47,335 research outputs found
Template attacks on different devices
Template attacks remain a most powerful side-channel technique
to eavesdrop on tamper-resistant hardware. They use a profiling
step to compute the parameters of a multivariate normal distribution
from a training device and an attack step in which the parameters obtained
during profiling are used to infer some secret value (e.g. cryptographic
key) on a target device. Evaluations using the same device for
both profiling and attack can miss practical problems that appear when
using different devices. Recent studies showed that variability caused by
the use of either different devices or different acquisition campaigns on
the same device can have a strong impact on the performance of template
attacks. In this paper, we explore further the effects that lead to
this decrease of performance, using four different Atmel XMEGA 256
A3U 8-bit devices. We show that a main difference between devices is a
DC offset and we show that this appears even if we use the same device
in different acquisition campaigns. We then explore several variants of
the template attack to compensate for these differences. Our results show
that a careful choice of compression method and parameters is the key
to improving the performance of these attacks across different devices.
In particular we show how to maximise the performance of template
attacks when using Fisher's Linear Discriminant Analysis or Principal
Component Analysis. Overall, we can reduce the entropy of an unknown
8-bit value below 1.5 bits even when using different devices.Omar Choudary is a recipient of the Google Europe Fellowship in
Mobile Security, and this research is supported in part by this Google Fellowship. The
opinions expressed in this paper do not represent the views of Google unless otherwise
explicitly stated.This is the author accepted manuscript. The final version is available from Springer at http://link.springer.com/chapter/10.1007%2F978-3-319-10175-0_13
Recommended from our members
Efficient, portable template attacks
Template attacks recover data values processed by tamper-resistant
devices from side-channel waveforms, such as supply-current
fluctuations (power analysis) or electromagnetic emissions. They
first profile a device to generate multivariate statistics of the
waveforms emitted for each of a set of known processed values, which
then identify maximum-likelihood candidates of unknown processed
values during an attack. We identify several practical obstacles
arising in the implementation of template attacks, ranging from
numerical errors to the incompatibility of templates across
different devices, and propose and compare several solutions. We
identify pooled covariance matrices and prior dimensionality
reduction through Fisher's Linear Discriminant Analysis as
particularly efficient and effective, especially where many attack
traces can be acquired. We evaluate alternative algorithms not only
for the task of recovering key bytes from a hardware implementation
of the Advanced Encryption Standard; we even reconstruct the value
transferred by an individual byte-load instruction, with success
rates reaching 85% (or a guessing entropy of less than a quarter
bit remaining) after 1000 attack traces, thereby demonstrating
direct eavesdropping of 8-bit parallel data lines. Using different
devices during the profiling and attack phase can substantially
reduce the effectiveness of template attacks. We demonstrate that
the same problem can also occur across different measurement
campaigns with the same device and that DC offsets (e.g. due to
temperature drift) are a significant cause. We improve the
portability of template parameters across devices by manipulating
the DC content of the eigenvectors that form the projection matrix
used for dimensionality reduction of the waveforms
- …