Side Channel Analysis against the ANSSI's protected AES implementation on ARM

In 2019, the ANSSI released a protected software implementation of AES running on an STM32 platform with ARM Cortex-M architecture, publicly available on Github. The release of the code was shortly followed by a first paper written by Bronchain et al. at Ches 2020, analyzing the security of the implementation and proposing some attacks. In order to propose fair comparisons for future attacks on this target device, this paper aims at presenting a new publicly available dataset, called ASCADv2 based on this implementation. Along with the dataset, we also provide a benchmark of deep learning based side-channel attacks, thereby extending the works of Bronchain et al. Our attacks revisit and leverage the multi-task learning approach, introduced by Maghrebi in 2020, in order to efficiently target several intermediate computations at the same time. We hope that this work will draw the community’s interest towards the evaluation of highly protected software AES, whereas some of the current public SCA datasets are nowadays reputed to be less and less challenging.

[1]  Nenghai Yu,et al.  An Enhanced Convolutional Neural Network in Side-Channel Attacks and Its Visualization , 2020, ArXiv.

[2]  Qiang Yang,et al.  An Overview of Multi-task Learning , 2018 .

[3]  Sebastian Ruder,et al.  An Overview of Multi-Task Learning in Deep Neural Networks , 2017, ArXiv.

[4]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[5]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[6]  Sylvain Guilley,et al.  Analysis and Improvements of the DPA Contest v4 Implementation , 2014, SPACE.

[7]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[8]  Emmanuel Prouff,et al.  Breaking Cryptographic Implementations Using Deep Learning Techniques , 2016, SPACE.

[9]  Pierre-Évariste Dagand,et al.  Tornado: Automatic Generation of Probing-Secure Masked Bitsliced Implementations , 2020, EUROCRYPT.

[10]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[11]  Demis Hassabis,et al.  Mastering the game of Go without human knowledge , 2017, Nature.

[12]  Werner Schindler,et al.  Efficient Solutions of the CHES 2018 AES Challenge Using Deep Residual Neural Networks and Knowledge Distillation on Adversarial Examples , 2020, IACR Cryptol. ePrint Arch..

[13]  Jian Sun,et al.  Identity Mappings in Deep Residual Networks , 2016, ECCV.

[14]  François-Xavier Standaert,et al.  Side-Channel Countermeasures' Dissection and the Limits of Closed Source Security Evaluations , 2019, IACR Cryptol. ePrint Arch..

[15]  Alan Hanjalic,et al.  Make Some Noise: Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019, IACR Cryptol. ePrint Arch..

[16]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[17]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[18]  Manfred von Willich A Technique with an Information-Theoretic Basis for Protecting Secret Data from Differential Power Attacks , 2001, IMACC.

[19]  Sylvain Guilley,et al.  Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory , 2014, IACR Cryptol. ePrint Arch..

[20]  Emmanuel Prouff,et al.  Deep learning for side-channel analysis and introduction to ASCAD database , 2019, Journal of Cryptographic Engineering.

[21]  Alain Passelègue,et al.  Unifying Leakage Models on a Rényi Day , 2019, IACR Cryptol. ePrint Arch..

[22]  François-Xavier Standaert,et al.  Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages , 2008, CHES.

[23]  Éliane Jaulmes,et al.  A Systematic Appraisal of Side Channel Evaluation Strategies , 2020, SSR.

[24]  Yuanyuan Zhou,et al.  Deep learning mitigates but does not annihilate the need of aligned traces and a generalized ResNet model for side-channel attacks , 2019, Journal of Cryptographic Engineering.

[25]  Cécile Canovas,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[26]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[27]  Markus G. Kuhn,et al.  Efficient Template Attacks , 2013, CARDIS.

[28]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[29]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[30]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[31]  Andreas Stolcke,et al.  The Microsoft 2017 Conversational Speech Recognition System , 2017, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[32]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[33]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version , 2015, Journal of Cryptology.

[34]  Houssem Maghrebi,et al.  Deep Learning based Side-Channel Attack: a New Profiling Methodology based on Multi-Label Classification , 2020, IACR Cryptol. ePrint Arch..

[35]  Vincent Rijmen,et al.  AES and the Wide Trail Design Strategy , 2002, EUROCRYPT.

[36]  Lilian Bossuet,et al.  Methodology for Efficient CNN Architectures in Profiling Attacks , 2019, IACR Cryptol. ePrint Arch..

[37]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[38]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[39]  Bart Preneel,et al.  Revisiting a Methodology for Efficient CNN Architectures in Profiling Attacks , 2020, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[40]  Peter Schwabe,et al.  Faster and Timing-Attack Resistant AES-GCM , 2009, CHES.

[41]  Maciej Skorski,et al.  Optimal Amplification of Noisy Leakages , 2016, TCC.

[42]  Christophe Clavier,et al.  Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest , 2014, Journal of Cryptographic Engineering.

[43]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[44]  Romain Poussier,et al.  Key enumeration, rank estimation and horizontal side-channel attacks , 2018 .