[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?




Dates are inconsistent

Dates are inconsistent

117 results sorted by ID

2024/1949 (PDF) Last updated: 2024-12-02
Avenger Ensemble: Genetic Algorithm-Driven Ensemble Selection for Deep Learning-based Side-Channel Analysis
Zhao Minghui, Trevor Yap
Attacks and cryptanalysis

Side-Channel Analysis (SCA) exploits physical vulnerabilities in systems to reveal secret keys. With the rise of Internet-of-Things, evaluating SCA attacks has become crucial. Profiling attacks, enhanced by Deep Learning-based Side-Channel Analysis (DLSCA), have shown significant improvements over classical techniques. Recent works demonstrate that ensemble methods outperform single neural networks. However, almost every existing ensemble selection method in SCA only picks the top few...

2024/1322 (PDF) Last updated: 2024-08-23
Revisiting a Realistic EM Side-Channel Attack on a Complex Modern SoC
Debao Wang, Yiwen Gao, Yongbin Zhou, Xian Huang
Attacks and cryptanalysis

Side-channel analysis on complex SoC devices with high-frequency microprocessors and multitasking operating systems presents significant challenges in practice due to the high costs of trace acquisition and analysis, generally involving tens of thousands to millions of traces. This work uses a cryptographic execution process on a Broadcom 2837 SoC as a case study to explore ways to reduce costs in electromagnetic side-channel analysis. In the data acquisition phase, we propose an efficient...

2024/558 (PDF) Last updated: 2024-04-10
Scoring the predictions: a way to improve profiling side-channel attacks
Damien Robissout, Lilian Bossuet, Amaury Habrard
Attacks and cryptanalysis

Side-channel analysis is an important part of the security evaluations of hardware components and more specifically of those that include cryptographic algorithms. Profiling attacks are among the most powerful attacks as they assume the attacker has access to a clone device of the one under attack. Using the clone device allows the attacker to make a profile of physical leakages linked to the execution of algorithms. This work focuses on the characteristics of this profile and the...

2024/167 (PDF) Last updated: 2024-02-05
Creating from Noise: Trace Generations Using Diffusion Model for Side-Channel Attack
Trevor Yap, Dirmanto Jap
Implementation

In side-channel analysis (SCA), the success of an attack is largely dependent on the dataset sizes and the number of instances in each class. The generation of synthetic traces can help to improve attacks like profiling attacks. However, manually creating synthetic traces from actual traces is arduous. Therefore, automating this process of creating artificial traces is much needed. Recently, diffusion models have gained much recognition after beating another generative model known as...

2024/066 (PDF) Last updated: 2024-10-01
Exploiting the Central Reduction in Lattice-Based Cryptography
Tolun Tosun, Amir Moradi, Erkay Savas
Attacks and cryptanalysis

This paper questions the side-channel security of central reduction technique, which is widely adapted in efficient implementations of Lattice-Based Cryptography (LBC). We show that the central reduction leads to a vulnerability by creating a strong dependency between the power consumption and the sign of sensitive intermediate values. We exploit this dependency by introducing the novel absolute value prediction function, which can be employed in higher-order non-profiled multi-query...

2024/060 (PDF) Last updated: 2024-10-01
The Insecurity of Masked Comparisons: SCAs on ML-KEM’s FO-Transform
Julius Hermelink, Kai-Chun Ning, Richard Petri, Emanuele Strieder
Attacks and cryptanalysis

NIST released the draft standard for ML-KEM, and we can expect its widespread use in the embedded world in the near future. Several side-channel attacks have been proposed, and one line of research has focused on attacks against the comparison step of the FO-transform. A work published at TCHES 2022 stressed the need for secure higher-order masked comparisons beyond the $t$-probing model and proposed a higher-order masked comparison method. Subsequently, D'Anvers, Van Beirendonck, and...

2023/1931 (PDF) Last updated: 2023-12-20
Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality?
Ruize Wang, Kalle Ngo, Joel Gärtner, Elena Dubrova
Attacks and cryptanalysis

We present a side-channel attack on CRYSTALS-Dilithium, a post-quantum secure digital signature scheme, with two variants of post-processing. The side-channel attack exploits information leakage in the secret key unpacking procedure of the signing algorithm to recover the coefficients of the polynomials in the secret key vectors ${\bf s}_1$ and ${\bf s}_2$ by profiled deep learning-assisted power analysis. In the first variant, one half of the coefficients of ${\bf s}_1$ and ${\bf s}_2$ is...

2023/1698 (PDF) Last updated: 2023-11-02
Another Look at Side-Channel Resistant Encoding Schemes
Xiaolu Hou, Jakub Breier, Mladen Kovačević
Attacks and cryptanalysis

The idea of balancing the side-channel leakage in software was proposed more than a decade ago. Just like with other hiding-based countermeasures, the goal is not to hide the leakage completely but to significantly increase the effort required for the attack. Previous approaches focused on two directions: either balancing the Hamming weight of the processed data or deriving the code by using stochastic leakage profiling. In this brief, we build upon these results by proposing a novel...

2023/1681 (PDF) Last updated: 2023-10-30
The Need for MORE: Unsupervised Side-channel Analysis with Single Network Training and Multi-output Regression
Ioana Savu, Marina Krček, Guilherme Perin, Lichao Wu, Stjepan Picek
Attacks and cryptanalysis

Deep learning-based profiling side-channel analysis has gained widespread adoption in academia and industry due to its ability to uncover secrets protected by countermeasures. However, to exploit this capability, an adversary must have access to a clone of the targeted device to obtain profiling measurements and know secret information to label these measurements. Non-profiling attacks avoid these constraints by not relying on secret information for labeled data. Instead, they attempt all...

2023/1110 (PDF) Last updated: 2023-07-16
Breaking Free: Leakage Model-free Deep Learning-based Side-channel Analysis
Lichao Wu, Amir Ali-pour, Azade Rezaeezade, Guilherme Perin, Stjepan Picek
Attacks and cryptanalysis

Profiling side-channel analysis has gained widespread acceptance in both academic and industrial realms due to its robust capacity to unveil protected secrets, even in the presence of countermeasures. To harness this capability, an adversary must access a clone of the target device to acquire profiling measurements, labeling them with leakage models. The challenge of finding an effective leakage model, especially for a protected dataset with a low signal-to-noise ratio or weak correlation...

2023/1109 (PDF) Last updated: 2023-07-16
An End-to-end Plaintext-based Side-channel Collision Attack without Trace Segmentation
Lichao Wu, Sébastien Tiran, Guilherme Perin, Stjepan Picek
Attacks and cryptanalysis

Side-channel Collision Attacks (SCCA) constitute a subset of non-profiling attacks that exploit information dependency leaked during cryptographic operations. Unlike traditional collision attacks, which seek instances where two different inputs to a cryptographic algorithm yield identical outputs, SCCAs specifically target the internal state, where identical outputs are more likely. In CHES 2023, Staib et al. presented a Deep Learning-based SCCA (DL-SCCA), which enhanced the attack...

2023/1108 (PDF) Last updated: 2024-09-14
It's a Kind of Magic: A Novel Conditional GAN Framework for Efficient Profiling Side-channel Analysis (Extended Version)
Sengim Karayalcin, Marina Krcek, Lichao Wu, Stjepan Picek, Guilherme Perin
Attacks and cryptanalysis

Profiling side-channel analysis (SCA) is widely used to evaluate the security of cryptographic implementations under worst-case attack scenarios. This method assumes a strong adversary with a fully controlled device clone, known as a profiling device, with full access to the internal state of the target algorithm, including the mask shares. However, acquiring such a profiling device in the real world is challenging, as secure products enforce strong life cycle protection, particularly on...

