Analysis of Nonparametric Estimation Methods for Mutual Information Analysis

Mutual Information Analysis (MIA) is a side-channel attack introduced recently. It uses mutual information, a known information theory notion, as a side-channel distinguisher. Most previous attacks use parametric statistical tests and the attacker assumes that the distribution family of the targeted side-channel leakage information is known. On the contrary, MIA is a generic attack that assumes the least possible about the underlying hardware specifications. For example, an attacker should not have to guess a linear power model and combine it with a parametric test, like the Pearson correlation factor. Mutual information is considered to be very powerful however it is difficult to estimate. Results of MIA can therefore be unreliable and even bias. Several efficient parametric estimators of mutual information are proposed in the literature. They are obviously very efficient when the distribution is correctly guessed. However, we loose the original goal of MIA which is to assume the least possible about the attacked devices. Hence, nonparametric estimators of mutual information should be considered in more details and, in particular, their efficiency in the side-channel context.We review some of the most powerful nonparametric methods and compare their performance with state-of-the-art side-channel distinguishers.

[1]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[2]  B. Pompe Measuring statistical dependences in a time series , 1993 .

[3]  Carsten O. Daub,et al.  Estimating mutual information using B-spline functions – an improved similarity measure for analysing gene expression data , 2004, BMC Bioinformatics.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Lejla Batina,et al.  Differential Cluster Analysis , 2009, CHES.

[6]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[7]  M. Kendall A NEW MEASURE OF RANK CORRELATION , 1938 .

[8]  A. Kraskov,et al.  Estimating mutual information. , 2003, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[10]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[11]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[12]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[13]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[14]  Thanh-Ha Le,et al.  Mutual Information Analysis under the View of Higher-Order Statistics , 2010, IWSEC.

[15]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[16]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[17]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[18]  L. A. Goodman,et al.  Measures of association for cross classifications , 1979 .

[19]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[20]  Emmanuel Prouff,et al.  Theoretical and Practical Aspects of Mutual Information Based Side Channel Analysis , 2009, ACNS.

[21]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[22]  R. A. Leibler,et al.  On Information and Sufficiency , 1951 .

[23]  Sylvain Guilley,et al.  About Probability Density Function Estimation for Side Channel Analysis , 2010 .

[24]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[25]  Pankaj Rohatgi,et al.  Cryptographic Hardware and Embedded Systems Ches 2008 , 2009 .

[26]  Alexandre Venelli,et al.  Efficient Entropy Estimation for Mutual Information Analysis Using B-Splines , 2010, WISTP.

[27]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[28]  Lejla Batina,et al.  Comparative Evaluation of Rank Correlation Based DPA on an AES Prototype Chip , 2008, ISC.

[29]  L. A. Goodman,et al.  Measures of Association for Cross Classifications. II: Further Discussion and References , 1959 .

[30]  Christof Paar,et al.  A Comparative Study of Mutual Information Analysis under a Gaussian Assumption , 2009, WISA.

[31]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[32]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[33]  Masakatsu Nishigaki,et al.  Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings , 2011, IWSEC.

[34]  D. Kugiumtzis,et al.  Evaluation of mutual information estimators on nonlinear dynamic systems , 2008, 0809.2149.

[35]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.

[36]  Moon,et al.  Estimation of mutual information using kernel density estimators. , 1995, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[37]  G. Udny Yule ON SOME PROPERTIES OF NORMAL DISTRIBUTIONS, UNIVARIATE AND BIVARIATE, BASED ON SUMS OF SQUARES OF FREQUENCIES , 1938 .

[38]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.