Skip to main content

Location, Location, Location: Revisiting Modeling and Exploitation for Location-Based Side Channel Leakages

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11923)

Abstract

Near-field microprobes have the capability to isolate small regions of a chip surface and enable precise measurements with high spatial resolution. Being able to distinguish the activity of small regions has given rise to the location-based side-channel attacks, which exploit the spatial dependencies of cryptographic algorithms in order to recover the secret key. Given the fairly uncharted nature of such leakages, this work revisits the location side-channel to broaden our modeling and exploitation capabilities. Our contribution is threefold. First, we provide a simple spatial model that partially captures the effect of location-based leakages. We use the newly established model to simulate the leakage of different scenarios/countermeasures and follow an information-theoretic approach to evaluate the security level achieved in every case. Second, we perform the first successful location-based attack on the SRAM of a modern ARM Cortex-M4 chip, using standard techniques such as difference of means and multivariate template attacks. Third, we put forward neural networks as classifiers that exploit the location side-channel and showcase their effectiveness on ARM Cortex-M4, especially in the context of single-shot attacks and small memory regions. Template attacks and neural network classifiers are able to reach high spacial accuracy, distinguishing between 2 SRAM regions of 128 bytes each with 100% success rate and distinguishing even between 256 SRAM byte-regions with 32% success rate. Such improved exploitation capabilities revitalize the interest for location vulnerabilities on various implementations, ranging from RSA/ECC with large memory footprint, to lookup-table-based AES with smaller memory usage.

Keywords

  • Side-channel analysis
  • Location leakage
  • Microprobe
  • Template attack
  • Neural network
  • ARM Cortex-M

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-34618-8_10
  • Chapter length: 30 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-34618-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.
Fig. 10.
Fig. 11.
Fig. 12.
Fig. 13.
Fig. 14.

Notes

  1. 1.

    https://tinyurl.com/y9tmnklr.

  2. 2.

    https://tinyurl.com/mcd3ntp.

  3. 3.

    https://tinyurl.com/jlgfx95.

  4. 4.

    Parallel word processing can be easily included.

  5. 5.

    Unless specified otherwise, we place every word directly next to each other, starting from a random position in the surface.

  6. 6.

    Whether this constitutes an option depends on the situation. If any sort of randomization such as masking or re-keying is present in the device then the adversary is limited in the number of shots that he can combine.

  7. 7.

    The template attack uses the experimental data, while the theoretical SR uses simulated data of the same size and dimensionality.

  8. 8.

    Without knowledge of the chip layout we cannot be fully certain about the distance between memory addresses. Here we assume that the low addresses of the SRAM are sufficiently distant from mid ones, which are approx. 8 KBytes away.

  9. 9.

    https://hpc.grnet.gr/en/.

  10. 10.

    https://deeplearning4j.org/.

  11. 11.

    The MLP parameters are chosen to maximize the attack success rate (which is equivalent to accuracy).

References

  1. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). Software available from tensorflow.org

  2. Andrikos, C., Rassias, G., Lerman, L., Papagiannopoulos, K., Batina, L.: Location-based leakages: new directions in modeling and exploiting. In: 2017 International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS), pp. 246–252, July 2017

    Google Scholar 

  3. Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_1

    CrossRef  Google Scholar 

  4. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 64–81. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_5

    CrossRef  Google Scholar 

  5. Cagli, E., Dumas, C., Prouff, E.: Convolutional neural networks with data augmentation against jitter-based countermeasures. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 45–68. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_3

    CrossRef  Google Scholar 

  6. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    CrossRef  Google Scholar 

  7. Chollet, F., et al.: Keras (2015). https://keras.io

  8. Chollet, F.: Xception: deep learning with depthwise separable convolutions. CoRR, abs/1610.02357 (2016)

    Google Scholar 

  9. Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_17

    CrossRef  Google Scholar 

  10. De Cnudde, T., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 1–18. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_1

    CrossRef  Google Scholar 

  11. Deng, J., Dong, W., Socher, R., Li, L.-J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: CVPR 2009 (2009)

    Google Scholar 

  12. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)

    CrossRef  Google Scholar 

  13. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_21

    CrossRef  Google Scholar 

  14. Glorot, X., Bengio, Y. Understanding the difficulty of training deep feedforward neural networks. In: JMLR W&CP: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics (AISTATS 2010), vol. 9, pp. 249–256, May 2010

    Google Scholar 

  15. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  16. He, W., de la Torre, E., Riesgo, T.: An interleaved EPE-immune PA-DPL structure for resisting concentrated EM side channel attacks on FPGA implementation. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 39–53. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29912-4_4

