Theoretical and Practical Aspects of Mutual Information Based Side Channel Analysis

A large variety of side channel analyses performed on embedded devices involve the linear correlation coefficient as wrong-key distinguisher. This coefficient is actually a sound statistical tool to quantify linear dependencies between univariate variables. However, when those dependencies are non-linear, the correlation coefficient stops being pertinent so that another statistical tool must be investigated. Recent works showed that the Mutual Information measure is a promising candidate, since it detects any kind of statistical dependency. Substituting it for the correlation coefficient may therefore be considered as a natural extension of the existing attacks. Nevertheless, the first applications published at CHES 2008 have revealed several limitations of the approach and have raised several questions. In this paper, an in-depth analysis of side channel attacks involving the mutual information is conducted. We expose their theoretical foundations and we assess their limitations and assets. Also, we generalize them to higher orders where they seem to be an efficient alternative to the existing attacks. Eventually, we provide simulations and practical experiments that validate our theoretical analyses.

[1]  M. Wand Data-Based Choice of Histogram Bin Width , 1997 .

[2]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[3]  Larry Wasserman,et al.  All of Statistics , 2004 .

[4]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[5]  Larry Wasserman,et al.  All of Statistics: A Concise Course in Statistical Inference , 2004 .

[6]  L. Györfi,et al.  Nonparametric entropy estimation. An overview , 1997 .

[7]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  Miguel Á. Carreira-Perpiñán,et al.  Mode-Finding for Mixtures of Gaussian Distributions , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[10]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[11]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[12]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[13]  B. Silverman Density estimation for statistics and data analysis , 1986 .

[14]  Andrew W. Moore,et al.  Nonparametric Density Estimation: Toward Computational Tractability , 2003, SDM.

[15]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[16]  Guido Bertoni,et al.  Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks , 2008, IEEE Transactions on Computers.

[17]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .