Advertisement

How to Estimate the Success Rate of Higher-Order Side-Channel Attacks

  • Victor Lomné
  • Emmanuel Prouff
  • Matthieu Rivain
  • Thomas Roche
  • Adrian Thillard
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8731)

Abstract

The resistance of a cryptographic implementation with regards to side-channel analysis is often quantified by measuring the success rate of a given attack. This approach cannot always be followed in practice, especially when the implementation includes some countermeasures that may render the attack too costly for an evaluation purpose, but not costly enough from a security point of view. An evaluator then faces the issue of estimating the success rate of an attack he cannot mount. The present paper addresses this issue by presenting a methodology to estimate the success rate of higher-order side-channel attacks targeting implementations protected by masking. Specifically, we generalize the approach initially proposed at SAC 2008 in the context of first-order side-channel attacks. The principle is to approximate the distribution of an attack’s score vector by a multivariate Gaussian distribution, whose parameters are derived by profiling the leakage. One can then accurately compute the expected attack success rate with respect to the number of leakage measurements. We apply this methodology to higher-order side-channel attacks based on the widely used correlation and likelihood distinguishers. Moreover, we validate our approach with simulations and practical attack experiments against masked AES implementations running on two different microcontrollers.

Keywords

Gaussian Approximation Multivariate Gaussian Distribution Score Vector Correlation Attack Correlation Power Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template Attacks in Principal Subspaces. In: Goubin and Matsui [8], pp. 1–14Google Scholar
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. PhD thesis (1997)Google Scholar
  4. 4.
    Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate Side Channel Attacks and Leakage Modeling. Journal of Cryptographic Engineering 1(2), 123–144 (2011)CrossRefGoogle Scholar
  6. 6.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. Stochastic Methods. In: Goubin and Matsui [8], pp. 15–29Google Scholar
  8. 8.
    Goubin, L., Matsui, M. (eds.): CHES 2006. LNCS, vol. 4249. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  9. 9.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Mangard, S.: Hardware countermeasures against DPA – A statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Massey, J.: Guessing and Entropy. In: IEEE International Symposium on Information Theory, p. 204 (1994)Google Scholar
  12. 12.
    Prouff, E., Rivain, M., Bévan, R.: Statistical Analysis of Second Order Di_er- ential Power Analysis. IEEE Transactions on Computers 58(6), 799–811 (2009)CrossRefGoogle Scholar
  13. 13.
    Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 165–183. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Rivain, M., Prouff, E., Doget, J.: Higher-order Masking and Shu_ing for Software Implementations of Block Ciphers. Cryptology ePrint Archive (2009), http://eprint.iacr.org/
  15. 15.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A Formal Practice-Oriented Model For The Analysis of Side-Channel Attacks. Cryptology ePrint Archive, Report 2006/139 (2006)Google Scholar
  17. 17.
    Standaert, F.-X., Peeters, E., Rouvroy, G., Quisquater, J.-J.: An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays. IEEE 94(2), 383–394 (2006)CrossRefGoogle Scholar
  18. 18.
    Thillard, A., Prouff, E., Roche, T.: Success through confidence: Evaluating the effectiveness of a side-channel attack. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 21–36. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Victor Lomné
    • 1
  • Emmanuel Prouff
    • 1
  • Matthieu Rivain
    • 2
  • Thomas Roche
    • 1
  • Adrian Thillard
    • 1
  1. 1.ANSSIFrance
  2. 2.CryptoExpertsFrance

Personalised recommendations