    CrossRef  MATH  Google Scholar 

  17. Heyszl, J.: Impact of Localized Electromagnetic Field Measurements on Implementations of Asymmetric Cryptography. https://mediatum.ub.tum.de/doc/1129375/1129375.pdf

  18. Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_15

    CrossRef  Google Scholar 

  19. Huang, G., Liu, Z., Weinberger, K.Q.: Densely connected convolutional networks. CoRR, abs/1608.06993 (2016)

    Google Scholar 

  20. Immler, V., Specht, R., Unterstein, F.: Your rails cannot hide from localized EM: how dual-rail logic fails on FPGAs. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 403–424. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_20

    CrossRef  Google Scholar 

  21. Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_11

    CrossRef  Google Scholar 

  22. Kamel, D., Standaert, F.X., Flandre, D.: Scaling trends of the AES S-box low power consumption in 130 and 65 nm CMOS technology nodes. In: International Symposium on Circuits and Systems (ISCAS 2009), 24–17 May 2009, Taipei, Taiwan, pp. 1385–1388 (2009)

    Google Scholar 

  23. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR, abs/1412.6980 (2014)

    Google Scholar 

  24. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    CrossRef  Google Scholar 

  25. Kumar, A., Scarborough, C., Yilmaz, A., Orshansky, M.: Efficient simulation of EM side-channel attack resilience. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 123–130, November 2017

    Google Scholar 

  26. Lerman, L., Poussier, R., Markowitch, O., Standaert, F.-X.: Template attacks versus machine learning revisited and the curse of dimensionality in side-channel analysis: extended version. J. Cryptogr. Eng. 8(4), 301–313 (2018)

    CrossRef  Google Scholar 

  27. Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 3–26. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49445-6_1

    CrossRef  Google Scholar 

  28. Martinasek, Z., Hajny, J., Malina, L.: Optimization of power analysis using neural network. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 94–107. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_7

    CrossRef  Google Scholar 

  29. Martinasek, Z., Zeman, V.: Innovative method of the power analysis. Radioengineering 22(2), 586–594 (2013)

    Google Scholar 

  30. Maurine, P.: Securing SoCs in advanced technologies. https://cosade.telecom-paristech.fr/presentations/invited2.pdf

  31. Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: 2012 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1173–1178, March 2012

    Google Scholar 

  32. Nawaz, K., Kamel, D., Standaert, F.-X., Flandre, D.: Scaling trends for dual-rail logic styles against side-channel attacks: a case-study. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 19–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_2

    CrossRef  Google Scholar 

  33. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_38

    CrossRef  MATH  Google Scholar 

  34. Pan, S.J., Yang, Q., et al.: A survey on transfer learning. IEEE Trans. Knowl. Data Eng. 22(10), 1345–1359 (2010)

    CrossRef  Google Scholar 

  35. Papagiannopoulos, K., Veshchikov, N.: Mind the gap: towards secure 1st-order masking in software. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 282–297. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_17

    CrossRef  Google Scholar 

  36. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  37. Prouff, E., Strullu, R., Benadjila, R., Cagli, E., Dumas, C.: Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. IACR Cryptology ePrint Archive 2018, 53 (2018)

    Google Scholar 

  38. Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_8

    CrossRef  Google Scholar 

  39. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_28

    CrossRef  Google Scholar 

  40. Schlösser, A., Nedospasov, D., Krämer, J., Orlic, S., Seifert, J.-P.: Simple photonic emission analysis of AES. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 41–57. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_3

    CrossRef  Google Scholar 

  41. Sijacic, D., Balasch, J., Yang, B., Ghosh, S., Verbauwhede, I.: Towards efficient and automated side channel evaluations at design time. In: Batina, L., Kühne, U., Mentens, N., (eds.) PROOFS 2018. 7th International Workshop on Security Proofs for Embedded Systems. Kalpa Publications in Computing, vol. 7, pp. 16–31. EasyChair (2018)

    Google Scholar 

  42. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)

  43. Specht, R., Immler, V., Unterstein, F., Heyszl, J., Sig, G.: Dividing the threshold: Multi-probe localized EM analysis on threshold implementations. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 33–40, April 2018

    Google Scholar 

  44. Specht, R., Heyszl, J., Kleinsteuber, M., Sigl, G.: Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 3–19. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21476-4_1

    CrossRef  Google Scholar 

  45. Specht, R., Heyszl, J., Sigl, G.: Investigating measurement methods for high-resolution electromagnetic field side-channel analysis. In: 2014 International Symposium on Integrated Circuits (ISIC), Singapore, 10–12 December 2014, pp. 21–24 (2014)

    Google Scholar 

  46. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    CrossRef  Google Scholar 

  47. Standaert, F.-X., Peeters, E., Archambeau, C., Quisquater, J.-J.: Towards security limits in side-channel attacks. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 30–45. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_3

    CrossRef  Google Scholar 

  48. Sugawara, T., Suzuki, D., Saeki, M., Shiozaki, M., Fujino, T.: On measurable side-channel leaks inside ASIC design primitives. J. Cryptogr. Eng. 4(1), 59–73 (2014)

    CrossRef  Google Scholar 

  49. Szegedy, C., Ioffe, S., Vanhoucke, V., Alemi, A.A.: Inception-v4, inception-ResNet and the impact of residual connections on learning. In: AAAI, vol. 4, p. 12 (2017)

    Google Scholar 

  50. Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)

    Google Scholar 

  51. Unterstein, F., Heyszl, J., De Santis, F., Specht, R.: Dissecting leakage resilient PRFs with multivariate localized EM attacks - a practical security evaluation on FPGA. COSADE 2017/272 (2017)

    Google Scholar 

  52. Unterstein, F., Heyszl, J., De Santis, F., Specht, R., Sigl, G.: High-resolution EM attacks against leakage-resilient PRFs explained - and an improved construction. Cryptology ePrint Archive, Report 2018/055 (2018). https://eprint.iacr.org/2018/055

  53. Van Trees, H.L.: Detection, Estimation, and Modulation Theory: Part IV: Optimum Array Processing. Wiley, Hoboken (2002)

    Google Scholar 

  54. Weste, N., Harris, D.: CMOS VLSI Design: A Circuits and Systems Perspective, 4th edn. Addison-Wesley Publishing Company, USA (2010)

    Google Scholar 

  55. Yang, S., Zhou, Y., Liu, J., Chen, D.: Back propagation neural network based leakage characterization for practical security analysis of cryptographic implementations. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 169–185. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_12

    CrossRef  Google Scholar 

Download references

Acknowledgments

We would like to thank Riscure BV, Rafael Boix Carpi, Ilya Kizhvatov and Tin Soerdien for supporting the process of chip decapsulation and scan.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Christos Andrikos .

Editor information

Editors and Affiliations

Appendices

7 Appendix A

Algorithmic Noise in Tightly-Packed Surfaces. Since countermeasure designers opt often for algorithmic noise countermeasures, we investigate the statistical variance of \(N^{algo}\) for a tightly packed circuit that contains a large number of randomly switching components which try to hide the targeted component. We assume every noise-generating component to have area \(b_i \approx d\), where d is the area of the targeted component Since we assume large \(n_a\), both the noise-generating components as well as the targeted component are small w.r.t. the probe size, i.e. \(d \ll o\). In a tightly packed circuit, the probe area o contains roughly \(\frac{o}{d}\) randomly switching components, i.e. \(n_a \approx \frac{o}{d}\). In this particular scenario, the following formula approximates \(N^{algo}\).

$$\begin{aligned}&\quad \ \ N^{algo} = \sum _{i=1}^{n_a} N^{algo}_i = d \cdot \sum _{i=1}^{n_a} B_i = d \cdot A, \\&\quad B_i \sim Bern(0.5) \text { , } A \sim Binomial(n_a,0.5)\\&\text {Thus, } N^{algo} \xrightarrow [\text {Theorem}]{\text {Central Limit}} Norm(\frac{d \cdot n_a}{2}, \frac{d \cdot n_a}{4} ) \end{aligned}$$

Using the approximation of the Central Limit Theorem, we see that \(Var[N^{algo}]=\frac{d \cdot n_a}{4} = \frac{o}{4}\). Thus, for the tightly-packed, small-component scenario we have established a direct link between the probe area o and the level of algorithmic noise, demonstrating how increasing the probe area induces extra noise.

8 Appendix B

Predicted versus actual values, visualizing the validation set success rate.

Predicted:0123456789101112131415
Actual:                
035010001000000000
113010000000000000
210270000000000000
300040110000000000
420013100100001000
501010281000000000
601000037000000100
700012102600000010
800010000260000000
900100110130000000
1000000200113701002
1101011001010340100
1201000002100034000
1300000011003003220
1400000000000000270
1500001000000101031

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Andrikos, C. et al. (2019). Location, Location, Location: Revisiting Modeling and Exploitation for Location-Based Side Channel Leakages. In: Galbraith, S., Moriai, S. (eds) Advances in Cryptology – ASIACRYPT 2019. ASIACRYPT 2019. Lecture Notes in Computer Science(), vol 11923. Springer, Cham. https://doi.org/10.1007/978-3-030-34618-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34618-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34617-1

  • Online ISBN: 978-3-030-34618-8

  • eBook Packages: Computer ScienceComputer Science (R0)