Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator

Abstract. This article investigates the relevance of the theoretical frame-work on profiled side-channel attacks presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyses consist in a case-study based on side-channel measurements acquired experimentally from a hardwired crypto-graphic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the inves-tigations we describe are more complex, due to the underlying chip’s architecture and to the large amount of algorithmic noise. In this dif-ficult context, we show however that with an engineer’s mindset, two techniques can greatly improve both the off-line profiling and the on-line attack. First, we explore the appropriateness of different choices for the sensitive variables. We show that a skilled attacker aware of the regis-ter transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. Sec-ond, we introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. Indeed, leveraging on an engineer’s common sense, it is possible to visually foresee the shape of some eigenvectors thereby anticipating their estimation towards their asymptotic value by authoritatively zeroing weak components containing mainly non-informational noise. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack.

Efficient template attacks

This is the accepted manuscript version. The final published version is available from http://link.springer.com/chapter/10.1007/978-3-319-08302-5_17.Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.Omar Choudary is a recipient of the Google Europe Fellowship in Mobile Security, and this research is supported in part by this Google Fellowship

Asymptotic information leakage under one-try attacks

We study the asymptotic behaviour of (a) information leakage and (b) adversary’s error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models

Calpain cleavage and subcellular characterisation of the ferlin family.

The ferlins are a family of C2-domain containing proteins. C2 domains regulate vesicle fusion in synaptotagmins, and animal models of ferlin deficiency display pathologies related to Ca2+-dependent vesicle fusion. Dysferlin mutations cause limb-girdle muscular dystrophy due to defective membrane repair. Our group has previously shown that Ca2+-dependent proteases, calpains, cleave dysferlin following membrane injury, releasing mini-dysferlinC72, that we hypothesise mediates membrane repair. Otoferlin mutations cause non-syndromic deafness, while no pathology causing mutations have been identified in other ferlins. My project establishes that dysferlin and myoferlin, type-I ferlins, are present at the plasma membrane and endo-lysosomal pathway while otoferlin and Fer1L6, type-II ferlins, are present at the plasma membrane and recycling trans-Golgi compartments. I also show that dysferlin is cleaved to mini-dysferlinC72 following injury in all cell types by the ubiquitous calpains-1 and -2 in the alternatively spliced exon 40a, indicating dysferlin cleavage is a fundamental response to membrane injury. Exon 40a-containing dysferlin recruits to sites of membrane injury in myotubes, indicating mini-dysferlinC72 may function directly at sites of injury. Finally, I have shown that calpains also cleave otoferlin and myoferlin. Cleavage of other ferlins indicates ferlin cleavage is an evolutionarily conserved event, predating the split between type-I and type-II ferlins

Efficient Entropy Estimation for Mutual Information Analysis Using B-Splines

International audienceThe Correlation Power Analysis (CPA) is probably the most used side-channel attack because it seems to fit the power model of most standard CMOS devices and is very efficiently computed. However, the Pearson correlation coefficient used in the CPA measures only linear statistical dependences where the Mutual Information (MI) takes into account both linear and nonlinear dependences. Even if there can be simultaneously large correlation coefficients quantified by the correlation coefficient and weak dependences quantified by the MI, we can expect to get a more profound understanding about interactions from an MI Analysis (MIA). We study methods that improve the non-parametric Probability Density Functions (PDF) in the estimation of the entropies and, in particular, the use of B-spline basis functions as pdf estimators. Our results indicate an improvement of two fold in the number of required samples compared to a classic MI estimation. The B-spline smoothing technique can also be applied to the rencently introduced Cramér-von-Mises test

KLEIN: A New Family of Lightweight Block Ciphers

Resource-efficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resource-constrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has advantage in the software performance on legacy sensor platforms, while in the same time its hardware implementation can also be compact

Basic Science in Movement Disorders: Fueling the Engine of Translation into Clinical Practice

\ua9 2024 The Authors. Movement Disorders published by Wiley Periodicals LLC on behalf of International Parkinson and Movement Disorder Society. Basic Science is crucial for the advancement of clinical care for Movement Disorders. Here, we provide brief updates on how basic science is important for understanding disease mechanisms, disease prevention, disease diagnosis, development of novel therapies and to establish the basis for personalized medicine. We conclude the viewpoint by a call to action to further improve interactions between clinician and basic scientists. \ua9 2024 The Authors. Movement Disorders published by Wiley Periodicals LLC on behalf of International Parkinson and Movement Disorder Society