On the Use of Independent Component Analysis to Denoise Side-Channel Measurements

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10815)

Abstract

Independent Component Analysis (ICA) is a powerful technique for blind source separation. It has been successfully applied to signal processing problems, such as feature extraction and noise reduction, in many different areas including medical signal processing and telecommunication. In this work, we propose a framework to apply ICA to denoise side-channel measurements and hence to reduce the complexity of key recovery attacks. Based on several case studies, we afterwards demonstrate the overwhelming advantages of ICA with respect to the commonly used preprocessing techniques such as the singular spectrum analysis. Mainly, we target a software masked implementation of an AES and a hardware unprotected one. Our results show a significant Signal-to-Noise Ratio (SNR) gain which translates into a gain in the number of traces needed for a successful side-channel attack. This states the ICA as an important new tool for the security assessment of cryptographic implementations.

Keywords

Independent Component Analysis Side-channel analysis Preprocessing Noise filtering Correlation Power Analysis Boolean masking scheme 

References

  1. 1.
  2. 2.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006).  https://doi.org/10.1007/11894063_1CrossRefGoogle Scholar
  3. 3.
    Balasch, J., Gierlichs, B., Reparaz, O., Verbauwhede, I.: DPA, bitslicing and masking at 1 GHz. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 599–619. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_30CrossRefGoogle Scholar
  4. 4.
    Batina, L., Hogenboom, J., van Woudenberg, J.G.J.: Getting more from PCA: first results of using principal component analysis for extensive power analysis. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 383–397. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-27954-6_24CrossRefGoogle Scholar
  5. 5.
    Bell, A.J., Sejnowski, T.J.: An information-maximization approach to blind separation and blind deconvolution. Neural Comput. 7(6), 1129–1159 (1995)CrossRefGoogle Scholar
  6. 6.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: International Symposium on Electromagnetic Compatibility (EMC 2014/Tokyo). Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, Tokyo, Japan. IEEE, 12–16 May 2014Google Scholar
  7. 7.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Side-channel leakage and trace compression using normalized inter-class variance. In: Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2014, pp. 7:1–7:9. ACM, New York (2014)Google Scholar
  8. 8.
    Bohy, L., Neve, M., Samyde, D., Quisquater, J.J.: Principal and independent component analysis for crypto-systems with hardware unmasked units. In: Proceedings of e-Smart 2003 (2003)Google Scholar
  9. 9.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_2CrossRefGoogle Scholar
  10. 10.
    Cagli, E., Dumas, C., Prouff, E.: Kernel discriminant analysis for information extraction in the presence of masking. In: Lemke-Rust, K., Tunstall, M. (eds.) CARDIS 2016. LNCS, vol. 10146, pp. 1–22. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-54669-8_1CrossRefGoogle Scholar
  11. 11.
  12. 12.
    Cardoso, J.F.: Infomax and maximum likelihood for blind source separation. IEEE Sig. Process. Lett. 4(4), 112–114 (1997)CrossRefGoogle Scholar
  13. 13.
    Cardoso, J.F., Souloumiac, A.: Blind beamforming for non-Gaussian signals. IEE Proc. F - Radar Sig. Process. 140(6), 362–370 (1993)CrossRefGoogle Scholar
  14. 14.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08302-5_17CrossRefGoogle Scholar
  15. 15.
    Comon, P.: Independent component analysis, a new concept? Sig. Process. 36(3), 287–314 (1994)CrossRefGoogle Scholar
  16. 16.
    Comon, P., Jutten, C.: Handbook of Blind Source Separation: Independent Component Analysis and Applications. Academic Press, Cambridge (2010)Google Scholar
  17. 17.
    China Consulting Consortium: Common Criteria (aka CC) for Information Technology Security Evaluation (ISO/IEC 15408) (2013). http://www.commoncriteriaportal.org/
  18. 18.
    Debande, N., Souissi, Y., Elaabid, M.A., Guilley, S., Danger, J.-L.: Wavelet transform based pre-processing for side channel analysis. In: HASP, Vancouver, British Columbia, Canada, pp. 32–38. IEEE, 2 December 2012.  https://doi.org/10.1109/MICROW.2012.15
  19. 19.
    Ding, A.A., Chen, C., Eisenbarth, T.: Simpler, faster, and more robust t-test based leakage detection. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 163–183. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-43283-0_10CrossRefGoogle Scholar
  20. 20.
    Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_10CrossRefMATHGoogle Scholar
  21. 21.
    Fisher, R.A.: The use of multiple measurements in taxonomic problems. Ann. Eugenics 7(7), 179–188 (1936)CrossRefGoogle Scholar
  22. 22.
    Friedman, J.H., Tukey, J.W.: A projection pursuit algorithm for exploratory data analysis. IEEE Trans. Comput. 23(9), 881–890 (1974)CrossRefGoogle Scholar
  23. 23.
    Gao, S., Chen, H., Wu, W., Fan, L., Cao, W., Ma, X.: My traces learn what you did in the dark: recovering secret signals without key guesses. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 363–378. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_21CrossRefGoogle Scholar
