A Machine Learning Approach Against a Masked AES

  • Liran Lerman
  • Stephane Fernandes Medeiros
  • Gianluca Bontempi
  • Olivier Markowitch
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)


Side-channel attacks challenge the security of cryptographic devices. One of the widespread countermeasures against these attacks is the masking approach. In 2012, Nassar et al. [21] presented a new lightweight (low-cost) Boolean masking countermeasure to protect the implementation of the AES block-cipher. This masking scheme represents the target algorithm of the DPAContest V4 [30]. In this article, we present the first machine learning attack against a masking countermeasure, using the dataset of the DPAContest V4. We succeeded to extract each targeted byte of the key of the masked AES with \(26\) traces during the attacking phase. This number of traces represents roughly twice the number of traces needed compared to an unmasked AES on the same cryptographic device. Finally, we compared our proposal to a stochastic attack and to a strategy based on template attack. We showed that an attack based on a machine learning model reduces the number of traces required during the attacking step with a factor two and four compared respectively to template attack and to stochastic attack when analyzing the same leakage information. A new strategy based on stochastic attack reduces this number to 27.8 traces (in average) during the attack but requires a larger execution time in our setting than a learning model.


Side-channel attack Masking Profiled attack Machine learning Stochastic attack Template attack 


  1. 1.
    Bartkewitz, T., Lemke-Rust, K.: Efficient template attacks based on probabilistic multi-class support vector machines. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 263–276. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  2. 2.
    Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)CrossRefzbMATHGoogle Scholar
  3. 3.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 398. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  4. 4.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr, B.S., Koç, C.K., Paar, C. (eds.) CHES. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2002) Google Scholar
  5. 5.
    Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)zbMATHGoogle Scholar
  6. 6.
    Dimitriadou, E., Hornik, K., Leisch, F., Meyer, D., Weingessel, A.: e1071: misc functions of the department of statistics (e1071), TU Wien, R package version 1.6 (2011)Google Scholar
  7. 7.
    Gandolfi, K., Mourtel, Ch., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, p. 251. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  8. 8.
    Gierlichs, B., Janussen, K.: Template attacks on masking: an interpretation. In: Lucks, S., Sadeghi, A.-R., Wolf, C., (eds.) WEWoRC (2007)Google Scholar
  9. 9.
    Heuser, A., Zohner, M.: Intelligent machine homicide. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 249–264. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Hospodar, G., Gierlichs, B., Mulder, E.D., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Crypt. Eng. 1(4), 293–302 (2011)CrossRefGoogle Scholar
  11. 11.
    Hospodar, G., Mulder, E.D., Gierlichs, B., Vandewalle, J., Verbauwhede, I.: Least squares support vector machines for side-channel analysis. In: Second International Workshop on Constructive SideChannel Analysis and Secure, pp. 99–104. Design Center for Advanced Security Research Darmstadt (2011)Google Scholar
  12. 12.
    Japkowicz, N., Stephen, S.: The class imbalance problem: a systematic study. Int. Data Anal. J. 6(5), 429–449 (2002)zbMATHGoogle Scholar
  13. 13.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  14. 14.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  15. 15.
    Lerman, L., Bontempi, G., Markowitch, O.: Side channel attack: an approach based on machine learning. In: Second International Workshop on Constructive Side Channel Analysis and Secure Design, pp. 29–41. Center for Advanced Security Research Darmstadt (2011)Google Scholar
  16. 16.
    Lerman, L., Bontempi, G., Markowitch, O.: Power analysis attack: an approach based on machine learning. Int. J. Appl. Crypt. 3(2), 97–115 (2014)CrossRefGoogle Scholar
  17. 17.
    Lerman, L., Bontempi, G., Ben Taieb, S., Markowitch, O.: A time series approach for profiling attack. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE 2013. LNCS, vol. 8204, pp. 75–94. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  18. 18.
    Liaw, A., Wiener, M.: Classification and regression by randomforest. R News 2(3), 18–22 (2002)Google Scholar
  19. 19.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks- Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  20. 20.
    Martinasek, Z., Zeman, V.: Innovative method of the power analysis. Radio Eng. 22(2), 586–594 (2013)Google Scholar
  21. 21.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Rosenstiel W.,Thiele, L. (eds.) DATE, pp. 1173–1178. IEEE (2012)Google Scholar
  22. 22.
    Oswald, E., Mangard, S.: Template attacks on masking—resistance is futile. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 243–256. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  23. 23.
    Pearson, K.: On lines and planes of closest fit to systems of points in space. Philos. Mag. 2(6), 559–572 (1901)CrossRefGoogle Scholar
  24. 24.
    Peng, H., Long, F., Ding, C.: Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1226–1238 (2005)CrossRefGoogle Scholar
  25. 25.
    Rivain, M., Dottax, E., Prouff, E.: Block ciphers implementations provably secure against second order side channel analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  26. 26.
    Schindler, W.: Advanced stochastic methods in side channel analysis on block ciphers in the presence of masking. J. Math. Crypt. 2(3), 291–310 (2008)zbMATHMathSciNetGoogle Scholar
  27. 27.
    Schindler, W., Lemke, K., Paar, Ch.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  28. 28.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  29. 29.
    Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  30. 30.
    DPAContest V4 (2013).

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Liran Lerman
    • 1
    • 2
  • Stephane Fernandes Medeiros
    • 1
  • Gianluca Bontempi
    • 2
  • Olivier Markowitch
    • 1
  1. 1.Quality and Security of Information Systems, Département d’informatiqueUniversité Libre de BruxellesBrusselBelgium
  2. 2.Machine Learning Group, Département d’informatiqueUniversité Libre de BruxellesBrusselBelgium

Personalised recommendations