Linear Regression Attack with F-test: A New SCARE Technique for Secret Block Ciphers
The past ten years have seen tremendous progress in the uptake of side channel analysis in various applications. Among them, Side Channel Analysis for Reverse Engineering (SCARE) is an especially fruitful area. Taking the side channel leakage into account, SCARE efficiently recovers secret ciphers in a non-destructive and non-intrusive manner. Unfortunately, most previous works focus on customizing SCARE for a certain type of ciphers or implementations. In this paper, we ask whether the attacker can loosen these restrictions and reverse secret block ciphers in a more general manner. To this end, we propose a SCARE based on Linear Regression Attack (LRA), which simultaneously detects and analyzes the power leakages of the secret encryption process. Compared with the previous SCAREs, our approach uses less a priori knowledge, covers more block cipher instances in a completely non-profiled manner. Moreover, we further present a complete SCARE flow with realistic power measurements of an unprotected software implementation. From traces that can barely recognize the encryption rounds, our experiments demonstrate how the underlying cipher can be recovered step-by-step. Although our approach still has some limitations, we believe it can serve as an alternative tool for reverse engineering in the future.
KeywordsLinear Regression Attack SCARE F-test
- 9.Bhasin, S., Danger, J.L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: 2014 International Symposium on Electromagnetic Compatibility, Tokyo (EMC 2014/Tokyo), pp. 310–313 (2014)Google Scholar
- 10.Wiki: Coefficient of determination. http://en.wikipedia.org/wiki/Coefficient_of_determination
- 15.Allen, M.P.: Understanding Regression Analysis. Springer Science & Business Media, New York (1997)Google Scholar
- 17.Gordon, D.: La Jolla Covering Repository. https://www.ccrwest.org/cover.html