Entropy-based power attack

Recent works have shown that the mutual information is a generic side-channel distinguisher, since it detects any kind of statistical dependency between leakage observations and hypotheses on the secret. In this study the mutual information analysis (MIA) is tested in a noisy real world design. It indeed appears to be a powerful approach to break unprotected implementations. However, the MIA fails when applied on a DES cryptoprocessor with masked substitution boxes (Sboxes) in ROM. Nevertheless, this masking implementation remains sensitive to Higher-Order Differential Power Analysis (HO-DPA). For instance, an attack based on a variance analysis clearly shows the vulnerabilities of a first order masking countermeasure. We propose a novel approach to information-theoretic HO attacks, called the Entropy-based Power Analysis (EPA). This new attack gives a greatest importance to highly informative partitions and in the meantime better distinguishes between the key hypotheses. A thorough empirical evaluation of the proposed attack confirms the overwhelming advantage of this new approach when compared with MIA.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[3]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[4]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[5]  Andrei N. Kolmogorov,et al.  Logical basis for information theory and probability theory , 1968, IEEE Trans. Inf. Theory.

[6]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[7]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[8]  M. Wand Data-Based Choice of Histogram Bin Width , 1997 .

[9]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[10]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[11]  Fraser,et al.  Independent coordinates for strange attractors from mutual information. , 1986, Physical review. A, General physics.

[12]  Jean-Jacques Quisquater,et al.  FPGA Implementations of the DES and Triple-DES Masked Against Power Analysis Attacks , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[13]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[14]  C. D. Kemp,et al.  Density Estimation for Statistics and Data Analysis , 1987 .

[15]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[16]  John G. Proakis,et al.  Digital Communications , 1983 .

[17]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[18]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[19]  Bart Preneel,et al.  Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis. , 2009 .

[20]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[21]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[22]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[23]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.