2023/1055 (PDF) Last updated: 2024-10-29
OccPoIs: Points of Interest based on Neural Network's Key Recovery in Side-Channel Analysis through Occlusion
Trevor Yap, Shivam Bhasin, Stjepan Picek
Implementation

Deep neural networks (DNNs) represent a powerful technique for assessing cryptographic security concerning side-channel analysis (SCA) due to their ability to aggregate leakages automatically, rendering attacks more efficient without preprocessing. Nevertheless, despite their effectiveness, DNNs employed in SCA are predominantly black-box algorithms, posing considerable interpretability challenges. In this paper, we propose a novel technique called Key Guessing Occlusion (KGO) that...

2023/693 (PDF) Last updated: 2023-09-14
LeakyOhm: Secret Bits Extraction using Impedance Analysis
Saleh Khalaj Monfared, Tahoura Mosavirik, Shahin Tajik
Attacks and cryptanalysis

The threat of physical side-channel attacks and their countermeasures is a widely researched field. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on voltage or current fluctuations. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack...

2023/209 (PDF) Last updated: 2023-02-23
Hiding in Plain Sight: Non-profiling Deep Learning-based Side-channel Analysis with Plaintext/Ciphertext
Lichao Wu, Guilherme Perin, Stjepan Picek
Attacks and cryptanalysis

Deep learning-based profiling side-channel analysis is widely adopted in academia and industry thanks to the ability to reveal secrets protected with countermeasures. To leverage its capability, the adversary needs to have access to a clone of an attack device to obtain the profiling measurements. Moreover, the adversary needs to know secret information to label these measurements. Non-profiling attacks avoid those constraints by not relying on secret information to label data but rather by...

2023/093 (PDF) Last updated: 2024-01-14
Automated Side-Channel Attacks using Black-Box Neural Architecture Search
Pritha Gupta, Jan Peter Drees, Eyke Hüllermeier
Attacks and cryptanalysis

The usage of convolutional neural networks (CNNs) to break cryptographic systems through hardware side-channels has enabled fast and adaptable attacks on devices like smart cards and TPMs. Current literature proposes fixed CNN architectures designed by domain experts to break such systems, which is time-consuming and unsuitable for attacking a new system. Recently, an approach using neural architecture search (NAS), which is able to acquire a suitable architecture automatically, has been...

2023/050 (PDF) Last updated: 2023-07-17
Exploiting Intermediate Value Leakage in Dilithium: A Template-Based Approach
Alexandre Berzati, Andersson Calle Viera, Maya Chartouny, Steven Madec, Damien Vergnaud, David Vigilant
Attacks and cryptanalysis

This paper presents a new profiling side-channel attack on CRYSTALS-Dilithium, the new NIST primary standard for quantum-safe digital signatures. An open source implementation of CRYSTALS-Dilithium is already available, with constant-time property as a consideration for side-channel resilience. However, this implementation does not protect against attacks that exploit intermediate data leakage. We show how to exploit a new leakage on a vector generated during the signing process, for which...

2023/008 (PDF) Last updated: 2023-01-02
AutoPOI: Automated Points Of Interest Selection for Side-channel Analysis
Mick G.D. Remmerswaal, Lichao Wu, Sébastien Tiran, Nele Mentens
Implementation

Template attacks~(TAs) are one of the most powerful Side-Channel Analysis~(SCA) attacks. The success of such attacks relies on the effectiveness of the profiling model in modeling the leakage information. A crucial step for TA is to select relevant features from the measured traces, often called Points Of Interest~(POIs), to extract the leakage information. Previous research indicates that properly selecting the input leaking features could significantly increase the attack performance....

2023/001 (PDF) Last updated: 2023-07-23
Time is money, friend! Timing Side-channel Attack against Garbled Circuit Constructions
Mohammad Hashemi, Domenic Forte, Fatemeh Ganji
Attacks and cryptanalysis

With the advent of secure function evaluation (SFE), distrustful parties can jointly compute on their private inputs without disclosing anything besides the results. Yao’s garbled circuit protocol has become an integral part of secure computation thanks to considerable efforts made to make it feasible, practical, and more efficient. These efforts have resulted in multiple optimizations on this primitive to enhance its performance by orders of magnitude over the last years. The advancement in...

2022/1476 (PDF) Last updated: 2022-10-27
The EVIL Machine: Encode, Visualize and Interpret the Leakage
Valence Cristiani, Maxime Lecomte, Philippe Maurine
Attacks and cryptanalysis

Unsupervised side-channel attacks allow extracting secret keys manipulated by cryptographic primitives through leakages of their physical implementations. As opposed to supervised attacks, they do not require a preliminary profiling of the target, constituting a broader threat since they imply weaker assumptions on the adversary model. Their downside is their requirement for some a priori knowledge on the leakage model of the device. On one hand, stochastic attacks such as the Linear...

2022/1452 (PDF) Last updated: 2022-10-24
A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber
Yanning Ji, Ruize Wang, Kalle Ngo, Elena Dubrova, Linus Backlund
Attacks and cryptanalysis

CRYSTALS-Kyber has been recently selected by the NIST as a new public-key encryption and key-establishment algorithm to be standardized. This makes it important to assess how well CRYSTALS-Kyber implementations withstand side-channel attacks. Software implementations of CRYSTALS-Kyber have been already analyzed and the discovered vulnerabilities were patched in the subsequently released versions. In this paper, we present a profiling side-channel attack on a hardware implementation of...

2022/1410 (PDF) Last updated: 2023-08-16
Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware
Hauke Steffen, Georg Land, Lucie Kogelheide, Tim Güneysu
Attacks and cryptanalysis

The lattice-based CRYSTALS-Dilithium signature scheme has been selected for standardization by the NIST. As part of the selection process, a large number of implementations for platforms like x86, ARM Cortex-M4, or – on the hardware side – Xilinx Artix-7 have been presented and discussed by experts. While software implementations have been subject to side-channel analysis with several attacks being published, an analysis of Dilithium hardware implementations and their peculiarities has not...

2022/1360 (PDF) Last updated: 2023-12-22
One for All, All for One: A Unified Evaluation Framework for Univariate DPA Attacks
Jiangshan Long, Chenxu Wang, Changhai Ou, Zhu Wang, Yongbin Zhou, Ming Tang
Applications

Success Rate (SR) is one of the most popular security metrics measuring the efficiency of side-channel attacks. Theoretical expression reveals the functional dependency on critical parameters such as number of measurements and Signal-to-Noise Ratio (SNR), helping evaluators understand the threat of an attack as well as how one can mitigate it with proper countermeasures. However so far, existing works have exposed fundamental problems such as: (i) the evaluations are restricted to a very...

2022/1087 (PDF) Last updated: 2024-10-04
I Know What Your Layers Did: Layer-wise Explainability of Deep Learning Side-channel Analysis
Guilherme Perin, Sengim Karayalcin, Lichao Wu, Stjepan Picek
Attacks and cryptanalysis

Deep neural networks have proven effective for second-order profiling side-channel attacks, even in a black-box setting with no prior knowledge of masks and implementation details. While such attacks have been successful, no explanations were provided for understanding why a variety of deep neural networks can (or cannot) learn high-order leakages and what the limitations are. In other words, we lack the explainability on neural network layers combining (or not) unknown and random secret...

