Advertisement

Bridging the Gap: Advanced Tools for Side-Channel Leakage Estimation Beyond Gaussian Templates and Histograms

  • Tobias SchneiderEmail author
  • Amir Moradi
  • François-Xavier Standaert
  • Tim Güneysu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10532)

Abstract

The accuracy and the fast convergence of a leakage model are both essential components for the efficiency of side-channel analysis. Thus for efficient leakage estimation an evaluator is requested to pick a Probability Density Function (PDF) that constitutes the optimal trade-off between both aspects. In the case of parametric estimation, Gaussian templates are a common choice due to their fast convergence, given that the actual leakages follow a Gaussian distribution (as in the case of an unprotected device). In contrast, histograms and kernel-based estimations are examples for non-parametric estimation that are capable to capture any distribution (even that of a protected device) at a slower convergence rate.

With this work we aim to enlarge the statistical toolbox of a side-channel evaluator by introducing new PDF estimation tools that fill the gap between both extremes. Our tools are designed for parametric estimation and can efficiently characterize leakages up to the fourth statistical moment. We show that such an approach is superior to non-parametric estimators in contexts where key-dependent information in located in one of those moments of the leakage distribution. Furthermore, we successfully demonstrate how to apply our tools for the (worst-case) information-theoretic evaluation on masked implementations with up to four shares, in a profiled attack scenario. We like to remark that this flexibility capturing information from different moments of the leakage PDF can provide very valuable feedback for hardware designers to their task to evaluate the individual and combined criticality of leakages in their (protected) implementations.

Notes

Acknowledgments

This work is partly supported by the DFG Research Training Group GRK 1817 Ubicrypt and the ERC project 280141. François-Xavier Standaert is a research associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.).

References

  1. 1.
    Side-Channel Attack Standard Evaluation Board (SASEBO). http://satoh.cs.uec.ac.jp/SAKURA/index.html
  2. 2.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Cham (2014). doi: 10.1007/978-3-319-06734-6_17 CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28632-5_2 CrossRefGoogle Scholar
  7. 7.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 Google Scholar
  8. 8.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi: 10.1007/3-540-36400-5_3 CrossRefGoogle Scholar
  9. 9.
    Coron, J.-S., Giraud, C., Prouff, E., Renner, S., Rivain, M., Vadnala, P.K.: Conversion of security proofs from one leakage model to another: a new issue. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 69–81. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29912-4_6 CrossRefGoogle Scholar
  10. 10.
    Coron, J.-S., Kizhvatov, I.: An efficient method for random delay generation in embedded software. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 156–170. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_12 CrossRefGoogle Scholar
  11. 11.
    Dabosville, G., Doget, J., Prouff, E.: A new second-order side channel attack based on linear regression. IEEE Trans. Comput. 62(8), 1629–1640 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)CrossRefGoogle Scholar
  13. 13.
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_24 CrossRefGoogle Scholar
  14. 14.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_16 Google Scholar
  15. 15.
    Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_10 CrossRefGoogle Scholar
  16. 16.
    Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to certify the leakage of a chip? In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 459–476. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_26 CrossRefGoogle Scholar
  17. 17.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: Foundations of Computer Science, pp. 293–302. IEEE Computer Society (2008)Google Scholar
  18. 18.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_12 CrossRefGoogle Scholar
  19. 19.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85053-3_27 CrossRefGoogle Scholar
  20. 20.
    Grushka, E.: Characterization of exponentially modified Gaussian peaks in chromatography. Anal. Chem. 44(11), 1733–1738 (1972). PMID: 22324584CrossRefGoogle Scholar
  21. 21.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 Google Scholar
  22. 22.
    Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 285–300. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16825-3_19 CrossRefGoogle Scholar
  23. 23.
    Lemke-Rust, K., Paar, C.: Gaussian mixture models for higher-order side channel analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 14–27. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_2 CrossRefGoogle Scholar
  24. 24.
    Low, Y.M.: A new distribution for fitting four moments and its applications to reliability analysis. Struct. Saf. 42, 12–25 (2013)CrossRefGoogle Scholar
  25. 25.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  26. 26.
    Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_24 CrossRefGoogle Scholar
  27. 27.
    Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 428–445. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_26 CrossRefGoogle Scholar
  28. 28.
    Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs. In: Computer and Communications Security, CCS 2011, pp. 111–124. ACM (2011)Google Scholar
  29. 29.
    Moradi, A., Kirschbaum, M., Eisenbarth, T., Paar, C.: Masked dual-rail precharge logic encounters state-of-the-art power analysis methods. IEEE Trans. VLSI Syst. 20(9), 1578–1589 (2012)CrossRefGoogle Scholar
  30. 30.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_6 CrossRefGoogle Scholar
  31. 31.
    Moradi, A., Standaert, F.-X.: Moments-correlating DPA. IACR Cryptology ePrint Archive 2014:409 (2014)Google Scholar
  32. 32.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  33. 33.
    Pearson, K.: Contributions to the mathematical theory of evolution. II. Skew variation in homogeneous material. R. Soc. Lond. Philos. Trans. Ser. A 186, 343–414 (1895)CrossRefGoogle Scholar
  34. 34.
    Pearson, K.: Mathematical contributions to the theory of evolution. X. Supplement to a memoir on skew variation. R. Soc. Lond. Philos. Trans. Ser. A 197, 443–459 (1901)CrossRefzbMATHGoogle Scholar
  35. 35.
    Pearson, K.: Mathematical contributions to the theory of evolution. XIX. Second supplement to a memoir on skew variation. R. Soc. Lond. Philos. Trans. Ser. A 216, 429–457 (1916)CrossRefzbMATHGoogle Scholar
  36. 36.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2, 300 GE. J. Cryptol. 24(2), 322–345 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  37. 37.
    Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  38. 38.
    Rao, J.R., Rohatgi, P., Scherzer, H., Tinguely, S.: Partitioning attacks: or how to rapidly clone some GSM cards. In: IEEE Symposium on Security and Privacy 2002, pp. 31–41. IEEE Computer Society (2002)Google Scholar
  39. 39.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_8 CrossRefGoogle Scholar
  40. 40.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_37 CrossRefGoogle Scholar
  41. 41.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15031-9_28 CrossRefGoogle Scholar
  42. 42.
    Roche, T., Prouff, E.: Higher-order glitch free implementation of the AES using secure multi-party computation protocols - extended version. J. Cryptogr. Eng. 2(2), 111–127 (2012)CrossRefGoogle Scholar
  43. 43.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005). doi: 10.1007/11545262_3 CrossRefGoogle Scholar
  44. 44.
    Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_25 CrossRefGoogle Scholar
  45. 45.
    Schneider, T., Moradi, A., Standaert, F.-X., Güneysu, T.: Bridging the gap: advanced tools for side-channel leakage estimation beyond Gaussian templates and histograms. Cryptology ePrint Archive, Report 2016/719 (2016). http://eprint.iacr.org/2016/719
  46. 46.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_26 CrossRefGoogle Scholar
  47. 47.
    Standaert, F.-X., Pereira, O., Yu, Y.: Leakage-resilient symmetric cryptography under empirically verifiable assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 335–352. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_19 CrossRefGoogle Scholar
  48. 48.
    Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17373-8_7 CrossRefGoogle Scholar
  49. 49.
    Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_44 CrossRefGoogle Scholar
  50. 50.
    Whitnall, C., Oswald, E., Standaert, F.-X.: The myth of generic DPA\(\ldots \)and the magic of learning. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 183–205. Springer, Cham (2014). doi: 10.1007/978-3-319-04852-9_10 CrossRefGoogle Scholar
  51. 51.
    Zhou, Y., Yu, Y., Standaert, F.-X., Quisquater, J.-J.: On the need of physical security for small embedded devices: a case study with COMP128-1 implementations in SIM cards. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 230–238. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39884-1_20 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Tobias Schneider
    • 1
    Email author
  • Amir Moradi
    • 1
  • François-Xavier Standaert
    • 2
  • Tim Güneysu
    • 3
  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  2. 2.ICTEAM/ELEN/Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium
  3. 3.University of Bremen and DFKIBremenGermany

Personalised recommendations