3 research outputs found
The uncertainty of Side-Channel Analysis: A way to leverage from heuristics
Performing a comprehensive side-channel analysis evaluation of small embedded
devices is a process known for its variability and complexity. In real-world
experimental setups, the results are largely influenced by a huge amount of
parameters that are not easily adjusted without trial and error and are heavily
relying on the experience of professional security analysts. In this paper, we
advocate the use of an existing statistical methodology called Six Sigma
(6{\sigma}) for side-channel analysis optimization for this purpose. This
well-known methodology is commonly used in other industrial fields, such as
production and quality engineering, to reduce the variability of industrial
processes. We propose a customized Six Sigma methodology, which enables even a
less-experienced security analysis to select optimal values for the different
variables that are critical for the side-channel analysis procedure. Moreover,
we show how our methodology helps in improving different phases in the
side-channel analysis process.Comment: 30 pages, 8 figure
Towards Human Dependency Elimination: AI Approach to SCA Robustness Assessment
Evaluating the side-channel resistance of a device in practice is a problematic and arduous process. Current certification schemes require to attack the device under test with an ever-growing number of techniques to validate its security. In addition, the success or failure of these techniques strongly depends on the individual implementing them, due to the fallible and human intrinsic nature of several steps of this path.
To alleviate this problem, we propose a battery of automated attacks as a side-channel analysis robustness assessment of an embedded device. To prove our approach, we conduct realistic experiments on two different devices, creating a new dataset (AES_RA) as a part of our contribution. Furthermore, we propose a novel way of performing these attacks using Principal Component Analysis, which also serves as an alternative way of selecting optimal principal components automatically. In addition, we perform a detailed analysis of automated attacks against masked AES implementations, comparing our method with the state-of-the-art approaches and proposing two novel initialization techniques to overcome its limitations in this scenario. We support our claims with experiments on AES_RA and a public dataset (ASCAD), showing how our, although fully automated, approach can straightforwardly provide state-of-the-art results