2022/963 (PDF) Last updated: 2022-07-26
Resolving the Doubts: On the Construction and Use of ResNets for Side-channel Analysis
Sengim Karayalcin, Stjepan Picek
Attacks and cryptanalysis

The deep learning-based side-channel analysis gave some of the most prominent side-channel attacks against protected targets in the past few years. To this end, the research community's focus has been on creating 1) powerful and 2) (if possible) minimal multilayer perceptron or convolutional neural network architectures. Currently, we see that computationally intensive hyperparameter tuning methods (e.g., Bayesian optimization or reinforcement learning) provide the best results. However,...

2022/927 (PDF) Last updated: 2022-10-27
Fit The Joint Moments - How to Attack any Masking Schemes
Valence Cristiani, Maxime Lecomte, Thomas Hiscock, Philippe Maurine

Side-Channel Analysis (SCA) allows extracting secret keys manipulated by cryptographic primitives through leakages of their physical implementations. Supervised attacks, known to be optimal, can theoretically defeat any countermeasure, including masking, by learning the dependency between the leakage and the secret through the profiling phase. However, defeating masking is less trivial when it comes to unsupervised attacks. While classical strategies such as CPA or LRA have been extended to...

2022/919 (PDF) Last updated: 2022-07-14
Side-Channel Attacks on Lattice-Based KEMs Are Not Prevented by Higher-Order Masking
Kalle Ngo, Ruize Wang, Elena Dubrova, Nils Paulsrud
Attacks and cryptanalysis

In this paper, we present the first side-channel attack on a higher-order masked implementation of an IND-CCA secure lattice-based key encapsulation mechanism (KEM). Our attack exploits a vulnerability in the procedure for the arithmetic to Boolean conversion which we discovered. On the example of Saber KEM, we demonstrate successful message and secret key recovery attacks on the second- and third-order masked implementations running on a different device than the profiling one. In our...

2022/890 (PDF) Last updated: 2022-07-07
One Network to rule them all. An autoencoder approach to encode datasets
Cristian-Alexandru Botocan
Attacks and cryptanalysis

Side-channel attacks are powerful non-invasive attacks on cryptographic algorithms. Among such attacks, profiling attacks have a prominent place as they assume an attacker with access to a copy of the device under attack. The attacker uses the device's copy to learn as much as possible about the device and then mount the attack on the target device. In the last few years, Machine Learning has been successfully used in profiling attacks, as such techniques proved to be capable of breaking...

2022/852 (PDF) Last updated: 2022-06-28
Making Biased DL Models Work: Message and Key Recovery Attacks on Saber Using Amplitude-Modulated EM Emanations
Ruize Wang, Kalle Ngo, Elena Dubrova
Attacks and cryptanalysis

Creating a good deep learning (DL) model is an art which requires expertise in DL and a large set of labeled data for training neural networks. Neither is readily available. In this paper, we introduce a method which enables us to achieve good results with bad DL models. We use simple multilayer perceptron (MLP) networks, trained on a small dataset, which make strongly biased predictions if used without the proposed method. The core idea is to extend the attack dataset so that at least one...

2022/576 (PDF) Last updated: 2022-09-07
On the Success Rate of Side-Channel Attacks on Masked Implementations: Information-Theoretical Bounds and Their Practical Usage
Akira Ito, Rei Ueno, Naofumi Homma
Secret-key cryptography

This study derives information-theoretical bounds of the success rate (SR) of side-channel attacks on masked implementations. We first develop a communication channel model representing side-channel attacks on masked implementations. We then derive two SR bounds based on the conditional probability distribution and mutual information of shares. The basic idea is to evaluate the upper-bound of the mutual information between the non-masked secret value and the side-channel trace by the...

2022/493 (PDF) Last updated: 2022-10-11
Don’t Learn What You Already Know: Scheme-Aware Modeling for Profiling Side-Channel Analysis against Masking
Loïc Masure, Valence Cristiani, Maxime Lecomte, François-Xavier Standaert
Applications

Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in an uninformed setting to evaluate implementations protected with higher-order masking. On the opposite, worst-case...

2022/490 (PDF) Last updated: 2023-04-14
Information Bounds and Convergence Rates for Side-Channel Security Evaluators
Loïc Masure, Gaëtan Cassiers, Julien Hendrickx, François-Xavier Standaert
Implementation

Current side-channel evaluation methodologies exhibit a gap between inefficient tools offering strong theoretical guarantees and efficient tools only offering heuristic (sometimes case-specific) guarantees. Profiled attacks based on the empirical leakage distribution correspond to the first category. Bronchain et al. showed at Crypto 2019 that they allow bounding the worst-case security level of an implementation, but the bounds become loose as the leakage dimensionality increases. Template...

2022/340 (PDF) Last updated: 2022-03-14
To Overfit, Or Not to Overfit: Improving the Performance of Deep Learning-based SCA
Azade Rezaeezade, Guilherme Perin, Stjepan Picek
Secret-key cryptography

Profiling side-channel analysis allows evaluators to estimate the worst-case security of a target. When security evaluations relax the assumptions about the adversary's knowledge, profiling models may easily be sub-optimal due to the inability to extract the most informative points of interest from the side-channel measurements. When used for profiling attacks, deep neural networks can learn strong models without feature selection with the drawback of expensive hyperparameter tuning....

2022/106 (PDF) Last updated: 2022-02-09
Profiling Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All
Soundes Marzougui, Vincent Ulitzsch, Mehdi Tibouchi, Jean-Pierre Seifert
Cryptographic protocols

We present an end-to-end (equivalent) key recovery attack on the Dilithium lattice-based signature scheme, one of the top contenders in the NIST postquantum cryptography competition. The attack is based on a small side-channel leakage we identified in a bit unpacking procedure inside Dilithium signature generation. We then combine machine-learning based profiling with various algorithmic techniques, including least squares regression and integer linear programming, in order to leverage this...

2021/1592 (PDF) Last updated: 2022-07-28
The Need for Speed: A Fast Guessing Entropy Calculation for Deep Learning-based SCA
Guilherme Perin, Lichao Wu, Stjepan Picek
Attacks and cryptanalysis

The adoption of deep neural networks for profiling side-channel attacks (SCA) opened new perspectives for leakage detection. Recent publications showed that cryptographic implementations featuring different countermeasures could be broken without feature selection or trace preprocessing. This success comes with a high price: extensive hyperparameter search to find optimal deep learning models. As deep learning models usually suffer from overfitting due to their high fitting capacity, it is...

2021/1518 (PDF) Last updated: 2023-07-17
Revisiting Mutual Information Analysis: Multidimensionality, Neural Estimation and Optimality Proofs
Valence Cristiani, Maxime Lecomte, Philippe Maurine
Foundations

Recent works showed how Mutual Information Neural Estimation (MINE) could be applied to side-channel analysis in order to evaluate the amount of leakage of an electronic device. One of the main advantages of MINE over classical estimation techniques is to enable the computation between high dimensional traces and a secret, which is relevant for leakage assessment. However, optimally exploiting this information in an attack context in order to retrieve a secret remains a non-trivial task...

2021/1418 (PDF) Last updated: 2022-08-29
Autoencoder Assist: An Efficient Profiling Attack on High-dimensional Datasets
Qi Lei, Zijia Yang, Qin Wang, Yaoling Ding, Zhe Ma, An Wang

Deep learning (DL)-based profiled attack has been proved to be a powerful tool in side-channel analysis. A variety of multi-layer perception (MLP) networks and convolutional neural networks (CNN) are thereby applied to cryptographic algorithm implementations for exploiting correct keys with a smaller number of traces and a shorter time. However, most attacks merely focus on small datasets, in which their points of interest are well-trimmed for attacks. Countermeasures applied in embedded...

2021/1414 (PDF) Last updated: 2022-04-20
Exploring Feature Selection Scenarios for Deep Learning-based Side-Channel Analysis
Guilherme Perin, Lichao Wu, Stjepan Picek

One of the main promoted advantages of deep learning in profiling side-channel analysis is the possibility of skipping the feature engineering process. Despite that, most recent publications consider feature selection as the attacked interval from the side-channel measurements is pre-selected. This is similar to the worst-case security assumptions in security evaluations when the random secret shares (e.g., mask shares) are known during the profiling phase: an evaluator can identify points...

2021/1316 (PDF) Last updated: 2021-09-30
Towards Human Dependency Elimination: AI Approach to SCA Robustness Assessment
Unai Rioja, Lejla Batina, Igor Armendariz, Jose Luis Flores
Applications

Evaluating the side-channel resistance of a device in practice is a problematic and arduous process. Current certification schemes require to attack the device under test with an ever-growing number of techniques to validate its security. In addition, the success or failure of these techniques strongly depends on the individual implementing them, due to the fallible and human intrinsic nature of several steps of this path. To alleviate this problem, we propose a battery of automated attacks...

2021/1216 (PDF) Last updated: 2021-09-21
Toward Optimal Deep-Learning Based Side-Channel Attacks: Probability Concentration Inequality Loss and Its Usage
Akira Ito, Rei Ueno, Naofumi Homma
Implementation

In this paper, we present solutions to some open problems for constructing efficient deep learning-based side-channel attacks (DL-SCAs) through a theoretical analysis. There are two major open problems in DL-SCAs: (i) the effect of the difference in secret key values used for profiling and attack phases is unclear, and (ii) the optimality of the negative log-likelihood (NLL) loss function used in the conventional learning method is unknown. These two problems have hindered the accurate...

2021/1107 (PDF) Last updated: 2022-03-06
Multi-Leak Deep-Learning Side-Channel Analysis
Fanliang Hu, Huanyu Wang, Junnian Wang
Foundations

Deep Learning Side-Channel Attacks (DLSCAs) have become a realistic threat to implementations of cryptographic algorithms, such as Advanced Encryption Standard (AES). By utilizing deep-learning models to analyze side-channel measurements, the attacker is able to derive the secret key of the cryptographic alrgorithm. However, when traces have multiple leakage intervals for a specific attack point, the majority of existing works train neural networks on these traces directly, without a...

2021/1092 (PDF) Last updated: 2021-08-25
SoK: Deep Learning-based Physical Side-channel Analysis
Stjepan Picek, Guilherme Perin, Luca Mariot, Lichao Wu, Lejla Batina
Foundations

Side-channel attacks represent a realistic and serious threat to the security of embedded devices for almost three decades. The variety of attacks and targets they can be applied to have been introduced, and while the area of side-channel attacks and mitigations is very well-researched, it is yet to be consolidated. Deep learning-based side-channel attacks entered the field in recent years with the promise of more competitive performance and enlarged attackers' capabilities compared to...

2021/959 (PDF) Last updated: 2022-02-08
The Best of Two Worlds: Deep Learning-assisted Template Attack
Lichao Wu, Guilherme Perin, Stjepan Picek
Implementation

In the last decade, machine learning-based side-channel attacks have become a standard option when investigating profiling side-channel attacks. At the same time, the previous state-of-the-art technique, template attack, started losing its importance and was more considered a baseline to compare against. As such, most of the results reported that machine learning (and especially deep learning) could significantly outperform the template attack. Nevertheless, the template attack still has...

2021/952 (PDF) Last updated: 2021-07-22
On the Evaluation of Deep Learning-based Side-channel Analysis
Lichao Wu, Guilherme Perin, Stjepan Picek
Implementation

Deep learning-based side-channel analysis already became a de-facto standard when investigating the most powerful profiling side-channel analysis. The results from the last few years show that deep learning techniques can efficiently break targets that are even protected with countermeasures. While there are constant improvements in making the deep learning-based attacks more powerful, little is done on evaluating such attacks' performance. Indeed, what is done today is not different from...

2021/944 (PDF) Last updated: 2021-07-13
Systematic Side-channel Analysis of Curve25519 with Machine Learning
Léo Weissbart, Łukasz Chmielewski, Stjepan Picek, Lejla Batina

Profiling attacks, especially those based on machine learning, proved to be very successful techniques in recent years when considering the side-channel analysis of symmetric-key crypto implementations. At the same time, the results for implementations of asymmetric-key cryptosystems are very sparse. This paper considers several machine learning techniques to mount side-channel attacks on two implementations of scalar multiplication on the elliptic curve Curve25519. The first implementation...

2021/849 (PDF) Last updated: 2021-10-15
Curse of Re-encryption: A Generic Power/EM Analysis on Post-Quantum KEMs
Rei Ueno, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, Naofumi Homma
Public-key cryptography

This paper presents a side-channel analysis (SCA) on key encapsulation mechanism (KEM) based on the Fujisaki–Okamoto (FO) transformation and its variants. The FO transformation has been widely used in actively securing KEMs from passively secure public key encryption (PKE), as it is employed in most of NIST post-quantum cryptography (PQC) candidates for KEM. The proposed attack exploits side-channel leakage during execution of a psuedorandom function (PRF) in the re-encryption of KEM...

2021/817 (PDF) Last updated: 2022-06-08
Give Me 5 Minutes: Attacking ASCAD with a Single Side-Channel Trace
Olivier Bronchain, Gaëtan Cassiers, François-Xavier Standaert
Implementation

In this note, we describe an attack against the ANSSI Side-Channel Analysis Database (ASCAD), which recovers the full key using the leakage of a single masked block cipher execution. The attack uses a new open-source Side-Channel Analysis Library (SCALib), which allows running the leakage profiling and attacking in less than 5 minutes. It exploits well-known techniques, yet improves significantly over the best known attacks against ASCAD. We conclude by questioning the impact of these...

2021/717 (PDF) Last updated: 2023-05-30
Ablation Analysis for Multi-device Deep Learning-based Physical Side-channel Analysis
Lichao Wu, Yoo-Seung Won, Dirmanto Jap, Guilherme Perin, Shivam Bhasin, Stjepan Picek
Implementation

Deep learning-based side-channel analysis is an effective way of performing profiling attacks on power and electromagnetic leakages, even against targets protected with countermeasures. While many research papers have reported successful results, they typically focus on profiling and attacking a single device, assuming that leakages are similar between devices of the same type. However, this assumption is not always realistic due to variations in hardware and measurement setups, creating...

2021/685 (PDF) Last updated: 2021-05-28
Blind Side-Channel SIFA
Melissa Azouaoui, Kostas Papagiannopoulos, Dominik Zürner
Secret-key cryptography

Statistical Ineffective Fault Attacks (SIFA) have been recently proposed as very powerful key-recovery strategies on symmetric cryptographic primitives' implementations. Specically, they have been shown to bypass many common countermeasures against faults such as redundancy or infection, and to remain applicable even when side-channel countermeasures are deployed. In this work, we investigate combined side-channel and fault attacks and show that a profiled, SIFA-like attack can be applied...

