluation (ISO/IEC 15408), 2013. Website: http://www.commoncriteriaportal.org/.Google Scholar
- J. Cooper, G. Goodwill, J. Jaffe, G. Kenworthy, and P. Rohatgi. Test Vector Leakage Assessment (TVLA) Methodology in Practice, Sept 24--26 2013. International Cryptographic Module Conference (ICMC), Holiday Inn Gaithersburg, MD, USA.Google Scholar
- J.-S. Coron, P. C. Kocher, and D. Naccache. Statistics and Secret Leakage. In Financial Cryptography, volume 1962 of Lecture Notes in Computer Science, pages 157--173. Springer, February 20-24 2000. Anguilla, British West Indies. Google ScholarDigital Library
- J.-L. Danger, N. Debande, S. Guilley, and Y. Souissi. High-order timing attacks. In Proceedings of the First Workshop on Cryptography and Security in Computing Systems, CS2 '14, pages 7--12, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- J. Doget, E. Prouff, M. Rivain, and F.-X. Standaert. Univariate side channel attacks and leakage modeling. J. Cryptographic Engineering, 1(2):123--144, 2011.Google ScholarCross Ref
- R. J. Easter, J.-P. Quemard, and J. Kondo. Text for ISO/IEC 1st CD 17825 -- Information technology -- Security techniques -- Non-invasive attack mitigation test metrics for cryptographic modules, March 22 2014. Prepared within ISO/IEC JTC 1/SC 27/WG 3. (Online).Google Scholar
- Y. Fei, Q. Luo, and A. A. Ding. A Statistical Model for DPA with Novel Algorithmic Confusion Analysis. In E. Prouff and P. Schaumont, editors, CHES, volume 7428 of LNCS, pages 233--250. Springer, 2012. Google ScholarDigital Library
- B. Gierlichs, K. Lemke-Rust, and C. Paar. Templates vs. Stochastic Methods. In CHES, volume 4249 of LNCS, pages 15--29. Springer, October 10-13 2006. Yokohama, Japan. Google ScholarDigital Library
- G. Goodwill, B. Jun, J. Jaffe, and P. Rohatgi. A testing methodology for side-channel resistance validation, September 2011. NIST Non-Invasive Attack Testing Workshop, http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf.Google Scholar
- S. Guilley, S. Chaudhuri, L. Sauvage, P. Hoogvorst, R. Pacalet, and G. M. Bertoni. Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks. IEEE Transactions on Computers, 57(11):1482--1497, nov 2008. Google ScholarDigital Library
- S. Guilley, R. Nguyen, and L. Sauvage. Non-Invasive Attacks Testing: Feedback on Relevant Methods, Sept 24--26 2013. International Cryptographic Module Conference (ICMC), Holiday Inn Gaithersburg, MD, USA.Google Scholar
- A. Heuser, W. Schindler, and M. Stöttinger. Revealing side-channel issues of complex circuits by enhanced leakage models. In W. Rosenstiel and L. Thiele, editors, DATE, pages 1179--1184. IEEE, 2012. Google ScholarDigital Library
- I. T. Jolliffe. Principal Component Analysis. Springer Series in Statistics, 2002. ISBN: 0387954422.Google Scholar
- P. Karsmakers, B. Gierlichs, K. Pelckmans, K. D. Cock, J. Suykens, B. Preneel, and B. D. Moor. Side channel attacks on cryptographic devices as a classification problem. COSIC technical report, 2009.Google Scholar
- V. Lomné, E. Prouff, and T. Roche. Behind the scene of side channel attacks. In K. Sako and P. Sarkar, editors, ASIACRYPT (1), volume 8269 of LNCS, pages 506--525. Springer, 2013.Google Scholar
- S. Mangard. Hardware Countermeasures against DPA -- A Statistical Analysis of Their Effectiveness. In CT-RSA, volume 2964 of Lecture Notes in Computer Science, pages 222--235. Springer, 2004. San Francisco, CA, USA.Google Scholar
- S. Mangard, E. Oswald, and F.-X. Standaert. One for All - All for One: Unifying Standard DPA Attacks. Information Security, IET, 5(2):100--111, 2011. ISSN: 1751-8709; Digital Object Identifier: 10.1049/iet-ifs.2010.0096.Google Scholar
- A. Moradi, S. Guilley, and A. Heuser. Detecting Hidden Leakages. In I. Boureanu, P. Owesarski, and S. Vaudenay, editors, ACNS, volume 8479. Springer, June 10-13 2014. 12th International Conference on Applied Cryptography and Network Security, Lausanne, Switzerland.Google Scholar
- A. Moradi, O. Mischke, and T. Eisenbarth. Correlation-Enhanced Power Analysis Collision Attack. In CHES, volume 6225 of Lecture Notes in Computer Science, pages 125--139. Springer, August 17-20 2010. Santa Barbara, CA, USA. Google ScholarDigital Library
- E. Prouff, M. Rivain, and R. Bevan. Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Computers, 58(6):799--811, 2009. Google ScholarDigital Library
- M. Renauld, F.-X. Standaert, N. Veyrat-Charvillon, D. Kamel, and D. Flandre. A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. In EUROCRYPT, volume 6632 of LNCS, pages 109--128. Springer, May 2011. Tallinn, Estonia. Google ScholarDigital Library
- W. Schindler, K. Lemke, and C. Paar. A Stochastic Model for Differential Side Channel Cryptanalysis. In LNCS, editor, CHES, volume 3659 of LNCS, pages 30--46. Springer, Sept 2005. Edinburgh, Scotland, UK. Google ScholarDigital Library
- Y. Souissi, M. Nassar, S. Guilley, J.-L. Danger, and F. Flament. First Principal Components Analysis: A New Side Channel Distinguisher. In K. H. Rhee and D. Nyang, editors, ICISC, volume 6829 of Lecture Notes in Computer Science, pages 407--419. Springer, 2010. Google ScholarDigital Library
- F.-X. Standaert, B. Gierlichs, and I. Verbauwhede. Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In ICISC, volume 5461 of LNCS, pages 253--267. Springer, December 3-5 2008. Seoul, Korea.Google Scholar
- A. Thillard, E. Prouff, and T. Roche. Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack. In G. Bertoni and J.-S. Coron, editors, CHES, volume 8086 of Lecture Notes in Computer Science, pages 21--36. Springer, 2013. Google ScholarDigital Library
- C. Whitnall, E. Oswald, and F.-X. Standaert. The myth of generic DPA...and the magic of learning. Cryptology ePrint Archive, Report 2012/256, 2012. http://eprint.iacr.org/2012/256.Google Scholar
- D. W. Zimmerman, B. D. Zumbo, and R. H. Williams. Bias in Estimation and Hypothesis Testing of Correlation. Psicológica, 24:133--158, 2003.Google Scholar
Index Terms
- Side-channel leakage and trace compression using normalized inter-class variance
Recommendations
Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferenceSM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. ...
Side-Channel Attacks on Cryptographic Software
When it comes to cryptographic software, side channels are an often-overlooked threat. A side channel is any observable side effect of computation that an attacker could measure and possibly influence. In the software world, side-channel attacks have ...
Side-channel indistinguishability
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and PrivacyWe introduce a masking strategy for hardware that prevents any side-channel attacker from recovering uniquely the secret key of a cryptographic device. In this masking scheme, termed homomorphic, the sensitive data is exclusive-ored with a random value ...
Comments