Over the last several years, side-channel analysis has emerged as a major threat to securing sensitive information in hardware and systems. The list of side-channels that have been (re)discovered include timing [8] micro-architectural anomalies [1, 5, 12, 13], power consumption [9], electromagnetic emanations [2, 7, 14], optical [10, 11] and acoustic leakage [4]. These side-channels have been used to break implementations of all major cryptographic algorithms (such as DES, AES, RSA, Diffie-Hellman, Elliptic curves, COMP128, etc.) both in software and in hardware as well as for extracting information directly from peripherals. Concurrently a variety of side-channel analysis techniques have been developed to perform these attacks. These techniques include simple power/EM analysis (SPA/SEMA), differential power/EM analysis (DPA/DEMA), higher-order DPA/DEMA, inferential power analysis (IPA), partitioning attacks, collision attacks, hidden Markov model, etc. In fact, side-channel analysis is so powerful that most attacks succeed, in practice, using only a fraction of the information present within the side-channel(s)! Typically, these techniques do not analyze the characteristics of the noise present within the side-channel signals, but try to remove it by averaging over a large number of samples. Related leakages that occur at different times in a side-channel trace are not combined to extract more information, and leakages from multiple sidechannels are rarely combined. Therefore, if such techniques fail to break an implementation using a small number of side-channel signals, it cannot be assumed that the implementation is immune to side-channel attacks involving a limited number of side-channel traces. This question is particularly important to vendors, since there are several system-level side-channel countermeasures [9] based on nonlinear key updates that rely on the assumption that an adversary cannot extract the key from a single (or few) side-channel trace(s). This question is also pertinent to
[1]
Rakesh Agrawal,et al.
Keyboard acoustic emanations
,
2004,
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[2]
Markus G. Kuhn,et al.
Optical time-domain eavesdropping risks of CRT displays
,
2002,
Proceedings 2002 IEEE Symposium on Security and Privacy.
[3]
Siva Sai Yerubandi,et al.
Differential Power Analysis
,
2002
.
[4]
Dakshi Agrawal,et al.
Templates as Master Keys
,
2005,
CHES.
[5]
Dakshi Agrawal,et al.
The EM Side-Channel(s)
,
2002,
CHES.
[6]
Jean-Jacques Quisquater,et al.
ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards
,
2001,
E-smart.
[7]
Neal Koblitz,et al.
Advances in Cryptology — CRYPTO ’96
,
2001,
Lecture Notes in Computer Science.
[8]
David A. Umphress,et al.
Information leakage from optical emanations
,
2002,
TSEC.
[9]
H. V. Trees.
Detection, Estimation, And Modulation Theory
,
2001
.
[10]
Onur Aciiçmez,et al.
Predicting Secret Keys Via Branch Prediction
,
2007,
CT-RSA.
[11]
Harry L. Van Trees,et al.
Detection, Estimation, and Modulation Theory, Part I
,
1968
.
[12]
Paul C. Kocher,et al.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
,
1996,
CRYPTO.
[13]
Pankaj Rohatgi,et al.
Template Attacks
,
2002,
CHES.
[14]
Francis Olivier,et al.
Electromagnetic Analysis: Concrete Results
,
2001,
CHES.
[15]
Adi Shamir,et al.
Cache Attacks and Countermeasures: The Case of AES
,
2006,
CT-RSA.