User menu

Accès à distance ? S'identifier sur le proxy UCLouvain

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Primary tabs

Clavier, Christophe [Université de Limoges] Wurcker, Antoine [Université de Limoges] Walle, Matthieu [Thales Communications, Paris] Veyrat-Charvillon, Nicolas [UCL] Stöttinger, Marc [PACE Temasek Laboratories, Singapore] Gérard, Benoît [UCL] Danger, Jean-Luc [CNRS LTCI]

Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

Document type Article de périodique (Journal article) – Article de recherche
Access type Accès interdit
Publication date 2014
Language Anglais
Journal information "Journal of Cryptographic Engineering" - Vol. 4, no. 4, p. 259-274 (2014)
Peer reviewed yes
Publisher Springer
e-issn 2190-8516
issn 2190-8508
Publication status Publié
Affiliation UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique
Links
  1. Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: CHES, LNCS, vol. 3156, pp. 16–29. Springer: Cambridge (2004)
  2. Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards. In. In Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147 (1999)
  3. Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: CHES, LNCS, vol. 2523, pp. 13–28. Springer (2002). San Francisco Bay (Redwood City), USA
  4. Elaabid M. Abdelaziz, Guilley Sylvain, Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator, Progress in Cryptology – AFRICACRYPT 2010 (2010) ISBN:9783642126772 p.243-260, 10.1007/978-3-642-12678-9_15
  5. Yungseon Eo, Eisenstadt W.R., Ju Young Jeong, Oh-Kyong Kwon, A new on-chip interconnect crosstalk model and experimental verification for CMOS VLSI circuit design, 10.1109/16.817578
  6. Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates versus Stochastic Methods. In: CHES, LNCS, vol. 4249, pp. 15–29. Springer: Yokohama (2006)
  7. Heuser, A., Kasper, M., Schinder, W., Stöttinger, M.: How a Symmetry Metric Assists Side-Channel Evaluation—A Novel Model Verification Method for Power Analysis. In: 14th Euromicro Conference on Digital System Design Architectures, Methods and Tools (DSD 2011). IEEE (2011)
  8. Heuser, A., Kasper, M., Schindler, W., Stöttinger, M.: A new difference method for side-channel analysis with high-dimensional leakage models. In: O. Dunkelman (ed.) CT-RSA, Lecture Notes in Computer Science, vol. 7178, pp. 365–382. Springer (2012)
  9. Jolliffe I. T., Principal Component Analysis, ISBN:9781475719062, 10.1007/978-1-4757-1904-8
  10. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: CRYPTO, LNCS, vol. 1666, pp. 388–397. Springer (1999)
  11. Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis - Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (2011). http://eprint.iacr.org/2011/579
  12. Nakasone, T., Li, Y., Sasaki, Y., Iwamoto, M., Ohta, K., Sakiyama, K.: Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher. In: T. Kwon, M.K. Lee, D. Kwon (eds.) ICISC, Lecture Notes in Computer Science, vol. 7839, pp. 395–409. Springer (2012)
  13. Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: “Rank Correction”: A New Side-Channel Approach for Secret Key Recovery. In: M. Joye, D. Mukhopadhyay, M. Tunstall (eds.) InfoSecHiComNet, Lecture Notes in Computer Science, vol. 7011, pp. 128–143. Springer (2011)
  14. Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: a Small and Fast Countermeasure for AES, Secure against First- and Second-order Zero-Offset SCAs. In: DATE, pp. 1173–1178 (2012). Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”). On-line version: http://hal.archives-ouvertes.fr/hal-00666337/en
  15. Nieuwland André K., Katoch Atul, Meijer Maurice, Reducing Cross-Talk Induced Power Consumption and Delay, Lecture Notes in Computer Science (2004) ISBN:9783540230953 p.179-188, 10.1007/978-3-540-30205-6_20
  16. Paige Christopher C., Saunders Michael A., LSQR: An Algorithm for Sparse Linear Equations and Sparse Least Squares, 10.1145/355984.355989
  17. Rivain Matthieu, On the Exact Success Rate of Side Channel Analysis in the Gaussian Model, Selected Areas in Cryptography (2009) ISBN:9783642041587 p.165-183, 10.1007/978-3-642-04159-4_11
  18. Satoh, A.: Side-channel Attack Standard Evaluation Board, SASEBO. Project of the AIST—RCIS (Research Center for Information Security), http://www.risec.aist.go.jp/project/sasebo/
  19. Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: J.R. Rao, B. Sunar (eds.) CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 30–46. Springer: Edinburgh (2005)
  20. Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517
  21. Standaert, F.X., Malkin, T., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer: Cologne (2009)
  22. TELECOM ParisTech SEN research group: DPA Contest (2nd edn) (2009–2010). http://www.DPAcontest.org/v2/
  23. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.X.: An Optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks. In: Selected Areas in Cryptography (2012)
Bibliographic reference Clavier, Christophe ; Wurcker, Antoine ; Walle, Matthieu ; Veyrat-Charvillon, Nicolas ; Stöttinger, Marc ; et. al. Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest. In: Journal of Cryptographic Engineering, Vol. 4, no. 4, p. 259-274 (2014)
Permanent URL http://hdl.handle.net/2078.1/159614