Beyond the Limits of DPA: Combined Side-Channel Collision Attacks

The problem of extracting the highest possible amount of key-related information using the lowest possible number of measurements is one of the central questions in side-channel attacks against embedded implementations of cryptographic algorithms. To address it, this work proposes a novel framework enhancing side-channel collision attacks with divide-and-conquer attacks such as differential power analysis (DPA). An information-theoretical metric is introduced for the evaluation of collision detection efficiency. Improved methods of dimension reduction for side-channel traces are developed based on a statistical model of euclidean distance. Experimental results confirm that DPA-combined collision attacks are superior to both DPA-only and collision-only attacks. The new methods of dimension reduction lead to further complexity improvements. All attacks are treated for the case of AES-128 and are practically validated on a widespread 8-bit RISC microcontroller.

[1]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[2]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[3]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[4]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[5]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[6]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[7]  Bart Preneel,et al.  Blind Differential Cryptanalysis for Enhanced Power Attacks , 2006, Selected Areas in Cryptography.

[8]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[9]  Frédéric Valette,et al.  Enhancing Collision Attacks , 2004, CHES.

[10]  Jongsung Kim,et al.  DES with any reduced masked rounds is not secure against side-channel attacks , 2010, Comput. Math. Appl..

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  Stefan Mangard,et al.  One for all - all for one: unifying standard differential power analysis attacks , 2011, IET Inf. Secur..

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Lejla Batina,et al.  Differential Cluster Analysis , 2009, CHES.

[15]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[16]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[17]  Brian A. Carter,et al.  Advanced Encryption Standard , 2007 .

[18]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[19]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[20]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[21]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[22]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[23]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[24]  Alex Biryukov,et al.  Two New Techniques of Side-Channel Cryptanalysis , 2007, CHES.

[25]  Andrey Bogdanov,et al.  Collision Attacks on AES-Based MAC: Alpha-MAC , 2007, CHES.

[26]  Christof Paar,et al.  Templates vs. Stochastic Methods , 2006, CHES.

[27]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[28]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[29]  Stefan Mangard,et al.  One for All - All for One: Unifying Standard DPA Attacks , 2009, IACR Cryptol. ePrint Arch..

[30]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[31]  Jerry den Hartog,et al.  You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation , 2009, WISA.

[32]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.