Advertisement

Journal of Cryptology

, Volume 24, Issue 2, pp 269–291 | Cite as

Mutual Information Analysis: a Comprehensive Study

  • Lejla Batina
  • Benedikt Gierlichs
  • Emmanuel Prouff
  • Matthieu Rivain
  • François-Xavier Standaert
  • Nicolas Veyrat-Charvillon
Article

Abstract

Mutual Information Analysis is a generic side-channel distinguisher that has been introduced at CHES 2008. It aims to allow successful attacks requiring minimum assumptions and knowledge of the target device by the adversary. In this paper, we compile recent contributions and applications of MIA in a comprehensive study. From a theoretical point of view, we carefully discuss its statistical properties and relationship with probability density estimation tools. From a practical point of view, we apply MIA in two of the most investigated contexts for side-channel attacks. Namely, we consider first-order attacks against an unprotected implementation of the DES in a full custom IC and second-order attacks against a masked implementation of the DES in an 8-bit microcontroller. These experiments allow to put forward the strengths and weaknesses of this new distinguisher and to compare it with standard power analysis attacks using the correlation coefficient.

Key words

Side-Channel Analysis Mutual Information Analysis Masking Countermeasure Higher-Order Attacks Probability Density Estimation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in The Proceedings of CRYPTO 1999, Santa Barbara, California, August 1999. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 398–412 Google Scholar
  2. [2]
    E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in The Proceedings of CHES 2004, Boston, Massachusetts, USA, August 2004. Lecture Notes in Computer Science, vol. 3156 (Springer, Berlin, 2004), pp. 16–29 Google Scholar
  3. [3]
    S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in The proceedings of CHES 2002, San Fransisco, California, USA, August 2002. Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2002), pp. 13–28 Google Scholar
  4. [4]
    T.M. Cover, J.A. Thomas, Elements of Information Theory (Wiley-Interscience, New York, 1991) CrossRefzbMATHGoogle Scholar
  5. [5]
    D.P.A. Contest, 2008/2009. http://www.dpacontest.org/
  6. [6]
    D. Freedman, P. Diaconis, On the histogram as a density estimator. Probab. Theory Relat. Fields 57(4), 453–476 (1981) zbMATHMathSciNetGoogle Scholar
  7. [7]
    K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results, in The Proceedings of CHES 2001, Paris, France, May 2001. Lecture Notes in Computer Science, vol. 2162 (Springer, Berlin, 2001), pp. 251–261 Google Scholar
  8. [8]
    B. Gierlichs, L. Batina, P. Tuyls, B. Preneel, Mutual information analysis—a generic side-channel distinguisher, in The Proceedings of CHES 2008, Washington DC, USA, August 2008. Lecture Notes in Computer Science, vol. 5154 (Springer, Berlin, 2008), pp. 426–442 Google Scholar
  9. [9]
    B. Gierlichs, L. Batina, B. Preneel, I. Verbauwhede, Revisiting higher-order DPA Attacks: multivariate mutual information analysis, in The Proceedings of CT-RSA 2010, San Francisco, CA, USA, March 2010. Lecture Notes in Computer Science, vol. 5985 (Springer, Berlin, 2010), pp. 221–234 Google Scholar
  10. [10]
    L. Goubin, J. Patarin, DES and differential power analysis, in The Proceedings of CHES 1999, Worcester, MA, USA, August 1999. Lecture Notes in Computer Science, vol. 1717 (Springer, Berlin, 1999), pp. 158–172 Google Scholar
  11. [11]
    P. Hall, S.J. Sheather, M.C. Jones, J.S. Marron, On optimal data-based bandwidth selection in kernel density estimation. Biometrika 78, 263–270 (1991) CrossRefzbMATHMathSciNetGoogle Scholar
  12. [12]
    W. Härdle, Smoothing Techniques: With Implementation in S. Springer Series in Statistics (Springer, Berlin, 1990) Google Scholar
  13. [13]
    K.H. Knuth, Optimal Data-Based Binning for Histograms. http://arxiv.org/abs/physics/0605197, May 2006
  14. [14]
    P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems, in The Proceedings of Crypto 1996, Santa-Barbara, CA, USA, August 1996. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 104–113 Google Scholar
  15. [15]
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in The Proceedings of Crypto 1999, Santa-Barbara, CA, USA, August 1999. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 398–412 Google Scholar
  16. [16]
    K. Lemke, C. Paar, Gaussian mixture models for higher-order side-channel analysis, in The Proceedings of CHES 2007, Vienna, Austria, September 2007. Lecture Notes in Computer Science, vol. 4227 (Springer, Berlin, 2007), pp. 14–27 Google Scholar
  17. [17]
    S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks (Springer, Berlin, 2007) zbMATHGoogle Scholar
  18. [18]
    T.S. Messerges, Using second-order power analysis to attack DPA resistant software, in The Proceedings of CHES 2000, Worcester, Massachusetts, USA, August 2000. Lecture Notes in Computer Science, vol. 1965 (Springer, Berlin, 2000), pp. 238–251 Google Scholar