2021/525 (PDF) Last updated: 2021-04-23
On the Importance of Pooling Layer Tuning for Profiling Side-channel Analysis
Lichao Wu, Guilherme Perin
Implementation

In recent years, the advent of deep neural networks opened new perspectives for security evaluations with side-channel analysis. Specifically, profiling attacks now benefit from capabilities offered by convolutional neural networks, such as dimensionality reduction, the absence of manual feature selection, and the inherent ability to reduce trace desynchronization effects. These neural networks contain at least three types of layers: convolutional, pooling, and dense layers. Although the...

2021/357 (PDF) Last updated: 2021-03-18
AISY - Deep Learning-based Framework for Side-channel Analysis
Guilherme Perin, Lichao Wu, Stjepan Picek

The deep learning-based side-channel analysis represents an active research domain. While it is clear that deep learning enables powerful side-channel attacks, the variety of research scenarios often makes the results difficult to reproduce. In this paper, we present AISY - a deep learning-based framework for profiling side-channel analysis. Our framework enables the users to run the analyses and report the results efficiently while maintaining the results' reproducible nature. The...

2021/312 (PDF) Last updated: 2021-04-20
Towards Strengthening Deep Learning-based Side Channel Attacks with Mixup
Zhimin Luo, Mengce Zheng, Ping Wang, Minhui Jin, Jiajia Zhang, Honggang Hu
Implementation

In recent years, various deep learning techniques have been exploited in side channel attacks, with the anticipation of obtaining more appreciable attack results. Most of them concentrate on improving network architectures or putting forward novel algorithms, assuming that there are adequate profiling traces available to train an appropriate neural network. However, in practical scenarios, profiling traces are probably insufficient, which makes the network learn deficiently and compromises...

2021/197 (PDF) Last updated: 2021-11-17
Gambling for Success: The Lottery Ticket Hypothesis in Deep Learning-based SCA
Guilherme Perin, Lichao Wu, Stjepan Picek
Applications

Deep learning-based side-channel analysis (SCA) represents a strong approach for profiling attacks. Still, this does not mean it is trivial to find neural networks that perform well for any setting. Based on the developed neural network architectures, we can distinguish between small neural networks that are easier to tune and less prone to overfitting but could have insufficient capacity to model the data. On the other hand, large neural networks have sufficient capacity but can overfit and...

2021/079 (PDF) Last updated: 2021-01-22
A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM
Kalle Ngo, Elena Dubrova, Qian Guo, Thomas Johansson
Public-key cryptography

In this paper, we present the first side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 16 traces by deep learning-based power analysis without explicitly extracting the random mask at each execution. Since the presented method is not dependent on the mask, we can improve success probability by combining score vectors of multiple traces captured for the same ciphertext. This is...

2020/1600 (PDF) Last updated: 2021-01-20
Auto-tune POIs: Estimation of distribution algorithms for efficient side-channel analysis
Unai Rioja, Lejla Batina, Jose Luis Flores, Igor Armendariz
Applications

Due to the constant increase and versatility of IoT devices that should keep sensitive information private, Side-Channel Analysis (SCA) attacks on embedded devices are gaining visibility in the industrial field. The integration and validation of countermeasures against SCA can be an expensive and cumbersome process, especially for the less experienced ones, and current certification procedures require to attack the devices under test using multiple SCA techniques and attack vectors, often...

2020/1560 (PDF) Last updated: 2020-12-17
Modified Cache Template Attack on AES
Mahdi Esfahani, Hadi Soleimany, Mohammad Reza Aref
Implementation

CPU caches are a powerful source of information leakage. To develop practical cache-based attacks, there is an increasingly need to automate the process of finding exploitable cache-based side-channels in computer systems. Cache template attack is a generic technique that utilizes Flush+Reload attack in order to automatically exploit cache vulnerability of Intel platforms. Cache template attack on T-table-based AES implementation consists of two phases including the profiling phase and the...

2020/1383 (PDF) Last updated: 2020-11-10
Novel Single-Trace ML Profiling Attacks on NIST 3 Round candidate Dilithium
Il-Ju Kim, Tae-Ho Lee, Jaeseung Han, Bo-Yeon Sim, Dong-Guk Han
Public-key cryptography

Dilithium is a lattice-based digital signature, one of the finalist candidates in the NIST's standardization process for post-quantum cryptography. In this paper, we propose a first side-channel attack on the process of signature generation of Dilithium. During the Dilithium signature generation process, we used NTT encryption single-trace for machine learning-based profiling attacks. In addition, it is possible to attack masked Dilithium using sparse multiplication. The proposed method is...

2020/1293 (PDF) Last updated: 2020-10-19
I Choose You: Automated Hyperparameter Tuning for Deep Learning-based Side-channel Analysis
Lichao Wu, Guilherme Perin, Stjepan Picek
Implementation

Deep learning-based SCA represents a powerful option for profiling side-channel analysis. Numerous results in the last few years indicate neural networks can break targets protected with countermeasures even with a relatively small number of attack traces. Intuitively, the more powerful neural network architecture we require, the more effort we need to spend in its hyperparameter tuning. Current results commonly use random search and reach good performance. Yet, we remain with the question...

2020/1164 (PDF) Last updated: 2020-09-25
Template Attacks Based on the Multivariate Joint Distribution
Min Yang, Qingshu Meng, An Wang, Xin Liu
Applications

For template attacks, it is ideal if templates can be built for each (data,key) pair. However, it requires a lot of power traces and computation. In this paper, firstly, the properties of the UMJD(unisource multivariate joint distribution) are studied, and then a template attack based on the UMJD is presented. For power traces with much noise, the experiments show that its attack effect is much better than that of the CPA(correlation power analysis) based template attacks and that of the...

2020/952 (PDF) Last updated: 2020-08-11
On What to Learn: Train or Adapt a Deeply Learned Profile?
Christophe Genevey-Metat, Benoît Gérard, Annelie Heuser
Implementation

In recent years, many papers have shown that deep learning can be beneficial for profiled side-channel analysis. However, in order to obtain good performances with deep learning, an attacker needs a lot of data for training. The training data should be as similar as possible to the data that will be obtained during the attack, a condition that may not be easily met in real-world scenarios. It is thus of interest to analyse different scenarios where the attack makes use of ``imperfect"...

2020/939 (PDF) Last updated: 2020-12-23
DLDDO: Deep Learning to Detect Dummy Operations
JongHyeok Lee, Dong-Guk Han
Applications

Recently, research on deep learning based side-channel analysis (DLSCA) has received a lot of attention. Deep learning-based profiling methods similar to template attacks as well as non-profiling-based methods similar to differential power analysis have been proposed. DLSCA methods have been proposed for targets to which masking schemes or jitter-based hiding schemes are applied. However, most of them are methods for finding the secret key, except for methods for preprocessing, and there are...

2020/867 (PDF) Last updated: 2021-01-18
Enhancing the Performance of Practical Profiling Side-Channel Attacks Using Conditional Generative Adversarial Networks
Ping Wang, Ping Chen, Zhimin Luo, Gaofeng Dong, Mengce Zheng, Nenghai Yu, Honggang Hu
Implementation

Recently, many profiling side-channel attacks based on Machine Learning and Deep Learning have been proposed. Most of them focus on reducing the number of traces required for successful attacks by optimizing the modeling algorithms. In previous work, relatively sufficient traces need to be used for training a model. However, in the practical profiling phase, it is difficult or impossible to collect sufficient traces due to the constraint of various resources. In this case, the performance of...

