Generic Side-Channel Distinguishers: Improvements and Limitations

  • Nicolas Veyrat-Charvillon
  • François-Xavier Standaert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

The goal of generic side-channel distinguishers is to allow key recoveries against any type of implementation, under minimum assumptions on the underlying hardware. Such distinguishers are particularly interesting in view of recent technological advances. Indeed, the traditional leakage models used in side-channel attacks, based on the Hamming weight or distance of the data contained in an implementation, are progressively invalidated by the increased variability in nanoscale electronic devices. In this paper, we consequently provide two contributions related to the application of side-channel analysis against emerging cryptographic implementations. First, we describe a new statistical test that is aimed to be generic and efficient when exploiting high-dimensional leakages. The proposed distinguisher is fully non-parametric. It formulates the leakage distributions using a copula and discriminates keys based on the detection of an “outlier behavior”. Next, we provide experiments putting forward the limitations of generic side-channel analysis in advanced scenarios, where leaking devices are protected with countermeasures. Our results exhibit that all non-profiled attacks published so far can sometimes give a false sense of security, due to incorrect leakage models. That is, there exists settings in which an implementation is secure against such non-profiled attacks and can be defeated with profiling. This confirms that the evaluations of cryptographic implementations should always consider profiling, as a worst case scenario.

References

  1. 1.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptology 24(2), 269–291 (2011)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Cantelli, F.P.: Sulla determinazione empirica della legge di probabilita. Giorn. Ist. Ital. 4, 421–424 (1933)MATHGoogle Scholar
  4. 4.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  5. 5.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. In: COSADE, Darmstadt, Germany, pp. 1–15 (February 2011)Google Scholar
  7. 7.
    Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting higher-order DPA attacks. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 221–234. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Glivenko, V.: Sulla determinazione empirica della legge di probabilita. Giorn. Ist. Ital. 4, 92–99 (1933)Google Scholar
  10. 10.
    Goubin, L., Patarin, J.: DES and differential power analysis (the ”duplication” method). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Hassoune, I., Macé, F., Flandre, D., Legat, J.-D.: Dynamic differential self-timed logic families for robust and low-power security ics. Integration, the VLSI Journal 40(3), 355–364 (2007)CrossRefGoogle Scholar
  12. 12.
    Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning, ch.6. Springer Series in Statistics. Springer New York Inc., New York (2001)MATHGoogle Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Lemke-Rust, K., Paar, C.: Analyzing side channel leakage of masked implementations with stochastic methods. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 454–468. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)MATHGoogle Scholar
  16. 16.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked aes hardware implementations. In: Rao, Sunar [22], pp. 157–171Google Scholar
  17. 17.
    Messerges, T.S.: Using second-order power analysis to attack dpa resistant software. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Nelsen, R.B.: An Introduction to Copulas, 1st edn. Lecture Notes in Statistics. Springer, Heidelberg (1998)Google Scholar
  19. 19.
    Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information based side channel analysis. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 499–518. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Computers 58(6), 799–811 (2009)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Pyke, R.: Spacings revisited. In: Proceedings of the Sixth Berkeley Symposium on Mathematical Statistics and Probability (Univ. California, Berkeley, Calif., 1970/1971), Vol. I: Theory of statistics, pp. 417–427. Univ. California Press, Berkeley (1972)Google Scholar
  22. 22.
    Rao, J.R., Sunar, B. (eds.): CHES 2005. LNCS, vol. 3659. Springer, Heidelberg (2005)MATHGoogle Scholar
  23. 23.
    Renauld, M., Kamel, D., Standaert, F.-X., Flandre, D.: Scaling trends for dual rail logic styles (2011) (preprint)Google Scholar
  24. 24.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  25. 25.
    Rivain, M., Dottax, E., Prouff, E.: Block ciphers implementations provably secure against second order side channel analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, Sunar [22], pp. 30–46Google Scholar
  27. 27.
    Scott, D.W.: On optimal and data-based histograms. Biometrika 66(3), 605–610 (1979)MathSciNetMATHCrossRefGoogle Scholar
  28. 28.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order dpa. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112–129. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Venelli, A.: Efficient entropy estimation for mutual information analysis using b-splines. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 17–30. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: How, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Veyrat-Charvillon, N., Standaert, F.-X.: Generic side channel distinguishers: Improvements and limitations. Cryptology ePrint Archive, Report 2011/149 (2011), http://eprint.iacr.org/
  33. 33.
    Whitnall, C.: An information theoretic assessment of first-order mia. First year PhD report, University of Bristol (2010)Google Scholar
  34. 34.
    Whitnall, C., Oswald, E.: A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: To Appear In The Proceedings Of Crypto 2011, Santa Barbara, California, USA, August 2011, vol. xxxx, pp. yyy–zzz (2011)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Nicolas Veyrat-Charvillon
    • 1
  • François-Xavier Standaert
    • 1
  1. 1.UCL Crypto Group, Université catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations