Abstract
This paper introduces a leakage model in the frequency domain to enhance the efficiency of side channel attacks of CMOS circuits. While usual techniques are focused on noise removal around clock harmonics, we show that the actual leakage is not necessary located in those expected bandwidths as experimentally observed by Mateos and Gebotys (A new correlation frequency analysis of the side channel, p 4, 2010). We start by building a theoretical modeling of power consumption and electromagnetic emanations before deriving from it a criterion to guide standard attacks. This criterion is then validated on real experiments, both on FPGA and ASIC, showing an impressive increase of the yield of SCA.
References
Nanosim User Guide, tld-2001.06. Document Order Number: 376418–000 JB (2001)
Barenghi, A., Pelosi, G., Teglia, Y.: Improving first order differential power attacks through digital signal processing. In: Makarevich, O.B., Elci, A., Orgun, M.A., Huss, S.A., Babenko, L.K., Chefranov, A.G., Varadharajan, V. (eds.) SIN, pp. 124–133. ACM, USA (2010)
Barenghi, A., Pelosi, G., Teglia, Y.: Information leakage discovery techniques to enhance secure chip design. In: Ardagna, C.A., Zhou, J. (eds.) WISTP. Lecture notes in computer science, vol. 6633, pp. 128–143. Springer, Berlin (2011)
Bevan, R., Knudsen, E.: Ways to enhance differential power analysis. In: Lee, P.J., Lim, C.H. (eds.) ICISC. Lecture notes in computer science, vol. 2587, pp. 327–342. Springer, Berlin (2002)
Bohl, E., Hayek, J., Schimmel, O., Duplys, P., Rosenstiel, W.: Correlation power analysis in frequency domain. COSADE, Darmstadt (2010)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES. Lecture notes in computer science, vol. 3156, pp. 16–29. Springer, Berlin (2004)
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Jr Kaliski, B.S., Koc, C.K., Paar, C. (eds.) CHES. Lecture notes in computer science, vol. 2523, pp. 13–28. Springer, Berlin (2002)
Dehbaoui, A.; Tiran, S.; Maurine, P.; Standaert, F.-X.; Veyrat-Charvillon, N.: Spectral coherence analysis—first experimental results. Cryptology ePrint Archive, Report 2011/056, 2011. http://eprint.iacr.org/
Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Crypt. Eng. 1(2), 123–144 (2011)
Gebotys, C.H., Ho, S., Tiu, C.C.: EM analysis of Rijndael and ECC on a wireless Java-based pda. In: Rao, J.R., Sunar, B. (eds.) CHES. Lecture notes in computer science, vol. 3659, pp. 250–264. Springer, Berlin (2005)
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES. Lecture notes in computer science, vol. 5154, pp. 426–442. Springer, Berlin (2008)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO. Lecture notes in computer science, vol. 1666, pp. 388–397. Springer, Berlin (1999)
Le, T.H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC. Lecture notes in computer science, vol. 6434, pp. 285–300. Springer, Berlin (2010)
Le, T.-H., Clédière, J., Servière, C., Lacoume, J.-L.: Noise reduction in side channel attack using fourth-order cumulant. IEEE Trans. Info. Forens. Sec. 2(4), 710–720 (2007)
Liu, H., Jin, X., Tsunoo, Y., Goto, S.: Correlated noise reduction for electromagnetic analysis. IEICE Trans. 96–A(1), 185–195 (2013)
Maistri, P., Tiran, S., Maurine, P., Koren, I., Leveugle, R.: An evaluation of an aes implementation protected against em analysis. In: Ayala, J.L., Jones, A.K., Madden, P.H., Coskun, A.K. (eds.) ACM great lakes symposium on VLSI, pp. 317–318. ACM, USA (2013)
Mangard S.: Smart card research and advanced applications. In: 11th International Conference, CARDIS 2012, Graz, Austria, November 28–30, 2012, Revised Selected Papers, volume 7771 of Lecture Notes in Computer Science. Springer (2013)
Mangard, S., Oswald, E., Standaert, F.-X.: One for all–all for one: unifying standard differential power analysis attacks. IET Info. Sec. 5(2), 100–110 (2011)
Mateos, E., Gebotys, C.H.: A new correlation frequency analysis of the side channel. WESS, ACM, p 4 (2010)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comp. 51(5), 541–552 (2002)
Meynard, O., Real, D., Flament, F., Guilley, S., Homma, N., Danger, J.-L.: Quantifying the quality of side-channel acquisitions. COSADE, pp 16–28 (2011)
Meynard, O., Real, D., Guilley, S., Flament, F., Danger, J.L., Valette, F.: Characterization of the electromagnetic side channel in frequency domain. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt. Lecture notes in computer science, vol. 6584, pp. 471–486. Springer, Berlin (2010)
Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. Mangard [17], pp 219–233
Pandini, D., Repetto, G.A., Sinisi, V.: Clock distribution techniques for low-EMI design. In: Azemard, N., Svensson, L.J. (eds.) PATMOS. Lecture notes in computer science, vol. 4644, pp. 201–210. Springer, Berlin (2007)
Pramstaller, N., Mangard, S., Dominikus, S., Wolkerstorfer, J.: Efficient aes implementations on asics and fpgas. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES Conference, volume 3373 of Lecture Notes in Computer Science, pp 98–112. Springer (2004)
Standaert, F.X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT. Lecture notes in computer science, vol. 5479, pp. 443–461. Springer, Berlin (2009)
Tiran, S., Maurine, P.: SCA with magnitude squared coherence. Mangard [17], pages 234–247
van der Meer, F., de Jong, S.M.: Imaging spectrometry: basic principles and prospective applications. Remote sensing and digital image processing. Kluwer Academic Publishers, London (2006)
Venelli, A.: Efficient entropy estimation for mutual information analysis using B-splines. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP. Lecture notes in computer science, vol. 6033, pp. 17–30. Springer, Berlin (2010)
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A: Fourier transform: leakage formula
For a square signal with an amplitude A such as :
its Fourier transform is equal to
Moreover, the Fourier transform of a delay \(t_0\) is
\(X(f)\) being the Fourier transform of \(x(t)\). From Fig. 2c we can see that the EM signal is equal to the sum of two squares, one of amplitude \(\frac{A}{\alpha T}\) with a delay \(\frac{\alpha T}{2}\) and a period \(\alpha T\) and one of amplitude \(\frac{-A}{(1- \alpha ) T}\) with a delay \(\alpha T + \frac{(1- \alpha ) T}{2}\) and a period \((1- \alpha )T\). Thus, from Eqs. 12, 13 we can deduce that the Fourier transform of the EM model is equal to Eq. 3 :
For a function \(g\) and its derivative \({\frac{\mathrm{d}}{\mathrm{d}t}g}\), we have
Knowing that the EM signal is the derivative of the current signal we can deduce Eq. 2 :
Appendix B: Fourier transform: leakage repetition formula
Due to the linearity of the Fourier transform and to Eq. 13 of the delay we get Eq. 15 as the Fourier transform of the leakage.
with \( X(f)\!=\! \mathrm{FT} \{ x(t) \} (f) \) and \(\mathrm{FT}_L (f) \!=\! \mathrm{FT}\{\mathrm{Leakage}(t) \}(f) \)
From Eq. 16, we get:
From Eq. 17 we get:
thus
Rights and permissions
About this article
Cite this article
Tiran, S., Ordas, S., Teglia, Y. et al. A model of the leakage in the frequency domain and its application to CPA and DPA. J Cryptogr Eng 4, 197–212 (2014). https://doi.org/10.1007/s13389-014-0074-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-014-0074-x