2020/757 (PDF) Last updated: 2020-06-21
Understanding Methodology for Efficient CNN Architectures in Profiling Attacks
Gabriel Zaid, Lilian Bossuet, Amaury Habrard, Alexandre Venelli
Secret-key cryptography

The use of deep learning in side-channel analysis has been more and more prominent recently. In particular, Convolution Neural Networks (CNN) are very efficient tools to extract the secret information from side-channel traces. Previous work regarding the use of CNN in side-channel has been mostly proposed through practical results. Zaid et al. have proposed a theoretical methodology in order to better understand the convolutional part of CNN and to understand how to construct an efficient...

2020/436 (PDF) Last updated: 2020-04-19
Deep Learning based Side-Channel Attack: a New Profiling Methodology based on Multi-Label Classification
Houssem Maghrebi

Deep Learning based Side-Channel Attacks (DL-SCA) are an emerging security assessment method increasingly being adopted by the majority of certification schemes and certification bodies to assess the resistance of cryptographic implementations. The related published investigations have demonstrated that DL-SCA are very efficient when targeting cryptographic designs protected with the common side-channel countermeasures. Furthermore, these attacks allow to streamline the evaluation process as...

2020/396 (PDF) Last updated: 2020-10-12
Improving Non-Profiled Side-Channel Attacks using Autoencoder based Preprocessing
Donggeun Kwon, HeeSeok Kim, Seokhie Hong
Implementation

In recent years, deep learning-based side-channel attacks have established their position as mainstream. However, most deep learning techniques for cryptanalysis mainly focused on classifying side-channel information in a profiled scenario where attackers can obtain a label of training data. In this paper, we introduce a novel approach with deep learning for improving side-channel attacks, especially in a non-profiling scenario. We also propose a new principle of training that trains an...

2020/371 (PDF) Last updated: 2020-04-02
Single-Trace Attacks on Keccak
Matthias J. Kannwischer, Peter Pessl, Robert Primas
Implementation

Since its selection as the winner of the SHA-3 competition, Keccak, with all its variants, has found a large number of applications. It is, for instance, a common building block in schemes submitted to NIST's post-quantum cryptography project. In many of these applications, Keccak processes ephemeral secrets. In such a setting, side-channel adversaries are limited to a single observation, meaning that differential attacks are inherently prevented. If, however, such a single trace of Keccak...

2019/1068 (PDF) Last updated: 2020-05-28
Not a Free Lunch but a Cheap Lunch: Experimental Results for Training Many Neural Nets Efficiently
Joey Green, Tilo Burghardt, Elisabeth Oswald
Implementation

Neural Networks have become a much studied approach in the recent literature on profiled side channel attacks: many articles examine their use and performance in profiled single-target DPA style attacks. In this setting a single neural net is tweaked and tuned based on a training data set. The effort for this is considerable, as there a many hyper-parameters that need to be adjusted. A straightforward, but impractical, extension of such an approach to multi-target DPA style attacks requires...

2019/818 (PDF) Last updated: 2019-07-16
X-DeepSCA: Cross-Device Deep Learning Side Channel Attack
Debayan Das, Anupam Golder, Josef Danial, Santosh Ghosh, Arijit Raychowdhury, Shreyas Sen
Applications

This article, for the first time, demonstrates Cross-device Deep Learning Side-Channel Attack (X-DeepSCA), achieving an accuracy of $>99.9\%$, even in presence of significantly higher inter-device variations compared to the inter-key variations. Augmenting traces captured from multiple devices for training and with proper choice of hyper-parameters, the proposed 256-class Deep Neural Network (DNN) learns accurately from the power side-channel leakage of an AES-128 target encryption engine,...

2019/803 (PDF) Last updated: 2020-06-25
Methodology for Efficient CNN Architectures in Profiling Attacks -- Extended Version
Gabriel Zaid, Lilian Bossuet, Amaury Habrard, Alexandre Venelli
Secret-key cryptography

The side-channel community recently investigated a new approach, based on deep learning, to significantly improve profiled attacks against embedded systems. Previous works have shown the benefit of using convolutional neural networks (CNN) to limit the effect of some countermeasures such as desynchronization. Compared with template attacks, deep learning techniques can deal with trace misalignment and the high dimensionality of the data. Pre-processing is no longer mandatory. However, the...

2019/783 (PDF) Last updated: 2019-12-23
Dissecting the CHES 2018 AES Challenge
Tobias Damm, Sven Freud, Dominik Klein
Implementation

One challenge of the CHES 2018 side channel contest was to break a masked AES implementation. It was impressively won by Gohr et al. by applying ridge regression to obtain guesses for the hamming weights of the (unmasked) AES key schedule, and then using a SAT solver to brute force search the remaining key space. Template attacks are one of the most common approaches used to assess the leakage of a device in a security evaluation. Hence, this raises the question whether ridge regression is a...

2019/742 (PDF) Last updated: 2019-06-25
Vulnerability Analysis of a Soft Core Processor through Fine-grain Power Profiling
William Diehl, Abubakr Abdulgadir, Jens-Peter Kaps
Implementation

Embedded microprocessors are an important component of reconfigurable architectures. Fine-grain (e.g., cycle-accurate) power analysis of such processors has been used to improve power and energy efficiency, and detect implementation vulnerabilities, in embedded applications. However, such analysis is difficult to conduct; it requires either specialized and often expensive equipment, or construction of test architectures using disparate acquisition and analysis tools. In this research, we...

2019/722 (PDF) Last updated: 2021-04-08
Neural Network Model Assessment for Side-Channel Analysis
Guilherme Perin, Baris Ege, Lukasz Chmielewski
Applications

Leakage assessment of cryptographic implementations with side-channel analysis relies on two important assumptions: leakage model and the number of side-channel traces. In the context of profiled side-channel attacks, having these assumptions correctly defined is a sufficient first step to evaluate the security of a crypto implementation with template attacks. This method assumes that the features (leakages or points of interest) follow a univariate or multi-variate Gaussian distribution for...

2019/661 (PDF) Last updated: 2019-06-12
Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis
Shivam Bhasin, Anupam Chattopadhyay, Annelie Heuser, Dirmanto Jap, Stjepan Picek, Ritu Ranjan Shrivastwa

Profiled side-channel attacks represent a practical threat to digital devices, thereby having the potential to disrupt the foundation of e-commerce, Internet-of-Things (IoT), and smart cities. In the profiled side-channel attack, adversary gains knowledge about the target device by getting access to a cloned device. Though these two devices are different in real-world scenarios, yet, unfortunately, a large part of research works simplifies the setting by using only a single device for both...

2019/578 (PDF) Last updated: 2019-05-28
Deep Learning based Side Channel Attacks in Practice
Houssem Maghrebi
Implementation

A recent line of research has investigated a new profiling technique based on deep learning as an alternative to the well-known template attack. The advantage of this new profiling approach is twofold: $(1)$ the approximation of the information leakage by a multivariate Gaussian distribution is relaxed (leading to a more generic approach) and $(2)$ the pre-processing phases such as the traces realignment or the selection of the Points of Interest (PoI) are no longer mandatory, in some cases,...