  24. 24.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1626–1638. ACM, New York (2016)Google Scholar
  25. 25.
    Georgiev, P., Theis, F.J.: Blind source separation of linear mixtures with singular matrices. In: Puntonet, C.G., Prieto, A. (eds.) ICA 2004. LNCS, vol. 3195, pp. 121–128. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30110-3_16CrossRefGoogle Scholar
  26. 26.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85053-3_27CrossRefGoogle Scholar
  27. 27.
    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 15–29. Springer, Heidelberg (2006).  https://doi.org/10.1007/11894063_2CrossRefGoogle Scholar
  28. 28.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop, September 2011. http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf
  29. 29.
    Huber, P.J.: Projection pursuit. Ann. Stat. 13(2), 435–475 (1985)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Hyvärinen, A.: New approximations of differential entropy for independent component analysis and projection pursuit. In: Jordan, M.I., Kearns, M.J., Solla, S.A. (eds.) Advances in Neural Information Processing Systems 10, pp. 273–279. MIT Press (1998)Google Scholar
  31. 31.
    Hyvarinen, A.: Fast and robust fixed-point algorithms for independent component analysis. Trans. Neur. Netw. 10(3), 626–634 (1999)CrossRefGoogle Scholar
  32. 32.
    Hyvärinen, A.: Sparse code shrinkage: denoising of nongaussian data by maximum likelihood estimation. Neural Comput. 11(7), 1739–1768 (1999)CrossRefGoogle Scholar
  33. 33.
    Hyvärinen, A., Oja, E.: A fast fixed-point algorithm for independent component analysis. Neural Comput. 9(7), 1483–1492 (1997)CrossRefGoogle Scholar
  34. 34.
    Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13, 411–430 (2000)CrossRefGoogle Scholar
  35. 35.
    Jolliffe, I.T.: Principal Component Analysis. Springer Series in Statistics. Springer, Heidelberg (2002). ISBN 0387954422MATHGoogle Scholar
  36. 36.
    Jutten, C., Herault, J.: Blind separation of sources, part i: an adaptive algorithm based on neuromimetic architecture. Sig. Process. 24(1), 1–10 (1991)CrossRefGoogle Scholar
  37. 37.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  38. 38.
    Le, T.-H., Cledière, J., Servière, C., Lacoume, J.-L.: Noise reduction in side channel attack using fourth-order cumulant. IEEE Trans. Inf. Forensics Secur. 2(4), 710–720 (2007).  https://doi.org/10.1109/TIFS.2007.910252CrossRefGoogle Scholar
  39. 39.
    Longo, J., De Mulder, E., Page, D., Tunstall, M.: SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 620–640. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_31CrossRefGoogle Scholar
  40. 40.
    Maghrebi, H., Servant, V., Bringer, J.: There is wisdom in harnessing the strengths of your enemy: customized encoding to thwart side-channel attacks. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 223–243. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_12CrossRefGoogle Scholar
  41. 41.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2006).  https://doi.org/10.1007/978-0-387-38162-6. http://www.dpabook.org/. ISBN 0-387-30857-1CrossRefMATHGoogle Scholar
  42. 42.
    Merino Del Pozo, S., Standaert, F.-X.: Blind source separation from single measurements using singular spectrum analysis. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 42–59. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_3CrossRefGoogle Scholar
  43. 43.
    Nadal, J.-P., Parga, N.: Nonlinear neurons in the low-noise limit: a factorial code maximizes information transfer. Netw.: Comput. Neural Syst. 5(4), 565–581 (1994)CrossRefGoogle Scholar
  44. 44.
    Naik, G.R., Wang, W.: Blind Source Separation: Advances in Theory, Algorithms and Applications. Springer Publishing Company, Heidelberg (2014). IncorporatedCrossRefGoogle Scholar
  45. 45.
    O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243–260. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10175-0_17CrossRefGoogle Scholar
  46. 46.
    Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  47. 47.
    Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_25CrossRefGoogle Scholar
  48. 48.
    Souissi, Y., Guilley, S., Danger, J.-L., Duc, G., Mekki, S.: Improvement of power analysis attacks using Kalman filter. In: ICASSP, IEEE Signal Processing Society, Dallas, TX, USA, 14–19 March 2010, pp. 1778–1781. IEEE (2010).  https://doi.org/10.1109/ICASSP.2010.5495428
  49. 49.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85053-3_26CrossRefGoogle Scholar
  50. 50.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_26CrossRefGoogle Scholar
  51. 51.
    TELECOM ParisTech SEN research group. DPA Contest (\(2^\text{nd}\) edition) 2009–2010. http://www.DPAcontest.org/v2/
  52. 52.
    van Woudenberg, J.G.J., Witteman, M.F., Bakker, B.: Improving differential power analysis by elastic alignment. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 104–119. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19074-2_8CrossRefGoogle Scholar
  53. 53.
    Wang, R., Ma, H.-G., Liu, G.-Q., Zuo, D.-G.: Selection of window length for singular spectrum analysis. J. Franklin Inst. 352(4), 1541–1560 (2015)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Underwriters LaboratoriesLa CiotatFrance
  2. 2.ANSSIParisFrance
  3. 3.CNRS, Inria, Laboratoire d’Informatique de Paris 6 (LIP6), Équipe PolSys, Sorbonne Universités, UPMC Univ Paris 06ParisFrance

Personalised recommendations