Uncertain? No, It’s Very Certain!

Part 8: Sidechannel AnalysisInternational audienceIt has always been the concern of side channel analysis that how to recover the key with a probability of about 1.00 under the condition that the number of power traces is very small and the success rates is very low. In order to recover the key, the attacker has to try to reduce the guessing entropy to decrease the uncertainty of the key. Unfortunately, guessing entropy is only a evaluation of attack ability in most cases. In this paper, we introduce the statistical characteristics of guessing entropy and propose guessing entropy enhanced CPA (GE-CPA). Its feasibility is verified in theory and experiment. Experiments on both AES algorithm implemented on an AT89S52 single chip and power trace set secmatv1 of DES encryption on the side channel attack standard evaluation board(SASEBO) from the website DPA contest v1. The experimental results show that, by only repeating the experiments less than 30 times, our GE-CPA can effectively recover the key even under the bad condition that success rate only ranges from $$5\,\%$$ to $$8\,\%$$. Thus, the problem is well solved

On Adaptive Bandwidth Selection for Efficient MIA

International audienceRecently, a generic DPA attack using the mutual information index as the side channel distinguisher has been introduced. Mutual Information Analysis’s (MIA) main interest is its claimed genericity. However, it requires the estimation of various probability density functions (PDF), which is a task that involves the complicated problem of selecting tuning parameters. This problem could be the cause of the lower efficiency of MIA that has been reported. In this paper, we introduce an approach that selects the tuning parameters with the goal of optimizing the performance of MIA. Our approach differs from previous works in that it maximizes the ability of MIA to discriminate one key among all guesses rather than optimizing the accuracy of PDF estimates. Application of this approach to various leakage traces confirms the soundness of our proposal

Generic Side-Channel Distinguishers: Improvements and Limitations

The goal of generic side-channel distinguishers is to allow key recoveries against any type of implementation, under minimum assumptions on the underlying hardware. Such distinguishers are particularly interesting in view of recent technological advances. Indeed, the traditional leakage models used in side-channel attacks, based on the Hamming weight or distance of the data contained in an implementation, are progressively invalidated by the increased variability in nanoscale electronic devices. In this paper, we consequently provide two contributions related to the application of side-channel analysis against emerging cryptographic implementations. First, we describe a new statistical test that is aimed to be generic and efficient when exploiting high-dimensional leakages. The proposed distinguisher is fully non-parametric. It formulates the leakage distributions using a copula and discriminates keys based on the detection of an “outlier behavior”. Next, we provide experiments putting forward the limitations of generic side-channel analysis in advanced scenarios, where leaking devices are protected with countermeasures. Our results exhibit that all non-profiled attacks published so far can sometimes give a false sense of security, due to incorrect leakage models. That is, there exists settings in which an implementation is secure against such non-profiled attacks and can be defeated with profiling. This confirms that the evaluations of cryptographic implementations should always consider profiling, as a worst case scenario