Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

[1]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[2]  Oh-Kyong Kwon,et al.  A new on-chip interconnect crosstalk model and experimental verification for CMOS VLSI circuit design , 2000 .

[3]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[4]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[5]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[6]  Christof Paar,et al.  Templates vs. stochastic methods : A performance analysis for side channel cryptanalysis , 2006 .

[7]  François-Xavier Standaert,et al.  Improving the Rules of the DPA Contest , 2008, IACR Cryptol. ePrint Arch..

[8]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[9]  Matthieu Rivain,et al.  On the Exact Success Rate of Side Channel Analysis in the Gaussian Model , 2009, Selected Areas in Cryptography.

[10]  Ian T. Jolliffe,et al.  Principal Component Analysis , 2002, International Encyclopedia of Statistical Science.

[11]  Sylvain Guilley,et al.  "Rank Correction": A New Side-Channel Approach for Secret Key Recovery , 2011, InfoSecHiComNet.

[12]  Werner Schindler,et al.  How a Symmetry Metric Assists Side-Channel Evaluation - A Novel Model Verification Method for Power Analysis , 2011, 2011 14th Euromicro Conference on Digital System Design.

[13]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[14]  André K. Nieuwland,et al.  Reducing Cross-Talk Induced Power Consumption and Delay , 2004, PATMOS.

[15]  Mitsugu Iwamoto,et al.  Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher , 2012, ICISC.

[16]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[17]  Michael A. Saunders,et al.  LSQR: An Algorithm for Sparse Linear Equations and Sparse Least Squares , 1982, TOMS.

[18]  Wolfgang Nebel,et al.  Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation , 2012, Lecture Notes in Computer Science.

[19]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[20]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Yang Li,et al.  Clockwise Collision Analysis - Overlooked Side-Channel Leakage Inside Your Measurements , 2011, IACR Cryptol. ePrint Arch..

[22]  Werner Schindler,et al.  A New Difference Method for Side-Channel Analysis with High-Dimensional Leakage Models , 2012, CT-RSA.

[23]  Sylvain Guilley,et al.  Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator , 2010, AFRICACRYPT.