SCATTER : A New Dimension in Side-Channel

Side-channel techniques have been progressing over the last few years, leading to the creation of a variety of statistical tools, aiming at extracting secrets handled in cryptographic algorithms. Noticeably, the vast majority of side-channel techniques requires to get the traces aligned together prior to applying statistics. This prerequisite turns out to be challenging in the practical realization of attacks as implementations tend to include hardware or software countermeasures to increase this difficulty. This is typically achieved by adding random jitters or random executions with fake operations. In this paper, we introduce the new side-channel technique scatter, whose potential is to tackle alignment issues. By construction, scatter brings an additional dimension and opens the door to a large set of potential new attack techniques. The effectiveness of scatter has been proven on both simulated traces and real world secure products. In summary scatter is a new side-channel technique offering a valuable alternative when the trace alignment represents an issue. Furthermore, scatter represents a suitable option for low-cost attacks, as the requirements in terms of equipment and expertise are significantly reduced.

[1]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[2]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[3]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[4]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[5]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[6]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[7]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[8]  Jean-Sébastien Coron,et al.  An Efficient Method for Random Delay Generation in Embedded Software , 2009, CHES.

[9]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[10]  Sylvain Guilley,et al.  Wavelet transform based pre-processing for side channel analysis , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[13]  Michael Tunstall,et al.  Masking Tables - An Underestimated Security Risk , 2013, FSE.

[14]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[15]  François-Xavier Standaert,et al.  How (not) to Use Welch's T-test in Side-Channel Security Evaluations , 2018, IACR Cryptol. ePrint Arch..

[16]  Michael Tunstall,et al.  Efficient Use of Random Delays in Embedded Software , 2007, WISTP.

[17]  Jasper G. J. van Woudenberg,et al.  RAM: Rapid Alignment Method , 2011, CARDIS.

[18]  Jean-Sébastien Coron,et al.  A New DPA Countermeasure Based on Permutation Tables , 2008, SCN.

[19]  Wei Liu,et al.  Wavelet-Based Noise Reduction in Power Analysis Attack , 2014, 2014 Tenth International Conference on Computational Intelligence and Security.

[20]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[21]  盛合 志帆 Fast software encryption : 20th International Workshop, FSE 2013, Singapore, March 11-13, 2013 : revised selected papers , 2014 .

[22]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[23]  Matthew J. B. Robshaw,et al.  Cryptographic Hardware and Embedded Systems – CHES 2014 , 2014, Lecture Notes in Computer Science.

[24]  Cécile Canovas,et al.  Using the Joint Distributions of a Cryptographic Function in Side Channel Analysis , 2014, COSADE.

[25]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[26]  Jasper G. J. van Woudenberg,et al.  Improving Differential Power Analysis by Elastic Alignment , 2011, CT-RSA.

[27]  Wil Michiels,et al.  Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough , 2016, CHES.

[28]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[29]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.

[30]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[31]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[32]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[33]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[34]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[35]  Matthew J. B. Robshaw,et al.  Cryptographic hardware and embedded systems - CHES 2014: 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings , 2014 .

[36]  Romain Poussier,et al.  Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach , 2016, CHES.

[37]  Sylvain Guilley,et al.  Time-Frequency Analysis for Second-Order Attacks , 2013, CARDIS.

[38]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.