2019/570 (PDF) Last updated: 2019-06-15
Bias-variance Decomposition in Machine Learning-based Side-channel Analysis
Daan van der Valk, Stjepan Picek
Implementation

Machine learning techniques represent a powerful option in profiling side-channel analysis. Still, there are many settings where their performance is far from expected. In such occasions, it is very important to understand the difficulty of the problem and the behavior of the machine learning algorithm. To that end, one needs to investigate not only the performance of machine learning but also to provide insights into its explainability. One tool enabling us to do this is the bias-variance...

2019/505 (PDF) Last updated: 2021-04-12
DL-LA: Deep Learning Leakage Assessment: A modern roadmap for SCA evaluations
Thorben Moos, Felix Wegener, Amir Moradi
Implementation

In recent years, deep learning has become an attractive ingredient to side-channel analysis (SCA) due to its potential to improve the success probability or enhance the performance of certain frequently executed tasks. One task that is commonly assisted by machine learning techniques is the profiling of a device's leakage behavior in order to carry out a template attack. At CHES 2019, deep learning has also been applied to non-profiled scenarios for the first time, extending its reach within...

2019/358 (PDF) Last updated: 2019-09-25
One trace is all it takes: Machine Learning-based Side-channel Attack on EdDSA
Leo Weissbart, Stjepan Picek, Lejla Batina

Profiling attacks, especially those based on machine learning proved as very successful techniques in recent years when considering side-channel analysis of block ciphers implementations. At the same time, the results for implementations public-key cryptosystems are very sparse. In this paper, we consider several machine learning techniques in order to mount a power analysis attack on EdDSA using the curve Curve25519 as implemented in WolfSSL. The results show all considered techniques to be...

2019/168 (PDF) Last updated: 2020-05-30
Profiling Side-channel Analysis in the Efficient Attacker Framework
Stjepan Picek, Annelie Heuser, Guilherme Perin, Sylvain Guilley
Implementation

Profiling side-channel attacks represent the most powerful category of side-channel attacks. There, we assume that the attacker has access to a clone device to profile its leaking behavior. Additionally, we consider the attacker to be unbounded in power to give the worst-case security analysis. In this paper, we start with a different premise where we are interested in the minimum strength that the attacker requires to conduct a successful attack. To that end, we propose a new framework for...

2019/094 (PDF) Last updated: 2019-01-31
CHES 2018 Side Channel Contest CTF - Solution of the AES Challenges
Aron Gohr, Sven Jacob, Werner Schindler
Implementation

Alongside CHES 2018 the side channel contest 'Deep learning vs. classic profiling' was held. Our team won both AES challenges (masked AES implementation), working under the handle AGSJWS. Here we describe and analyse our attack. We can solve the more difficult of the two challenges with $2$ to $5$ power traces, which is much less than was available in the contest. Our attack combines techniques from machine learning with classical techniques. The attack was superior to all classical and...

2019/054 (PDF) Last updated: 2019-01-25
Deep Learning to Evaluate Secure RSA Implementations
Mathieu Carbone, Vincent Conin, Marie-Angela Cornelie, Francois Dassance, Guillaume Dufresne, Cecile Dumas, Emmanuel Prouff, Alexandre Venelli
Implementation

This paper presents the results of several successful profiled side-channel attacks against a secure implementation of the RSA algorithm. The implementation was running on a ARM Core SC 100 completed with a certified EAL4+ arithmetic co-processor. The analyses have been conducted by three experts' teams, each working on a specific attack path and exploiting information extracted either from the electromagnetic emanation or from the power consumption. A particular attention is paid to the...

2018/1196 (PDF) Last updated: 2020-06-04
Gradient Visualization for General Characterization in Profiling Attacks
Loïc Masure, Cécile Dumas, Emmanuel Prouff
Implementation

In Side-Channel Analysis (SCA), several papers have shown that neural networks could be trained to efficiently extract sensitive information from implementations running on embedded devices. This paper introduces a new tool called Gradient Visualization that aims to proceed a post-mortem information leakage characterization after the successful training of a neural network. It relies on the computation of the gradient of the loss function used during the training. The gradient is no longer...

2018/1123 (PDF) Last updated: 2021-06-09
When Theory Meets Practice: A Framework for Robust Profiled Side-channel Analysis
Stjepan Picek, Annelie Heuser, Lichao Wu, Cesare Alippi, Francesco Regazzoni
Implementation

Profiling side-channel attacks are considered the most potent form of side-channel attacks. They consist of two steps. First, the adversary builds a leakage model using a device similar to the target one. This leakage model is then exploited to extract the secret information from the victim's device. These attacks can be seen as a classification problem, where the adversary needs to decide to what class (and consequently, the secret key) the traces collected from the victim's device belong....

2018/959 (PDF) Last updated: 2018-10-13
Information Entropy Based Leakage Certification
Changhai Ou, Xinping Zhou, Siew-Kei Lam
Implementation

Side-channel attacks and evaluations typically utilize leakage models to extract sensitive information from measurements of cryptographic implementations. Efforts to establish a true leakage model is still an active area of research since Kocher proposed Differential Power Analysis (DPA) in 1999. Leakage certification plays an important role in this aspect to address the following question: "how good is my leakage model?". However, existing leakage certification methods still need to...

2018/687 (PDF) Last updated: 2018-07-17
Assessing the Feasibility of Single Trace Power Analysis of Frodo
Joppe W. Bos, Simon Friedberger, Marco Martinoli, Elisabeth Oswald, Martijn Stam
Implementation

Lattice-based schemes are among the most promising post-quantum schemes, yet the effect of both parameter and implementation choices on their side-channel resilience is still poorly understood. Aysu et al. (HOST'18) recently investigated single-trace attacks against the core lattice operation, namely multiplication between a public matrix and a "small" secret vector, in the context of a hardware implementation. We complement this work by considering single-trace attacks against software...

2018/196 (PDF) Last updated: 2018-02-22
Non-Profiled Deep Learning-Based Side-Channel Attacks
Benjamin Timon

Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis. Until now, studies have been focused on applying Deep Learning techniques to perform Profiled Side-Channel attacks where an attacker has a full control of a profiling device and is able to collect a large amount of traces for different key values in order to characterize the device leakage prior to the attack. In this paper we introduce a new method to apply Deep Learning techniques in a...

2018/072 (PDF) Last updated: 2018-10-18
Template-based Fault Injection Analysis of Block Ciphers
Ashrujit Ghoshal, Sikhar Patranabis, Debdeep Mukhopadhyay
Implementation

We present the first template-based fault injection analysis of FPGA-based block cipher implementations. While template attacks have been a popular form of side-channel analysis in the cryptographic literature, the use of templates in the context of fault attacks has not yet been explored to the best of our knowledge. Our approach involves two phases. The first phase is a profiling phase where we build templates of the fault behavior of a cryptographic device for different secret key...

2017/1253 (PDF) Last updated: 2018-04-23
Micro-Architectural Power Simulator for Leakage Assessment of Cryptographic Software on ARM Cortex-M3 Processors
Yann Le Corre, Johann Großschädl, Daniel Dinu
Implementation

Masking is a common technique to protect software implementations of symmetric cryptographic algorithms against Differential Power Analysis (DPA) attacks. The development of a properly masked version of a block cipher is an incremental and time-consuming process since each iteration of the development cycle involves a costly leakage assessment. To achieve a high level of DPA resistance, the architecture-specific leakage properties of the target processor need to be taken into account....

2017/1144 (PDF) Last updated: 2019-03-14
How Far Can We Reach? Breaking Masked AES Smartcard Implementation Using One Trace
Wei Cheng, Chao Zheng, Yuchen Cao, Yongbin Zhou, Hailong Zhang, Sylvain Guilley, Laurent Sauvage
Implementation

Rotating Sbox Masking (RSM) scheme is a highly efficient masking scheme proposed to protect cryptographic implementations from side channel attacks. It is a Low Entropy Masking Scheme and has attracted special attention for its low overhead but high performance. The two public targets of international academic competition DPA Contest v4 are both RSM-masked AES implementations, specifically, RSM-AES-256 for v4.1 and RSM-AES-128 for v4.2 respectively. The side channel security of RSM-AES-256...

2017/1110 (PDF) Last updated: 2020-12-07
A Systematic Evaluation of Profiling Through Focused Feature Selection
Stjepan Picek, Annelie Heuser, Alan Jovic, Lejla Batina

Profiled side-channel attacks consist of several steps one needs to take. An important, but sometimes ignored, step is a selection of the points of interest (features) within side-channel measurement traces. A large majority of the related works start the analyses with an assumption that the features are preselected. Contrary to this assumption, here, we concentrate on the feature selection step. We investigate how advanced feature selection techniques stemming from the machine learning...

2017/764 (PDF) Last updated: 2017-08-08
Categorising and Comparing Cluster-Based DPA Distinguishers
Xinping Zhou, Carolyn Whitnall, Elisabeth Oswald, Degang Sun, Zhu Wang
Implementation

Side-channel distinguishers play an important role in differential power analysis, where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. A class of distinguishers which can be described as `cluster-based' have the advantage that they are able to exploit multi-dimensional leakage samples in scenarios where only loose, `semi-profiled' approximations of the true leakage forms are available. This is by contrast with...

2017/740 (PDF) Last updated: 2017-10-02
Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures -- Profiling Attacks without Pre-Processing --
Eleonora Cagli, Cécile Dumas, Emmanuel Prouff

In the context of the security evaluation of cryptographic implementations, profiling attacks (aka Template Attacks) play a fundamental role. Nowadays the most popular Template Attack strategy consists in approximating the information leakages by Gaussian distributions. Nevertheless this approach suffers from the difficulty to deal with both the traces misalignment and the high dimensionality of the data. This forces the attacker to perform critical preprocessing phases, such as the...

2017/660 (PDF) Last updated: 2017-07-06
Profiling Good Leakage Models For Masked Implementations
Changhai Ou, Zhu Wang, Degang Sun, Xinping Zhou
Implementation

Leakage model plays a very important role in side channel attacks. An accurate leakage model greatly improves the efficiency of attacks. However, how to profile a "good enough" leakage model, or how to measure the accuracy of a leakage model, is seldom studied. Durvaux et al. proposed leakage certification tests to profile "good enough" leakage model for unmasked implementations. However, they left the leakage model profiling for protected implementations as an open problem. To solve this...

2017/245 (PDF) Last updated: 2017-03-20
Cache-Base Application Detection in the Cloud Using Machine Learning
Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar
Applications

Cross-VM attacks have emerged as a major threat on commercial clouds. These attacks commonly exploit hardware level leakages on shared physical servers. A co-located machine can readily feel the presence of a co-located instance with a heavy computational load through performance degradation due to contention on shared resources. Shared cache architectures such as the last level cache (LLC) have become a popular leakage source to mount cross-VM attack. By exploiting LLC leakages, researchers...

2016/922 Last updated: 2019-08-18
Side-Channel Leakage Evaluation and Detection Based on Communication Theory
Wei Yang, Yuchen Cao, Ke Ma, Hailong Zhang

Side-channel attacks (SCAs) have been a realistic serious threat to crypto devices. Therefore, evaluating the SCAs resilience of a crypto device is important and necessary. The SCAs-secure evaluation criteria includes the information theoretic metric and the security metric. The former metric, i.e. mutual information (MI), measures the leakage amount of a crypto device. However, because the real leakage distribution of a crypto device is unknown, the leakage evaluation is difficult....

2016/921 (PDF) Last updated: 2016-09-24
Breaking Cryptographic Implementations Using Deep Learning Techniques
Houssem Maghrebi, Thibault Portigliatti, Emmanuel Prouff

Template attack is the most common and powerful profiled side channel attack. It relies on a realistic assumption regarding the noise of the device under attack: the probability density function of the data is a multivariate Gaussian distribution. To relax this assumption, a recent line of research has investigated new profiling approaches mainly by applying machine learning techniques. The obtained results are commensurate, and in some particular cases better, compared to template attack....

2016/667 (PDF) Last updated: 2018-02-23
Multivariate Profiling of Hulls for Linear Cryptanalysis
Andrey Bogdanov, Elmar Tischhauser, Philip S. Vejre

Extensions of linear cryptanalysis making use of multiple approximations, such as multiple and multidimensional linear cryptanalysis, are an important tool in symmetric-key cryptanalysis, among others being responsible for the best known attacks on ciphers such as Serpent and PRESENT. At CRYPTO 2015, Huang et al. provided a refined analysis of the key-dependent capacity leading to a refined key equivalence hypothesis, however at the cost of additional assumptions. Their analysis was...

2016/284 (PDF) Last updated: 2016-03-15
Co-location detection on the Cloud
Mehmet Sinan Inci, Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar

In this work we focus on the problem of co-location as a first step of conducting Cross-VM attacks such as Prime and Probe or Flush+Reload in commercial clouds. We demonstrate and compare three co-location detection methods namely, cooperative Last-Level Cache (LLC) covert channel, software profiling on the LLC and memory bus locking. We conduct our experiments on three commercial clouds, Amazon EC2, Google Compute Engine and Microsoft Azure. Finally, we show that both cooperative and...

2016/183 (PDF) Last updated: 2016-02-23
There is Wisdom in Harnessing the Strengths of your Enemy: Customized Encoding to Thwart Side-Channel Attacks -- Extended Version --
Houssem Maghrebi, Victor Servant, Julien Bringer
Implementation

Side-channel attacks are an important concern for the security of cryptographic algorithms. To counteract it, a recent line of research has investigated the use of software encoding functions such as dual-rail rather than the well known masking countermeasure. The core idea consists in encoding the sensitive data with a fixed Hamming weight value and perform all operations following this fashion. This new set of countermeasures applies to all devices that leak a function of the Hamming...

2016/008 (PDF) Last updated: 2018-03-21
cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations
David Chaum, Debajyoti Das, Farid Javani, Aniket Kate, Anna Krasnova, Joeri de Ruiter, Alan T. Sherman

We introduce cMix, a new approach to anonymous communications. Through a precomputation, the core cMix protocol eliminates all expensive realtime public-key operations --- at the senders, recipients and mixnodes --- thereby decreasing real-time cryptographic latency and lowering computational costs for clients. The core real-time phase performs only a few fast modular multiplications. In these times of surveillance and extensive profiling there is a great need for an anonymous communication...

2015/905 (PDF) Last updated: 2015-09-17
Mapping the Intel Last-Level Cache
Yuval Yarom, Qian Ge, Fangfei Liu, Ruby B. Lee, Gernot Heiser
Implementation

Modern Intel processors use an undisclosed hash function to map memory lines into last-level cache slices. In this work we develop a technique for reverse-engineering the hash function. We apply the technique to a 6-core Intel processor and demonstrate that knowledge of this hash function can facilitate cache-based side channel attacks, reducing the amount of work required for profiling the cache by three orders of magnitude. We also show how using the hash function we can double the number...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.