Modified Template Attack Detecting Address Bus Signals of Equal Hamming Weight

Side channel attacks usually target implementations of cryptographic algorithms on smart cards or FPGA’s, but can also be used to recognize other microprocessor activities, such as program, instruction or argument executed. One particular article by Quisquater and Samyde [1] demonstrates how to automatically reverse engineer software code, based on power and electromagnetic signatures. In their article, it is stated that data/addresses of equal Hamming Weight (HW), such as 55 and AA cannot be distinguished without using localization principles (i.e positioning of tiny probes to identify the location of the emanation). Recent methods, such as the Template Attack [2] has overcome this limitation. This is achieved by building precise noise models using identical devices, prior to the attack. Key bytes or intermediate values of cryptographic algorithms, i.e data transfers , can be distinguished, using a Bayesian classifier, even for byte values of equal HW [2]. In this article we present experimental results, validating that the Template Attack can distinguish very similar micro processor activities. Using a modified Template Attack on electromagnetic emanation from smart cards, we are able to distinguish parallel address bus activities of equal HW. We also present an alternative method to select the application specific features necessary (i.e points of interest).

[1]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[2]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[3]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Jean-Jacques Quisquater,et al.  A new tool for non-intrusive analysis of smart cards based on electromagnetic emissions. The SEMA and DEMA methods , 2000 .

[5]  Einar Snekkenes,et al.  A Wireless Covert Channel on Smart Cards (Short Paper) , 2006, ICICS.

[6]  Isabelle Guyon,et al.  An Introduction to Variable and Feature Selection , 2003, J. Mach. Learn. Res..

[7]  David G. Stork,et al.  Pattern Classification , 1973 .

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Elisabeth Oswald,et al.  Practical Template Attacks , 2004, WISA.

[10]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[11]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[12]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[13]  Dakshi Agrawal,et al.  Multi-channel Attacks , 2003, CHES.

[14]  Pankaj Rohatgi,et al.  EMpowering Side-Channel Attacks , 2001, IACR Cryptology ePrint Archive.

[15]  Jean-Jacques Quisquater,et al.  Automatic Code Recognition for Smartcards Using a Kohonen Neural Network , 2002, CARDIS.

[16]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.