Advertisement

Journal of Cryptographic Engineering

, Volume 8, Issue 4, pp 301–313 | Cite as

Template attacks versus machine learning revisited and the curse of dimensionality in side-channel analysis: extended version

  • Liran Lerman
  • Romain Poussier
  • Olivier Markowitch
  • François-Xavier Standaert
Regular Paper
  • 243 Downloads

Abstract

Template attacks and machine learning are two popular approaches to profiled side-channel analysis. In this paper, we aim to contribute to the understanding of their respective strengths and weaknesses, with a particular focus on their curse of dimensionality. For this purpose, we take advantage of a well-controlled simulated experimental setting in order to put forward two important aspects. First and from a theoretic point of view, the data complexity of template attacks is not sensitive to the dimension increase in side-channel traces given that their profiling is perfect. Second and from a practical point of view, concrete attacks are always affected by (estimation and assumption) errors during profiling. As these errors increase, machine learning gains interest compared to template attacks, especially when based on random forests. We then clarify these results thanks to the bias–variance decomposition of the error rate recently introduced in the context side-channel analysis.

Keywords

Side-channel attacks Template attacks Machine learning Curse of dimensionality Bias–variance decomposition 

Notes

Acknowledgements

F.-X. Standaert is a research associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in parts by the European Commission through the ERC project 280141 (CRASH). L. Lerman is a postdoctoral researcher working on the SCAUT project and funded by the Brussels Institute for Research and Innovation (Innoviris).

