Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator

Abstract. This article investigates the relevance of the theoretical frame-work on profiled side-channel attacks presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyses consist in a case-study based on side-channel measurements acquired experimentally from a hardwired crypto-graphic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the inves-tigations we describe are more complex, due to the underlying chip’s architecture and to the large amount of algorithmic noise. In this dif-ficult context, we show however that with an engineer’s mindset, two techniques can greatly improve both the off-line profiling and the on-line attack. First, we explore the appropriateness of different choices for the sensitive variables. We show that a skilled attacker aware of the regis-ter transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. Sec-ond, we introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. Indeed, leveraging on an engineer’s common sense, it is possible to visually foresee the shape of some eigenvectors thereby anticipating their estimation towards their asymptotic value by authoritatively zeroing weak components containing mainly non-informational noise. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack.

Etude de la sécurité d’algorithmes de cryptographie embarquée vis-à-vis des attaques par analyse de la consommation de courant

Cryptography is taking an ever more important part in the life of societies since the users are realising the importance to secure the different aspects of life from citizens means of payment, communication and records of private life to the national securities and armies. During the last twenty years we learned that to mathematically secure cryptography algorithms is not enough because of the vulnerabilities brought by their implementations in a device through an alternative means to get information: side channels. Whether it is from power consumption, time or electromagnetic emissions ... those biases have been evaluated and, since their discovery, the researches of new attacks follow new countermeasures in order to guarantee security of algorithms. This thesis is part of this process and shows several research works about attacks and countermeasures in the fields of side channel and fault injections analysis. The first part is about classic contributions where an attacker wants to recover a secret key when the second part deals with the less studied field of secret specifications recovery.La cryptographie prend une place de plus en plus importante dans la vie des sociétés depuis que ses utilisateurs se rendent compte de son importance pour sécuriser divers aspects de la vie, depuis les moyens de paiement, de communication et de sauvegarde des éléments de la vie privée des citoyens, jusqu'à la sécurité nationale des pays et de leurs armées. Depuis une vingtaine d'années on sait que les algorithmes de cryptographie ne doivent pas seulement être sûrs mathématiquement parlant, mais que leurs implémentations dans un dispositif les rendent vulnérables à d'autres menaces par des voies d'informations alternatives : les canaux auxiliaires. Que ce soit la consommation électrique, le temps ou les émissions électromagnétiques, ... ces biais ont été évalués et depuis leur découverte les recherches de nouvelles attaques et protections se succèdent afin de garantir la sécurité des algorithmes. La présente thèse s'inscrit dans ce processus et présente plusieurs travaux de recherche traitant d'attaques et de contre-mesures dans le domaine de l'exploitation de canaux auxiliaires et d'injections de fautes. Une première partie présente des contributions classiques où l'on cherche à retrouver une clef cryptographique lorsque la seconde s’attelle à un domaine moins étudié pour l'instant consistant à retrouver les spécifications d'un algorithme tenu secret