nach oben

Journal of Cryptographic Engineering

Erschienen in:

10.02.2017 | CHES 2016

Towards easy leakage certification: extended version

verfasst von: François Durvaux, François-Xavier Standaert, Santos Merino Del Pozo

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 2/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modelling.

Vorheriger Artikel Having no mathematical model may not secure PUFs

Nächster Artikel Strong 8-bit Sboxes with efficient masking in hardware extended version

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Available at http://point-at-infinity.org/avraes/.

Note that theoretic approaches to guarantee that a distribution is well characterized by its moments (such as Carleman’s condition [25]) typically apply when considering an infinite number of them, and in general, no distribution is determined by a finite number of moments. So the restriction of our reasoning to specific classes of meaningful distributions is in fact necessary for our approach to be sound. Besides, note also that nonparametric PDF estimations may not suffer from assumption errors (at the cost of a significantly increased estimation cost), so are out of scope here.

Student’s t distribution is a parametric probability density function whose only parameter is its number of freedom degrees that can be directly derived from k and the previous \(\sigma \) estimates as: \(d_{f} = (k-1)\times [({\hat{\sigma }}_y^d)^2+({\tilde{\sigma }}_y^d)^2]^2/[({\hat{\sigma }}_y^d)^4+({\tilde{\sigma }}_y^d)^4]\).

This happens for the selected time sample because of pipelining effects in the AVR microcontroller. Note that as in [9], the linear model did not exhibit any assumption error for other time samples given the amount of measured traces.

We considered simulated measurements for two main reasons. First, and as shown in Sect. 5, it allows us to control, and therefore to accurately understand, the observed leakages (e.g. we are sure that the Gaussian mixture modelling is perfect / without assumption errors). Second, concretely estimating Gaussian mixtures for our hardware masked implementations with transition-based leakages would be measurement intensive (since we would typically need to build templates for \(2^{12}\times 2^{12}\) transitions). Note that an alternative would be to consider the LR-based profiling from [14], which we leave as an interesting scope for further research.

http://perso.uclouvain.be/fstandae/PUBLIS/171.zip

http://satoh.cs.uec.ac.jp/sakura/index.html

Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)MathSciNetCrossRefMATH

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Lecture Notes in Computer Science, vol. 3156, pp. 16–29. Springer (2004)

Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Burton S.K. Jr., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2523, pp. 13–28. Springer (2002)

Dabosville, G., Doget, J., Prouff, E.: A new second-order side channel attack based on linear regression. IEEE Trans. Comput. 62(8), 1629–1640 (2013)MathSciNetCrossRef

Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete—or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) Proceedings of Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Part I. Lecture Notes in Computer Science, vol. 9056, pp. 401–429. Springer (2015)

Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) Advances in Cryptology—EUROCRYPT 2016—35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8–12, 2016, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9665 , pp. 240–262. Springer (2016)

Durvaux, F., Standaert, F.-X., Veyrat-Charvillon, N.: How to certify the leakage of a chip? In: Nguyen, P.Q., Oswald, E. (eds.) Proceedings of Advances in Cryptology—EUROCRYPT 2014—33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11–15, 2014. Lecture Notes in Computer Science, vol. 8441, pp. 459–476. Springer (2014)

10.

Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, October 25–28, 2008, Philadelphia, PA, USA, pp. 293–302. IEEE Computer Society (2008)

11.

Gilbert Goodwill, B.J., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-invasive Attack Testing Workshop, 2011. http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf

12.

Grosso, V., Standaert, F.-X., Prouff, E.: Low entropy masking schemes, revisited. In: Francillon, A., Rohatgi, P. (eds.) Smart Card Research and Advanced Applications—12th International Conference, CARDIS 2013, Berlin, Germany, November 27–29, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8419, pp. 33–43. Springer (2013)

13.

Heuser, A., Rioul, O., Guilley, S.: Good is not good enough—deriving optimal distinguishers from communication theory. In: Batina, L., Robshaw, M. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2014—16th International Workshop, Busan, South Korea, September 23–26, 2014. Lecture Notes in Computer Science, vol. 8731 , pp. 55–74. Springer (2014)

14.

Lemke-Rust, K., Paar, C.: Analyzing side channel leakage of masked implementations with stochastic methods. In: Biskup, J., Lopez, J. (eds.) Proceedings of Computer Security—ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007. Lecture Notes in Computer Science, vol. 4734, pp. 454–468. Springer (2007)

15.

Mangard, S., Oswald, E., Standaert, F.-X.: One for all–all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRef

16.

Mather, L., Oswald, E., Bandenburg, J., Wójcik, M.: Does my device leak information? an a priori statistical power analysis of leakage detection tests. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology—ASIACRYPT 2013—19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1–5, 2013, Proceedings, Part I. Lecture Notes in Computer Science, vol. 8269, pp. 486–505. Springer (2013)

17.

Mather, L., Oswald, E., Whitnall, C.: Multi-target DPA attacks: pushing DPA beyond the limits of a desktop computer. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology—ASIACRYPT 2014—20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Proceedings, Part I. Lecture Notes in Computer Science, vol. 8873, pp. 243–261. Springer (2014)

18.

Moradi, A., Standaert, F.-X.: Moments-correlating DPA. IACR Cryptol ePrint Arch. 2014, 409 (2014)

19.

Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2, 300 GE. J. Cryptol. 24(2), 322–345 (2011)MathSciNetCrossRefMATH

20.

Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRef

21.

Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Paterson, K.G.(ed.) Proceedings of Advances in Cryptology—EUROCRYPT 2011—30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15–19, 2011. Lecture Notes in Computer Science, vol. 6632, pp. 109–128. Springer (2011)

22.

Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2005, 7th International Workshop, Edinburgh, UK, August 29–September 1, 2005. Lecture Notes in Computer Science, vol. 3659, pp. 30–46. Springer (2005)

23.

Schneider, T., Moradi, A.: Leakage assessment methodology—a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) Proceedings of Cryptographic Hardware and Embedded Systems—CHES 2015—17th International Workshop, Saint-Malo, France, September 13–16, 2015. Lecture Notes in Computer Science, vol. 9293, pp. 495–513. Springer (2015)

24.

Schneider, T., Moradi, A., Standaert, F.-X., Güneysu, T.: Bridging the gap: advanced tools for side-channel leakage estimation beyond gaussian templates and histograms. IACR Cryptol. ePrint Arch. 2016, 719 (2016)

25.

Spanos, A.: Probability Theory and Statistical Inference: Econometric Modeling with Observational Data. Cambridge University Press, Cambridge (1999)CrossRef

26.

Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) Proceedings of Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer (2009)

27.

Standaert, F.-X., Peeters, E., Rouvroy, G., Quisquater, J.-J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006)CrossRef

28.

Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: another look on second-order DPA. In: Abe, M. (ed.) Proceedings of Advances in Cryptology—ASIACRYPT 2010—16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5–9, 2010. Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer (2010)

29.

Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography, 19th International Conference, SAC 2012, Windsor, ON, Canada, August 15–16, 2012, Revised Selected Papers. Lecture Notes in Computer Science, vol. 7707, pp. 390–406. Springer (2012)

30.

Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) Proceedings of Advances in Cryptology—EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Lecture Notes in Computer Science, vol. 7881, pp. 126–141. Springer (2013)

31.

Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Cryptogr. Eng. 1(2), 145–160 (2011)CrossRef

Titel: Towards easy leakage certification: extended version
verfasst von: François Durvaux
François-Xavier Standaert
Santos Merino Del Pozo
Publikationsdatum: 10.02.2017
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 2/2017
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-017-0150-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2017

Strong 8-bit Sboxes with efficient masking in hardware extended version

Introduction to the CHES 2016 special issue

CacheBleed: a timing attack on OpenSSL constant-time RSA

Having no mathematical model may not secure PUFs