Differential Cluster Analysis

We propose a new technique called Differential Cluster Analysis for side-channel key recovery attacks. This technique uses cluster analysis to detect internal collisions and it combines features from previously known collision attacks and Differential Power Analysis. It captures more general leakage features and can be applied to algorithmic collisions as well as implementation specific collisions. In addition, the concept is inherently multivariate. Various applications of the approach are possible: with and without power consumption model and single as well as multi-bit leakage can be exploited. Our findings are confirmed by practical results on two platforms: an AVR microcontroller with implemented DES algorithm and an AES hardware module. To our best knowledge, this is the first work demonstrating the feasibility of internal collision attacks on highly parallel hardware platforms. Furthermore, we present a new attack strategy for the targeted AES hardware module.

[1]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[2]  Christof Paar,et al.  Gaussian Mixture Models for Higher-Order Side Channel Analysis , 2007, CHES.

[3]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[4]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[5]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[6]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[7]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[8]  Lejla Batina,et al.  Comparative Evaluation of Rank Correlation Based DPA on an AES Prototype Chip , 2008, ISC.

[9]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[10]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[11]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[12]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[13]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[14]  Andrey Bogdanov,et al.  Collision Attacks on AES-Based MAC: Alpha-MAC , 2007, CHES.

[15]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[16]  David G. Stork,et al.  Pattern Classification , 1973 .

[17]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[18]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[19]  Sandra Dominikus,et al.  A Highly Regular and Scalable AES Hardware Architecture , 2003, IEEE Trans. Computers.

[20]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[21]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[22]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[23]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[24]  Alex Biryukov,et al.  Two New Techniques of Side-Channel Cryptanalysis , 2007, CHES.

[25]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[26]  Vipin Kumar,et al.  Introduction to Data Mining, (First Edition) , 2005 .

[27]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[28]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[29]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[30]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[31]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[32]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[33]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[34]  Frédéric Valette,et al.  Enhancing Collision Attacks , 2004, CHES.

[35]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[36]  Stefan Mangard,et al.  Power Analysis Attacks and Countermeasures , 2007, IEEE Design & Test of Computers.

[37]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[38]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[39]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[40]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .