Efficient Stochastic Methods: Profiled Attacks Beyond 8 Bits

Template attacks and stochastic models are among the most powerful side-channel attacks. However, they can be computationally expensive when processing a large number of samples. Various compression techniques have been used very successfully to reduce the data dimensionality prior to applying template attacks, most notably Principal Component Analysis (PCA) and Fisher’s Linear Discriminant Analysis (LDA). These make the attacks more efficient computationally and help the profiling phase to converge faster. We show how these ideas can also be applied to implement stochastic models more efficiently, and we also show that they can be applied and evaluated even for more than eight unknown data bits at once.This is the author accepted manuscript. The final version is available from Springer via http://dx.doi.org/10.1007/978-3-319-16763-3_

Efficient, portable template attacks

Template attacks recover data values processed by tamper-resistant devices from side-channel waveforms, such as supply-current fluctuations (power analysis) or electromagnetic emissions. They first profile a device to generate multivariate statistics of the waveforms emitted for each of a set of known processed values, which then identify maximum-likelihood candidates of unknown processed values during an attack. We identify several practical obstacles arising in the implementation of template attacks, ranging from numerical errors to the incompatibility of templates across different devices, and propose and compare several solutions. We identify pooled covariance matrices and prior dimensionality reduction through Fisher's Linear Discriminant Analysis as particularly efficient and effective, especially where many attack traces can be acquired. We evaluate alternative algorithms not only for the task of recovering key bytes from a hardware implementation of the Advanced Encryption Standard; we even reconstruct the value transferred by an individual byte-load instruction, with success rates reaching 85% (or a guessing entropy of less than a quarter bit remaining) after 1000 attack traces, thereby demonstrating direct eavesdropping of 8-bit parallel data lines. Using different devices during the profiling and attack phase can substantially reduce the effectiveness of template attacks. We demonstrate that the same problem can also occur across different measurement campaigns with the same device and that DC offsets (e.g. due to temperature drift) are a significant cause. We improve the portability of template parameters across devices by manipulating the DC content of the eigenvectors that form the projection matrix used for dimensionality reduction of the waveforms

Back to Massey: Impressively fast, scalable and tight security evaluation tools

None of the existing rank estimation algorithms can scale to large cryptographic keys, such as 4096-bit (512 bytes) RSA keys. In this paper, we present the first solution to estimate the guessing entropy of arbitrarily large keys, based on mathematical bounds, resulting in the fastest and most scalable security evaluation tool to date. Our bounds can be computed within a fraction of a second, with no memory overhead, and provide a margin of only a few bits for a full 128-bit AES key

Poly-Logarithmic Side Channel Rank Estimation via Exponential Sampling

Rank estimation is an important tool for a side-channel evaluations laboratories. It allows estimating the remaining security after an attack has been performed, quantified as the time complexity and the memory consumption required to brute force the key given the leakages as probability distributions over $d$ subkeys (usually key bytes). These estimations are particularly useful where the key is not reachable with exhaustive search. We propose ESrank, the first rank estimation algorithm that enjoys provable poly-logarithmic time- and space-complexity, which also achieves excellent practical performance. Our main idea is to use exponential sampling to drastically reduce the algorithm\u27s complexity. Importantly, ESrank is simple to build from scratch, and requires no algorithmic tools beyond a sorting function. After rigorously bounding the accuracy, time and space complexities, we evaluated the performance of ESrank on a real SCA data corpus, and compared it to the currently-best histogram-based algorithm. We show that ESrank gives excellent rank estimation (with roughly a 1-bit margin between lower and upper bounds), with a performance that is on-par with the Histogram algorithm: a run-time of under 1 second on a standard laptop using 6.5 MB RAM

Gene Expression Changes in the Prefrontal Cortex, Anterior Cingulate Cortex and Nucleus Accumbens of Mood Disorders Subjects That Committed Suicide