References

  1. 1.
    Banciu, V., Oswald, E., Whitnall, C.: Reliable information extraction for single trace attacks. In: Nebel, W., Atienza, D. (eds.) Proceedings of the 2015 Design, Automation and Test in Europe Conference and Exhibition, DATE 2015, Grenoble, France, March 9–13, 2015, pp. 133–138. ACM (2015)Google Scholar
  2. 2.
    Banciu, V., Oswald, E., Carolyn, W.: Reliable information extraction for single trace attacks. In: IACR Cryptology ePrint Archive, vol. 2015, p. 45 (2015)Google Scholar
  3. 3.
    Bartkewitz, T., Lemke-Rust, K.: Efficient template attacks based on probabilistic multi-class support vector machines. In: Mangard, S. (ed.) CARDIS, volume 7771 of Lecture Notes in Computer Science, pp. 263–276. Springer, Berlin (2012)Google Scholar
  4. 4.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  5. 5.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES, volume 2523 of Lecture Notes in Computer Science, pp. 13–28. Springer, Berlin (2002)Google Scholar
  6. 6.
    Choudary, M.O., Poussier, R., Standaert, F.-X.: Score-based vs. probability-based enumeration—a cautionary note. In: Progress in Cryptology—INDOCRYPT 2016—17th International Conference on Cryptology in India, Kolkata, India, December 11–14, 2016, Proceedings (2016) (to appear)Google Scholar
  7. 7.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications–12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 253–270. Springer (2013)Google Scholar
  8. 8.
    Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)zbMATHGoogle Scholar
  9. 9.
    Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, Cambridge (2010)zbMATHGoogle Scholar
  10. 10.
    Domingos, P.: A unifeid bias-variance decomposition and its applications. In: Langley, P. (ed.) Proceedings of the Seventeenth International Conference on Machine Learning (ICML 2000), Stanford University, Stanford, CA, USA, June 29–July 2, 2000, pp. 231–238. Morgan Kaufmann (2000)Google Scholar
  11. 11.
    Domingos, P.: A unified bias-variance decomposition for zero-one and squared loss. In Kautz, H.A., Porter, B.W. (eds.) Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence, July 30–August 3, 2000, Austin, Texas, USA, pp. 564–569. AAAI Press/The MIT Press (2000)Google Scholar
  12. 12.
    Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to certify the leakage of a chip? In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT, volume 8441 of Lecture Notes in Computer Science, pp. 459–476. Springer, Berlin (2014)zbMATHGoogle Scholar
  13. 13.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES, volume 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer, Berlin (2001)Google Scholar
  14. 14.
    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES, volume 4249 of Lecture Notes in Computer Science, pp. 15–29. Springer, Berlin (2006)Google Scholar
  15. 15.
    Gilmore, R., Hanley, N., O’Neill, M.: Neural network based attack on a masked implementation of AES. In: IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2015, Washington, DC, USA, 5–7 May, 2015, pp. 106–111. IEEE (2015)Google Scholar
  16. 16.
    He, H., Jaffe, J., Zou, L.: CS 229 Machine Learning—Side Channel Cryptanalysis Using Machine Learning. Technical Report, Stanford University (2012)Google Scholar
  17. 17.
    Heuser, A., Zohner, M.: Intelligent machine homicide–breaking cryptographic devices using support vector machines. In: Schindler, W., Huss, S.A. (eds.) COSADE, volume 7275 of Lecture Notes in Computer Science, pp. 249–264. Springer, Berlin (2012)Google Scholar
  18. 18.
    Hospodar, G., Gierlichs, B., De Mulder, E., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channelanalysis: a first study. J. Cryptogr. Eng. 1(4), 293–302 (2011)CrossRefGoogle Scholar
  19. 19.
    Hospodar, G., De Mulder, E., Gierlichs, B., Vandewalle, J., Verbauwhede, I.: Least squares support vector machines for side-channel analysis. In: Second International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 99–104. Center for Advanced Security Research Darmstadt (2011)Google Scholar
  20. 20.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) CRYPTO, volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer, Berlin (1996)Google Scholar
  21. 21.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer, Berlin (1999)Google Scholar
  22. 22.
    Lerman, L., Bontempi, G., Markowitch, O.: Side-channel attacks: an approach based on machine learning. In: Second International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 29–41. Center for Advanced Security Research Darmstadt (2011)Google Scholar
  23. 23.
    Lerman, L., Bontempi, G., Markowitch, O.: Power analysis attack: an approach based on machine learning. IJACT 3(2), 97–115 (2014)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Lerman, L., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. J. Cryptogr. Eng. 5(2), 123–139 (2015)CrossRefGoogle Scholar
  25. 25.
    Lerman, L., Bontempi, G., Markowitch, O.: The bias–variance decomposition in profiled attacks. J. Cryptogr. Eng. 5, 1–13 (2015)CrossRefGoogle Scholar
  26. 26.
    Lerman, L., Medeiros, S.F., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications–12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 61–75. Springer (2013)Google Scholar
  27. 27.
    Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F.-X.: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: Mangard, S., Poschmann, A.Y. (eds.) Constructive Side-Channel Analysis and Secure Design—6th International Workshop, COSADE 2015, Berlin, Germany, April 13–14, 2015. Revised Selected Papers, volume 9064 of Lecture Notes in Computer Science, pp. 20–33. Springer (2015)Google Scholar
  28. 28.
    Louppe, G.: Understanding Random Forests: From Theory to Practice. ArXiv e-prints (2014)Google Scholar
  29. 29.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for all–all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  30. 30.
    Martinasek, Z., Hajny, J., Malina, L.: Optimization of power analysis using neural network. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications—12th International Conference, CARDIS 2013, Berlin, Germany, November 27–29, 2013. Revised Selected Papers, volume 8419 of Lecture Notes in Computer Science, pp. 94–107. Springer (2013)Google Scholar
  31. 31.
    Patel, H., Baldwin, R.O.: Random forest profiling attack on advanced encryption standard. IJACT 3(2), 181–194 (2014)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT, volume 6632 of Lecture Notes in Computer Science, pp. 109–128. Springer, Berlin (2011)zbMATHGoogle Scholar
  33. 33.
    Rokach, L., Maimon, O.: Data Mining with Decision Trees: Theory and Applications. Series in Machine Perception and Artificial Intelligence. World Scientific Publishing Company, Incorporated, Singapore (2008)zbMATHGoogle Scholar
  34. 34.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES, volume 3659 of Lecture Notes in Computer Science, pp. 30–46. Springer, Berlin (2005)Google Scholar
  35. 35.
    Standaert, F.-X., Koeune, F., Schindler, W.: How to compare profiled side-channel attacks? In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS. Lecture Notes in Computer Science, vol. 5536, pp. 485–498. Springer, Berlin (2009)Google Scholar
  36. 36.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT, volume 5479 of Lecture Notes in Computer Science, pp. 443–461. Springer, Berlin (2009)CrossRefGoogle Scholar
  37. 37.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography, volume 7707 of Lecture Notes in Computer Science, pp. 390–406. Springer, Berlin (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.Département d’informatiqueUniversité Libre de BruxellesBrusselsBelgium
  2. 2.ICTEAM/INGIUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations