Strengthening Sequential Side-Channel Attacks Through Change Detection

The sequential structure of some side-channel attacks makes them subject to error propagation, i.e. when an error occurs during the recovery of some part of a secret key, all the following guesses might as well be chosen randomly. We propose a methodology that strengthens sequential attacks by automatically identifying and correcting errors. The core ingredient of our methodology is a change-detection test that monitors the distribution of the distinguisher values used to reconstruct the secret key. Our methodology includes an error-correction procedure that can cope both with false positives of the change-detection test, and inaccuracies of the estimated location of the wrong key guess. The proposed methodology is general and can be included in several attacks. As meaningful examples, we conduct two different side-channel attacks against RSA-2048: an horizontal power-analysis attack based on correlation and a vertical timing attack. Our experiments show that, in all the considered cases, strengthened attacks outperforms their original counterparts and alternative solutions that are based on thresholds. In particular, strengthened attacks achieve high success rates even when the side-channel measurements are noisy or limited in number, without prohibitively increasing the computing time.

Download Full-text

Side-Channel Attacks and Countermeasures for Identity-Based Cryptographic Algorithm SM9

Security and Communication Networks ◽

10.1155/2018/9701756 ◽

2018 ◽

Vol 2018 ◽

pp. 1-14 ◽

Cited By ~ 2

Author(s):

Qi Zhang ◽

An Wang ◽

Yongchuan Niu ◽

Ning Shang ◽

Rixin Xu ◽

...

Keyword(s):

Main Part ◽

Digital Certificate ◽

Side Channel ◽

Cyber Physical System ◽

Secret Key ◽

Side Channel Attacks ◽

Fault Attack ◽

Private Key ◽

Cryptographic Algorithm ◽

Identity Based

Identity-based cryptographic algorithm SM9, which has become the main part of the ISO/IEC 14888-3/AMD1 standard in November 2017, employs the identities of users to generate public-private key pairs. Without the support of digital certificate, it has been applied for cloud computing, cyber-physical system, Internet of Things, and so on. In this paper, the implementation of SM9 algorithm and its Simple Power Attack (SPA) are discussed. Then, we present template attack and fault attack on SPA-resistant SM9. Our experiments have proved that if attackers try the template attack on an 8-bit microcontrol unit, the secret key can be revealed by enabling the device to execute one time. Fault attack even allows the attackers to obtain the 256-bit key of SM9 by performing the algorithm twice and analyzing the two different results. Accordingly, some countermeasures to resist the three kinds of attacks above are given.

Download Full-text

An Efficient Correlation Power Analysis Attack Using Variational Mode Decomposition

JST: Smart Systems and Devices ◽

10.51316/jst.150.ssad.2021.31.1.3 ◽

2020 ◽

Vol 31 (1) ◽

pp. 17-25

Keyword(s):

Power Analysis ◽

Side Channel ◽

Variational Mode Decomposition ◽

Secret Key ◽

Intrinsic Mode Functions ◽

Side Channel Attacks ◽

Mode Decomposition ◽

Noisy Conditions ◽

Correlation Power Analysis ◽

Evaluation Board

Side channel attacks (SCAs) are now a real threat to cryptographic devices and correlation power analysis (CPA) is the most powerful attack. So far, a CPA attack usually exploits the leakage information from raw power consumption traces that collected from the attack device. In real attack scenarios, these traces collected from measurement equipment are usually contaminated by noise resulting in a decrease in attack efficiency. In this paper, we propose a variant CPA attack that exploits the leakage information from intrinsic mode functions (IMFs) of the power traces. These IMFs are the results of the variational mode decomposition (VMD) process on the raw power traces. This attack technique decreases the number of power traces for correctly recovering the secret key by approximately 13% in normal conditions and 60% in noisy conditions compared to a traditional CPA attack. Experiments were performed on power traces of AES-128 implemented in both microcontroller and FPGA by Sakura-G/W side channel evaluation board to verify the effectiveness of our method.

Download Full-text

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i2.107-131 ◽

2019 ◽

pp. 107-131 ◽

Cited By ~ 4

Author(s):

Benjamin Timon

Keyword(s):

Neural Networks ◽

Sensitivity Analysis ◽

Deep Learning ◽

New Method ◽

Invariance Property ◽

Side Channel ◽

Translation Invariance ◽

Secret Key ◽

Side Channel Attacks ◽

Learning Techniques

Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis [MPP16]. Until now, studies have been focused on applying Deep Learning techniques to perform Profiled Side-Channel attacks where an attacker has a full control of a profiling device and is able to collect a large amount of traces for different key values in order to characterize the device leakage prior to the attack. In this paper we introduce a new method to apply Deep Learning techniques in a Non-Profiled context, where an attacker can only collect a limited number of side-channel traces for a fixed unknown key value from a closed device. We show that by combining key guesses with observations of Deep Learning metrics, it is possible to recover information about the secret key. The main interest of this method is that it is possible to use the power of Deep Learning and Neural Networks in a Non-Profiled scenario. We show that it is possible to exploit the translation-invariance property of Convolutional Neural Networks [CDP17] against de-synchronized traces also during Non-Profiled side-channel attacks. In this case, we show that this method can outperform classic Non-Profiled attacks such as Correlation Power Analysis. We also highlight that it is possible to break masked implementations in black-box, without leakages combination pre-preprocessing and with no assumptions nor knowledge about the masking implementation. To carry the attack, we introduce metrics based on Sensitivity Analysis that can reveal both the secret key value as well as points of interest, such as leakages and masks locations in the traces. The results of our experiments demonstrate the interests of this new method and show that this attack can be performed in practice.

Download Full-text

Efficiency through Diversity in Ensemble Models applied to Side-Channel Attacks

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.60-96 ◽

2021 ◽

pp. 60-96

Author(s):

Gabriel Zaid ◽

Lilian Bossuet ◽

Amaury Habrard ◽

Alexandre Venelli

Keyword(s):

Deep Learning ◽

Model Performance ◽

Public Key ◽

Side Channel ◽

Ensemble Model ◽

Secret Key ◽

Side Channel Attacks ◽

Ensemble Models ◽

Remaining Time ◽

Multiple Scenarios

Deep Learning based Side-Channel Attacks (DL-SCA) are considered as fundamental threats against secure cryptographic implementations. Side-channel attacks aim to recover a secret key using the least number of leakage traces. In DL-SCA, this often translates in having a model with the highest possible accuracy. Increasing an attack’s accuracy is particularly important when an attacker targets public-key cryptographic implementations where the recovery of each secret key bits is directly related to the model’s accuracy. Commonly used in the deep learning field, ensemble models are a well suited method that combine the predictions of multiple models to increase the ensemble accuracy by reducing the correlation between their errors. Linked to this correlation, the diversity is considered as an indicator of the ensemble model performance. In this paper, we propose a new loss, namely Ensembling Loss (EL), that generates an ensemble model which increases the diversity between the members. Based on the mutual information between the ensemble model and its related label, we theoretically demonstrate how the ensemble members interact during the training process. We also study how an attack’s accuracy gain translates to a drastic reduction of the remaining time complexity of a side-channel attacks through multiple scenarios on public-key implementations. Finally, we experimentally evaluate the benefits of our new learning metric on RSA and ECC secure implementations. The Ensembling Loss increases by up to 6.8% the performance of the ensemble model while the remaining brute-force is reduced by up to 222 operations depending on the attack scenario.

Download Full-text

When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i2.196-221 ◽

2020 ◽

pp. 196-221

Author(s):

Alejandro Cabrera Aldaya ◽

Billy Bob Brumley

Keyword(s):

Side Channel ◽

Security Threats ◽

Integer Factorization ◽

Success Rates ◽

Side Channel Attacks ◽

Side Channel Analysis ◽

Factorization Problem ◽

Integer Factorization Problem ◽

Channel Analysis ◽

Single Trace

Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves.We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. It reduces mbedTLS ECDSA security to an integer factorization problem. An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%.

Download Full-text

Information Theoretic Security for Shannon Cipher System under Side-Channel Attacks †

Entropy ◽

10.3390/e21050469 ◽

2019 ◽

Vol 21 (5) ◽

pp. 469 ◽

Cited By ~ 3

Author(s):

Bagus Santoso ◽

Yasutada Oohama

Keyword(s):

Linear Codes ◽

Source Coding ◽

Achievable Rate ◽

Side Channel ◽

Secret Key ◽

Side Channel Attacks ◽

Rate Region ◽

Physical Information ◽

Shannon Cipher ◽

The One

In this paper, we propose a new theoretical security model for Shannon cipher systems under side-channel attacks, where the adversary is not only allowed to collect ciphertexts by eavesdropping the public communication channel but is also allowed to collect the physical information leaked by the devices where the cipher system is implemented on, such as running time, power consumption, electromagnetic radiation, etc. Our model is very robust as it does not depend on the kind of physical information leaked by the devices. We also prove that in the case of one-time pad encryption, we can strengthen the secrecy/security of the cipher system by using an appropriate affine encoder. More precisely, we prove that for any distribution of the secret keys and any measurement device used for collecting the physical information, we can derive an achievable rate region for reliability and security such that if we compress the ciphertext using an affine encoder with a rate within the achievable rate region, then: (1) anyone with a secret key will be able to decrypt and decode the ciphertext correctly, but (2) any adversary who obtains the ciphertext and also the side physical information will not be able to obtain any information about the hidden source as long as the leaked physical information is encoded with a rate within the rate region. We derive our result by adapting the framework of the one helper source coding problem posed and investigated by Ahlswede and Körner (1975) and Wyner (1975). For reliability and security, we obtain our result by combining the result of Csizár (1982) on universal coding for a single source using linear codes and the exponential strong converse theorem of Oohama (2015) for the one helper source coding problem.

Download Full-text

Victims Can Be Saviors

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3439189 ◽

2021 ◽

Vol 17 (2) ◽

pp. 1-31

Author(s):

Manaar Alam ◽

Sarani Bhattacharya ◽

Debdeep Mukhopadhyay

Keyword(s):

Machine Learning ◽

Security Analysis ◽

False Positives ◽

Machine Learning Techniques ◽

Side Channel ◽

Detection Accuracy ◽

Secret Key ◽

Side Channel Attacks ◽

Detection Mechanism ◽

Novel Approach

Micro-architectural side-channel attacks are major threats to the most mathematically sophisticated encryption algorithms. In spite of the fact that there exist several defense techniques, the overhead of implementing the countermeasures remains a matter of concern. A promising strategy is to develop online detection and prevention methods for these attacks. Though some recent studies have devised online prevention mechanisms for some categories of these attacks, still other classes remain undetected. Moreover, to detect these side-channel attacks with minimal False Positives is a challenging effort because of the similarity of their behavior with computationally intensive applications. This article presents a generalized machine learning--based multi-layer detection technique that targets these micro-architectural side-channel attacks, while not restricting its attention only on a single category of attacks. The proposed mechanism gathers low-level system information by profiling performance counter events using Linux perf tool and then applies machine learning techniques to analyze the data. A novel approach using time-series analysis of the data is implemented to find out the correlation of the execution trace of the attack process with the secret key of encryption, which helps in dealing with False-Positives and unknown attacks. This article also provides a detailed theoretical analysis of the detection mechanism of the proposed model along with its security analysis. The experimental results show that the proposed method is superior to the state-of-the-art reported techniques with high detection accuracy, low False Positives, and low implementation overhead while being able to detect before the completion of the attack.

Download Full-text

Improving recent side-channel attacks against the DES key schedule

Journal of Cryptographic Engineering ◽

10.1007/s13389-021-00279-2 ◽

2021 ◽

Author(s):

Andreas Wiemers ◽

Johannes Mittmann

Keyword(s):

Measurement Data ◽

Continuous Model ◽

Data Encryption ◽

Side Channel ◽

Channel Measurements ◽

Side Channel Attacks ◽

Enumeration Algorithm ◽

Leakage Model ◽

Key Schedule ◽

Lattice Point Enumeration

AbstractRecent publications consider side-channel attacks against the key schedule of the Data Encryption Standard (DES). These publications identify a leakage model depending on the XOR of register values in the DES key schedule. Building on this leakage model, we first revisit a discrete model which assumes that the Hamming distances between subsequent round keys leak without error. We analyze this model formally and provide theoretical explanations for observations made in previous works. Next we examine a continuous model which considers more points of interest and also takes noise into account. The model gives rise to an evaluation function for key candidates and an associated notion of key ranking. We develop an algorithm for enumerating key candidates up to a desired rank which is based on the Fincke–Pohst lattice point enumeration algorithm. We derive information-theoretic bounds and estimates for the remaining entropy and compare them with our experimental results. We apply our attack to side-channel measurements of a security controller. Using our enumeration algorithm we are able to significantly improve the results reported previously for the same measurement data.

Download Full-text

Measurement-device-independent semiquantum key distribution

International Journal of Quantum Information ◽

10.1142/s0219749918500120 ◽

2018 ◽

Vol 16 (02) ◽

pp. 1850012 ◽

Cited By ~ 8

Author(s):

Jinjun He ◽

Qin Li ◽

Chunhui Wu ◽

Wai Hong Chan ◽

Shengyu Zhang

Keyword(s):

Key Distribution ◽

The Other ◽

Side Channel ◽

Secret Key ◽

Side Channel Attacks ◽

Measurement Device ◽

Real World Applications ◽

Almost All ◽

First Time ◽

Measurement Device Independent

Semiquantum key distribution (SQKD) allows two parties to share a common string when one of them is quantum and the other has rather limited quantum capability. Almost all existing SQKD protocols have been proved to be robust in theory, namely that if an eavesdropper tries to gain information, he will inevitably induce some detectable errors. However, ideal devices do not exist in reality and their imperfection may result in side-channel attacks, which can be used by an adversary to get some information on the secret key string. In this paper, we design a measurement-device-independent SQKD protocol for the first time, which can remove the threat of all detector side-channel attacks and show that it is also robust. In addition, we discuss the possible use of the proposed protocol in real-world applications and in QKD networks.

Download Full-text

Improved Timing Attacks against the Secret Permutation in the McEliece PKC

International Journal of Computers Communications & Control ◽

10.15837/ijccc.2017.1.2780 ◽

2016 ◽

Vol 12 (1) ◽

pp. 7 ◽

Cited By ~ 2

Author(s):

Dominic Bucerzan ◽

Pierre-Louis Cayrel ◽

Vlad Dragoi ◽

Tania Richmond

Keyword(s):

Minimum Distance ◽

Public Key ◽

Side Channel ◽

Public Key Cryptosystem ◽

Hamming Weight ◽

Secret Key ◽

Decoding Algorithm ◽

Side Channel Attacks ◽

Decoding Algorithms ◽

Timing Attacks

In this paper, we detail two side-channel attacks against the McEliece public-key cryptosystem. They are exploiting timing differences on the Patterson decoding algorithm in order to reveal one part of the secret key: the support permutation. The first one is improving two existing timing attacks and uses the correlation between two different steps of the decoding algorithm. This improvement can be deployed on all error-vectors with Hamming weight smaller than a quarter of the minimum distance of the code. The second attack targets the evaluation of the error locator polynomial and succeeds on several different decoding algorithms. We also give an appropriate countermeasure.

Download Full-text