Abstract
Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Throughout this paper \({{\mathbf {x}}}'\) is the transpose of \({\mathbf {x}}\).
- 2.
Others [8, 11, 14] use \(1/n_{\mathrm {p}}\) rather than \(1/(n_{\mathrm {p}}-1)\) in \(\mathbf {S}_{k}\), thereby computing the maximum likelihood estimator (MLE) of \(\mathbf {\Sigma }_{k}\). In theory, the correct estimator for \(\mathbf {\Sigma }_{k}\) is the unbiased estimator with \(1/(n_{\mathrm {p}}-1)\); the MLE merely maximises the joint likelihood from the multivariate normal distribution. In practice, we found this choice made no significant performance difference (even down to \(n_{\mathrm {p}}=10, m=6\)).
- 3.
The matrix form allows the use of fast, vectorized linear-algebra routines.
- 4.
Archambeau et al. [8] show a method for computing \({\mathbf {U}}\) that is more efficient when \({m}^{\mathrm {\text {r}}}\gg |{\mathcal {S}}|\), but in our experiments with \({m}^{\mathrm {\text {r}}}=2500\) this direct approach worked well.
- 5.
In our experiments, for \(f=0.95\) and \(n_{\mathrm {p}}<1000\) this method retained the \({m}^{\mathrm {}}=4\) largest components, which correspond to the same components that we had selected using the elbow rule. However, when \(n_{\mathrm {p}}>1000\) the number of components needed for \(f \ge 0.95\) decreased to \({m}^{\mathrm {}}<4\), which led to worse results of the template attack.
- 6.
There are a maximum of \(s=\mathrm {min}({m}^{\mathrm {\text {r}}}, |{\mathcal {S}}|-1)\) non-zero eigenvectors, as that is the maximum number of independent linear combinations available in \({\mathbf {B}}\).
- 7.
Instead of \(\mathbf {S}_{\mathrm {pooled}}\) we could use \({\mathbf {W}}=|{\mathcal {S}}|(n_{\mathrm {p}}-1)\mathbf {S}_{\mathrm {pooled}}\), known as a sample within groups matrix.
- 8.
Note that a pdf, such as \(\mathrm {f}\) from (3), unlike a probability, can be both larger or smaller than 1 and therefore its logarithm can be both positive or negative.
- 9.
MATLAB, single core CPU with 3794 MIPS.
- 10.
We arbitrarily chose to use the DOM estimate, computed as the sum of absolute differences between the mean vectors. Using SNR instead of DOM as the signal strength estimate \({\mathbf {s}}(t)\) has provided very similar results, omitted due to lack of space.
- 11.
The selections 1ppc, 3ppc and 20ppc provide a variable number of samples because of the additional restriction that the selected samples must be above the highest 95th percentile of \({\mathrm {F}}(t)\), which varies with \(n_{\mathrm {p}}\) for each clock edge.
- 12.
References
Mahalanobis, P.C.: On the generalised distance in statistics. In: Proceedings National Institute of Science, India, vol. 2, pp. 49–55 (1936)
Fisher, R.A.: The statistical utilization of multiple measurements. Ann. Eugen. 8, 376–386 (1938)
Box, G.E.P.: Problems in the analysis of growth and wear curves. Biometrics 6, 362–389 (1950)
Chari, S., Rao, J., Rohatgi, P.: Template attacks. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 51–62. Springer, Heidelberg (2003)
Ledoit, O., Wolf, M.: A well-conditioned estimator for large-dimensional covariance matrices. J. Multivar. Anal. 88, 365–411 (2004)
Jolliffe, I.: Principal Component Analysis. Wiley, Chichester (2005)
Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005)
Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006)
Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 15–29. Springer, Heidelberg (2006)
Johnson, R., Wichern, D.: Applied Multivariate Statistical Analysis, 6th edn. Pearson, Upper Saddle River (2007)
Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)
Batina, L., Gierlichs, B., Lemke-Rust, K.: Comparative evaluation of rank correlation based DPA on an AES prototype chip. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 341–354. Springer, Heidelberg (2008)
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)
Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. Trans. Comput. Sci. X 6340, 78–99 (2010)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, 1st edn. Springer, Heidelberg (2010)
Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011)
Acknowledgement
Omar Choudary is a recipient of the Google Europe Fellowship in Mobile Security, and this research is supported in part by this Google Fellowship. The opinions expressed in this paper do not represent the views of Google unless otherwise explicitly stated.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Evaluation Board
For our experiments, we built a custom PCB for the Atmel microcontroller (see Fig. 4, left). This 4-layer PCB has inputs for the clock signal and supply voltage, a USB port to communicate with a PC, and a \(10\,\Omega \) resistor in the ground line for power measurements. The PCB connects all the ground pins of the microcontroller to the same line, which leads to the measurement resistor.
Executed Code
During all our experiments we recorded traces with 2500 samples, covering the execution of several instructions, as shown in Fig. 4 (right). The executed instruction sequence is
The load instructions use the Z pointer (which refers to registers r31:r30) for indirect RAM addressing. The initial value of registers r8–r12 before the load operations is zero. The initial value of Z before the first load instruction is 2020.
Some Proofs
In Sect. 5.3 we rewrote (22) as (24). This is possible because
In Sect. 5.4 we state that \({\mathrm {d}}_{\mathrm {LINEAR}}\) provides the same results for both options of combining the traces (from average trace and based on joint likelihood). This happens because if we let \( c_{k} = -\frac{1}{2}{\bar{{\mathbf {x}}}_{k}}'\mathbf {S}_{\mathrm {pooled}}^{-1}\bar{{\mathbf {x}}}_{k}\) for any \(k\), then we have
and therefore for any \(u, v\in {\mathcal {S}}\) it is true that
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Choudary, O., Kuhn, M.G. (2014). Efficient Template Attacks. In: Francillon, A., Rohatgi, P. (eds) Smart Card Research and Advanced Applications. CARDIS 2013. Lecture Notes in Computer Science(), vol 8419. Springer, Cham. https://doi.org/10.1007/978-3-319-08302-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-08302-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08301-8
Online ISBN: 978-3-319-08302-5
eBook Packages: Computer ScienceComputer Science (R0)