Template Attacks on Different Devices

Template attacks remain a most powerful side-channel technique to eavesdrop on tamper-resistant hardware. They use a profiling step to compute the parameters of a multivariate normal distribution from a training device and an attack step in which the parameters obtained during profiling are used to infer some secret value (e.g. cryptographic key) on a target device. Evaluations using the same device for both profiling and attack can miss practical problems that appear when using different devices. Recent studies showed that variability caused by the use of either different devices or different acquisition campaigns on the same device can have a strong impact on the performance of template attacks. In this paper, we explore further the effects that lead to this decrease of performance, using four different Atmel XMEGA 256 A3U 8-bit devices. We show that a main difference between devices is a DC offset and we show that this appears even if we use the same device in different acquisition campaigns. We then explore several variants of the template attack to compensate for these differences. Our results show that a careful choice of compression method and parameters is the key to improving the performance of these attacks across different devices. In particular we show how to maximise the performance of template attacks when using Fisher’s Linear Discriminant Analysis or Principal Component Analysis. Overall, we can reduce the entropy of an unknown 8-bit value below 1.5 bits even when using different devices.

[1]  Denis Flandre,et al.  A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices , 2011, EUROCRYPT.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Akashi Satoh,et al.  High-Resolution Side-Channel Attack Using Phase-Based Waveform Matching , 2006, CHES.

[4]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[5]  Werner Schindler,et al.  A New Difference Method for Side-Channel Analysis with High-Dimensional Leakage Models , 2012, CT-RSA.

[6]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[7]  Sylvain Guilley,et al.  Portability of templates , 2012, Journal of Cryptographic Engineering.

[8]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[9]  Werner Schindler,et al.  How to Compare Profiled Side-Channel Attacks? , 2009, ACNS.

[10]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[11]  Christof Paar,et al.  Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World , 2011, CHES.

[12]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[13]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[14]  Markus G. Kuhn,et al.  Ecient Template Attacks , 2014 .

[15]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[16]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[17]  Emmanuel Prouff,et al.  Behind the Scene of Side Channel Attacks , 2013, ASIACRYPT.

[18]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[19]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.