Similar operation template attack on RSA-CRT as a case study

A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario

Enhancing the Performance of Practical Profiling Side-Channel Attacks Using Conditional Generative Adversarial Networks

Recently, many profiling side-channel attacks based on Machine Learning and Deep Learning have been proposed. Most of them focus on reducing the number of traces required for successful attacks by optimizing the modeling algorithms. In previous work, relatively sufficient traces need to be used for training a model. However, in the practical profiling phase, it is difficult or impossible to collect sufficient traces due to the constraint of various resources. In this case, the performance of profiling attacks is inefficient even if proper modeling algorithms are used. In this paper, the main problem we consider is how to conduct more efficient profiling attacks when sufficient profiling traces cannot be obtained. To deal with this problem, we first introduce the Conditional Generative Adversarial Network (CGAN) in the context of side-channel attacks. We show that CGAN can generate new traces to enlarge the size of the profiling set, which improves the performance of profiling attacks. For both unprotected and protected cryptographic algorithms, we find that CGAN can effectively learn the leakage of traces collected in their implementations. We also apply it to different modeling algorithms. In our experiments, the model constructed with the augmented profiling set can reduce the required attack traces by more than half, which means the generated traces can provide useful information as the real traces

Pushing the Limit of Non-Profiling DPA using Multivariate Leakage Model

Profiling power attacks like Template attack and Stochastic attack optimize their performance by jointly evaluating the leakages of multiple sample points. However, such multivariate approaches are rare among non-profiling Differential Power Analysis (DPA) attacks, since integration of the leakage of a higher SNR sample point with the leakage of lower SNR sample point might result in a decrease in the overall performance. One of the few successful multivariate approaches is the application of Principal Component Analysis (PCA) for non-profiling DPA. However, PCA also performs sub-optimally in the presence of high noise. In this paper, a multivariate model for an FPGA platform is introduced for improving the performances of non-profiling DPA attacks. The introduction of the proposed model greatly increases the success rate of DPA attacks in the presence of high noise. The experimental results on both simulated power traces and real power traces are also provided as an evidence

Effective Feature Extraction Method for SVM-Based Profiled Attacks

Nowadays, one of the most powerful side channel attacks (SCA) is profiled attack. Machine learning algorithms, for example support vector machine, are currently used for improving the effectiveness of the attack. One issue when using SVM-based profiled attack is extracting points of interest, or features from power traces. So far, studies in SCA domain have selected the points of interest (POIs) from the raw power trace for the classifiers. Our work proposes a novel method for finding POIs that based on the combining variational mode decomposition (VMD) and Gram-Schmidt orthogonalization (GSO). That is, VMD is used to decompose the power traces into sub-signals (modes) of different frequencies and POIs selection process based on GSO is conducted on these sub-signals. As a result, the selected POIs are used for SVM classifier to conduct profiled attack. This attack method outperforms other profiled attacks in the same attack scenario. Experiments were performed on a trace data set collected from the Atmega8515 smart card run on the side channel evaluation board Sakura-G/W and the data set of DPA contest v4 to verify the effectiveness of our method in reducing number of power traces for the attacks, especially with noisy power traces

SNR to Success Rate: Reaching the Limit of Non-Profiling DPA

Many profiling power analysis attacks estimate the multivariate probability distribution using a profiling step, and thus, can optimally combine the leakages of multiple sample points. Though there exist several approaches like filtering, Principal Component Analysis for combining the leakages of multiple sample points in non-profiling DPA, their optimality has been been rarely studied. We study the issue of optimally combining the leakages of multiple sample points in non-profiling DPA attacks using a linear function. In this work, our contributions are three-fold: 1) we first derive a relation between the success rate of a CPA attack and the SNR of the power traces, 2) we introduce a multivariate leakage model for Virtex-5 FPGA device, and 3) using the proposed multivariate leakage model, we devise linear filters to maximize the SNR of the output leakage which, in turn, optimizes the success rate of the CPA attacks in a non-profiling setup

Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment

Side-channel attacks exploit the unintentional emissions from cryptographic devices to determine the secret encryption key. This research identifies methods to make attacks demonstrated in an academic environment more operationally relevant. Algebraic cryptanalysis is used to reconcile redundant information extracted from side-channel attacks on the AES key schedule. A novel thresholding technique is used to select key byte guesses for a satisfiability solver resulting in a 97.5% success rate despite failing for 100% of attacks using standard methods. Two techniques are developed to compensate for differences in emissions from training and test devices dramatically improving the effectiveness of cross device template attacks. Mean and variance normalization improves same part number attack success rates from 65.1% to 100%, and increases the number of locations an attack can be performed by 226%. When normalization is combined with a novel technique to identify and filter signals in collected traces not related to the encryption operation, the number of traces required to perform a successful attack is reduced by 85.8% on average. Finally, software-defined radios are shown to be an effective low-cost method for collecting side-channel emissions in real-time, eliminating the need to modify or profile the target encryption device to gain precise timing information

From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces

Leakage detection usually refers to the task of identifying data-dependent information in side-channel measurements, independent of whether this information can be exploited. Detecting Points-Of-Interest (POIs) in leakage traces is a complementary task that is a necessary first step in most side-channel attacks, where the adversary wants to turn this information into (e.g.) a key recovery. In this paper, we discuss the differences between these tasks, by investigating a popular solution to leakage detection based on a t-test, and an alternative method exploiting Pearson\u27s correlation coefficient. We first show that the simpler t-test has better sampling complexity, and that its gain over the correlation-based test can be predicted by looking at the Signal-to-Noise Ratio (SNR) of the leakage partitions used in these tests. This implies that the sampling complexity of both tests relates more to their implicit leakage assumptions than to the actual statistics exploited. We also put forward that this gain comes at the cost of some intuition loss regarding the localization of the exploitable leakage samples in the traces, and their informativeness. Next, and more importantly, we highlight that our reasoning based on the SNR allows defining an improved t-test with significantly faster detection speed (with approximately 5 times less measurements in our experiments), which is therefore highly relevant for evaluation laboratories. We finally conclude that whereas t-tests are the method of choice for leakage detection only, correlation-based tests exploiting larger partitions are preferable for detecting POIs. We confirm this intuition by improving automated tools for the detection of POIs in the leakage measurements of a masked implementation, in a black box manner and without key knowledge, thanks to a correlation-based leakage detection test