Suicidal behaviors are frequent in mood disorders patients but only a subset of them ever complete suicide. Understanding predisposing factors for suicidal behaviors in high risk populations is of major importance for the prevention and treatment of suicidal behaviors. The objective of this project was to investigate gene expression changes associated with suicide in brains of mood disorder patients by microarrays (Affymetrix HG-U133 Plus2.0) in the dorsolateral prefrontal cortex (DLPFC: 6 Non-suicides, 15 suicides), the anterior cingulate cortex (ACC: 6NS, 9S) and the nucleus accumbens (NAcc: 8NS, 13S). ANCOVA was used to control for age, gender, pH and RNA degradation, with P≤0.01 and fold change±1.25 as criteria for significance. Pathway analysis revealed serotonergic signaling alterations in the DLPFC and glucocorticoid signaling alterations in the ACC and NAcc. The gene with the lowest p-value in the DLPFC was the 5-HT2A gene, previously associated both with suicide and mood disorders. In the ACC 6 metallothionein genes were down-regulated in suicide (MT1E, MT1F, MT1G, MT1H, MT1X, MT2A) and three were down-regulated in the NAcc (MT1F, MT1G, MT1H). Differential expression of selected genes was confirmed by qPCR, we confirmed the 5-HT2A alterations and the global down-regulation of members of the metallothionein subfamilies MT 1 and 2 in suicide completers. MTs 1 and 2 are neuro-protective following stress and glucocorticoid stimulations, suggesting that in suicide victims neuroprotective response to stress and cortisol may be diminished. Our results thus suggest that suicide-specific expression changes in mood disorders involve both glucocorticoids regulated metallothioneins and serotonergic signaling in different regions of the brain

A new stress sensor and risk factor for suicide: The T allele of the functional genetic variant in the GABRA6 gene

© 2017 The Author(s). Low GABA transmission has been reported in suicide, and GABRA6 rs3219151 T allele has been associated with greater physiological and endocrine stress response in previous studies. Although environmental stress also plays a role in suicide, the possible role of this allele has not been investigated in this respect. In our present study effect of rs3219151 of GABRA6 gene in interaction with recent negative life events on lifetime and current depression, current anxiety, as well as lifetime suicide were investigated using regression models in a white European general sample of 2283 subjects. Post hoc measures for phenotypes related to suicide risk were also tested for association with rs3219151 in interaction with environmental stress. No main effect of the GABRA6 rs3219151 was detected, but in those exposed to recent negative life events GABRA6 T allele increased current anxiety and depression as well as specific elements of suicide risk including suicidal and death-related thoughts, hopelessness, restlessness and agitation, insomnia and impulsiveness as measured by the STOP task. Our data indicate that stress-associated suicide risk is elevated in carriers of the GABRA6 rs3219151 T allele with several independent markers and predictors of suicidal behaviours converging to this increased risk

Online Template Attack on ECDSA

Contains fulltext : 221043.pdf (Publisher’s version ) (Open Access)AFRICACRYPT 202

When Similarities Among Devices are Taken for Granted: Another Look at Portability

Contains fulltext : 221072.pdf (Publisher’s version ) (Open Access)AFRICACRYPT 2020

Gradient Visualization for General Characterization in Profiling Attacks

International audienceIn Side-Channel Analysis (SCA), several papers have shown that neural networks could be trained to efficiently extract sensitive information from implementations running on embedded devices. This paper introduces a new tool called Gradient Visualization that aims to proceed a post-mortem information leakage characterization after the successful training of a neural network. It relies on the computation of the gradient of the loss function used during the training. The gradient is no longer computed with respect to the model parameters, but with respect to the input trace components. Thus, it can accurately highlight temporal moments where sensitive information leaks. We theoretically show that this method, based on Sensitivity Analysis, may be used to efficiently localize points of interest in the SCA context. The efficiency of the proposed method does not depend on the particular countermeasures that may be applied to the measured traces as long as the profiled neural network can still learn in presence of such difficulties. In addition, the characterization can be made for each trace individually. We verified the soundness of our proposed method on simulated data and on experimental traces from a public side-channel database. Eventually we empirically show that the Sensitivity Analysis is at least as good as state-of-the-art characterization methods, in presence (or not) of countermeasures