  19. [19]
    A. Moradi, N. Mousavi, C. Paar, M. Salmasizdeh, A comparative study of mutual information analysis under a Gaussian assumption, in The Proceedings of WISA 2009, Busan, Korea, August 2009. Lecture Notes in Computer Science, vol. 5932 (Springer, Berlin, 2009), pp. 193–205 Google Scholar
  20. [20]
    E. Prouff, M. Rivain, Theoretical and practical aspects of mutual information based side-channel analysis, in The Proceedings of ACNS 2009, Paris, France, June 2009. Lecture Notes in Computer Science, vol. 5536 (Springer, Berlin, 2009), pp. 499–518 Google Scholar
  21. [21]
    E. Prouff, M. Rivain, R. Bévan, Statistical analysis of second-order DPA. IEEE Trans. Comput. 58(6), 799–811 (2009) CrossRefMathSciNetGoogle Scholar
  22. [22]
    E. Prouff, R. McEvoy, First-order side-channel attacks on the permutation tables countermeasure, in The Proceedings of CHES 2009, Lausanne, Switzerland, September 2009. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 81–96 Google Scholar
  23. [23]
    J.-J. Quisquater, D. Samyde, Electromagnetic analysis (EMA): measures and countermeasures for smart cards, in The Proceedings of eSmart 2001, Cannes, France, September 2001. Lecture Notes in Computer Science, vol. 2140 (Springer, Berlin, 2001), pp. 200–210 Google Scholar
  24. [24]
    M. Rivain, E. Dottax, E. Prouff, Block ciphers implementations provably secure against second-order side-channel analysis, in The Proceedings of FSE 2008, Lausanne, Switzerland, February 2008. Lecture Notes in Computer Science, vol. 5086 (Springer, Berlin, 2008), pp. 127–143 Google Scholar
  25. [25]
    D.W. Scott, On optimal and data-based histograms. Biometrika 66(3), 605–610 (1979) CrossRefzbMATHMathSciNetGoogle Scholar
  26. [26]
    D.W. Scott, S.R. Sain, Multi-dimensional density estimation, in Data Mining and Data Visualization. Handbook of Statistics, vol. 24 (North-Holland, Amsterdam, 2004) Google Scholar
  27. [27]
    B.W. Silverman, Density Estimation for Statistics and Data Analysis (Chapman & Hall–CRC Press, Boca Raton, 1986) zbMATHGoogle Scholar
  28. [28]
    F.-X. Standaert, T.G. Malkin, M. Yung, A unified framework for the analysis of side-channel key recovery attacks, in The Proceedings of Eurocrypt 2009, Cologne, Germany, April 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 443–461. Extended version available on the Cryptology ePrint Archive, Report 2006/139, http://eprint.iacr.org/2006/139 Google Scholar
  29. [29]
    F.-X. Standaert, B. Gierlichs, I. Verbauwhede, Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks, in The Proceedings of ICISC 2008, Seoul, Korea, December 2008. Lecture Notes in Computer Science, vol. 5461 (Springer, Berlin, 2008), pp. 253–267 Google Scholar
  30. [30]
    F.-X. Standaert, N. Veyrat-Charvillon, E. Oswald, B. Gierlichs, M. Medwed, M. Kasper, S. Mangard, The world is not enough: another look on second-order DPA, in The Proceedings of Asiacrypt 2010, Singapore, December 2010. Lecture Notes in Computer Science, vol. 6477 (Springer, Berlin, 2010), pp. 112–129 CrossRefGoogle Scholar
  31. [31]
    R.A. Tapia, J.R. Thompson, Nonparametric Density Estimation (John Hopkins University Press, Baltimore, 1978) zbMATHGoogle Scholar
  32. [32]
    B.A. Turlach, Bandwidth selection in kernel density estimation: a review, in CORE and Institut de Statistique (Springer, Berlin, 1993) Google Scholar
  33. [33]
    N. Veyrat-Charvillon, F.-X. Standaert, Mutual information analysis: how, when and why? in The Proceedings of CHES 2009, Lausanne, Switzerland, September 2009. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 429–443 Google Scholar
  34. [34]
    K. Tiri, M. Akmal, I. Verbauwhede, A dynamic and differential CMOS logic with signal independent power consumption to withstand DPA on smart cards, in The Proceedings of ESSCIRC 2003, Estoril, Portugal, September 2003 (Springer, Berlin, 2003) Google Scholar
  35. [35]
    L. Batina, B. Gierlichs, K. Lemke-Rust, Differential cluster analysis, in The Proceedings of CHES 2009, Lausanne, Switzerland, September 2009. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 112–127 Google Scholar
  36. [36]
    S. Watanabe, Information theoretical analysis of multivariate correlation. IBM J. Res. Develop. 4, 66–82 (1960) CrossRefzbMATHMathSciNetGoogle Scholar
  37. [37]
    S. Aumonier, Generalized correlation power analysis, in The Proceedings of the ECRYPT Workshop on Tools For Cryptanalysis, Krakòw, Poland, September 2007 (Springer, Berlin, 2007) Google Scholar

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Lejla Batina
    • 1
    • 2
  • Benedikt Gierlichs
    • 1
  • Emmanuel Prouff
    • 3
  • Matthieu Rivain
    • 4
  • François-Xavier Standaert
    • 5
  • Nicolas Veyrat-Charvillon
    • 5
  1. 1.ESAT/SCD-COSIC and IBBTK.U.LeuvenLeuven-HeverleeBelgium
  2. 2.CS Dept./Digital Security groupRadboud University NijmegenNijmegenThe Netherlands
  3. 3.Oberthur TechnologiesNanterre CedexFrance
  4. 4.CryptoExpertsParisFrance
  5. 5.UCL Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations