Abstract
Differential Power Analysis (DPA) is often preceded by various noise reduction techniques. Digital Signal Processing (DSP) and Principal Component Analysis (PCA) have found their numerous applications in this area. However, most of them either require explicit profiling/semi-profiling step or depend on some heuristically chosen parameters. In this paper, we propose optimal pre-processing of power traces in non-profiling setup using an optimum linear filter and an approximate optimum linear filter. We have also empirically evaluated the proposed filters in several noisy scenarios which show significant improvements in the results of Correlation Power Analysis (CPA) over the existing pre-processing techniques. We have further investigated the optimality of the one proposed pre-processing technique by comparing it with a profiling attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, New York (2007)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of power analysis attacks on smartcards. In: USENIX Workshop on Smartcard Technology, pp. 151–162 (1999)
Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)
Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005)
Gebotys, C.H., Ho, S., Tiu, C.C.: EM analysis of Rijndael and ECC on a Wireless Java-based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)
Plos, T., Hutter, M., Feldhofer, M.: On comparing side-channel preprocessing techniques for attacking RFID devices. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 163–177. Springer, Heidelberg (2009)
Barenghi, A., Pelosi, G., Teglia, Y.: Improving first order differential power attacks through digital signal processing. In: Makarevich, O.B., Elçi, A., Orgun, M.A., Huss, S.A., Babenko, L.K., Chefranov, A.G., Varadharajan, V. (eds.) SIN, pp. 124–133. ACM, New York (2010)
Kasper, T., Oswald, D., Paar, C.: Side-channel analysis of cryptographic RFIDs with analog demodulation. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 61–77. Springer, Heidelberg (2012)
Souissi, Y., Nassar, M., Guilley, S., Danger, J.-L., Flament, F.: First principal components analysis: a new side channel distinguisher. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 407–419. Springer, Heidelberg (2011)
Batina, L., Hogenboom, J., van Woudenberg, J.G.J.: Getting more from PCA: first results of using principal component analysis for extensive power analysis. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 383–397. Springer, Heidelberg (2012)
Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 219–233. Springer, Heidelberg (2013)
Hajra, S., Mukhopadhyay, D.: Pushing the limit of non-profiling DPA using multivariate leakage model. Cryptology ePrint Archive, Report 2013/849 (2013). http://eprint.iacr.org/
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)
Le, T.-H., Clédière, J., Canovas, C., Robisson, B., Servière, C., Lacoume, J.-L.: A proposition for correlation power analysis enhancement. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 174–186. Springer, Heidelberg (2006)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)
Akkar, M.-L., Bévan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 489. Springer, Heidelberg (2000)
Coron, J.-S., Naccache, D., Kocher, P.C.: Statistics and secret leakage. ACM Trans. Embed. Comput. Syst. 3(3), 492–508 (2004)
Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)
Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. Cryptology ePrint Archive, Report 2013/717 (2013). http://eprint.iacr.org/
Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006)
Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. stochastic methods. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 15–29. Springer, Heidelberg (2006)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)
Katashita, T., Satoh, A., Sugawara, T., Homma, N., Aoki, T.: Development of side-channel attack standard evaluation environment. In: European Conference on Circuit Theory and Design 2009, ECCTD 2009, pp. 403–408 (2009)
Tian, Q., Huss, S.A.: Power amount analysis: an efficient means to reveal the secrets in cryptosystems. Int. J. Cyber-Secur. Digit. Forensics 1(2), 99–114 (2012)
Sills, J., Kamen, E.: Time-varying matched filters. Circuits Syst. Sign. Process. 15(5), 609–630 (1996). http://dx.doi.org/10.1007/BF01188985 [Online]
Wikipedia: Matched filter – Wikipedia, The Free Encyclopedia (2013). http://en.wikipedia.org/wiki/. Accessed 20 December 2013 [Online]
Acknowledgements
We thank Shivam Bhasin of TELECOM-ParisTech, France for pointing out the window selection methods using NICV. This research work is partially funded by Department of Information Technology, India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Experimental Setup and Pre-processing
For all the experiments, we have used standard side-channel evaluation board SASEBO-GII [25] which consists of a cryptographic FPGA device: Virtex-5 XC5VLX50. The cryptographic FPGA is driven by a clock frequency of 2 MHz. During the encryption process, voltage drops across VCC and GND of Virtex-5 are captured by Tektronix MSO 4034B Oscilloscope at the rate of 2.5 GS/s i.e. \(1,250\) samples per clock period.
The traces acquired using the above setup are already horizontally aligned. However, they are not vertically aligned. The vertical alignment of the traces are performed by subtracting the DC bias from each sample point of the traces. The DC bias of each trace is computed by averaging the leakages of a window taken from a region when no computation is going on. This step is also necessary since the derived impulse response of the proposed filters is sensitive to the absolute value of mean leakages.
For mounting the attacks, we selected a window of \(300\) sample points around the last round register update. After transforming into a different domain, variance of some of the sample points may become very close to zero in the new domain. As a result, while applying AOF in this new domain, the weights (which are mean/variance of the sample points) of those sample points may become very high even if their mean leakages are very less. In other words, due to very low variance, some low SNR sample points may get very high weight. We solved this problem by setting the weight of a sample point having variance less than a fraction of \(1/2000\) of the maximum variance to zero.
B Results of Other Attacks
The performances of some more attacks have been compared. The results are shown Fig. 6 for all the four scenarios (see Sect. 5). Scalar Product is introduced in [13] where CPA is first performed on each of the sample points independently and then the final outputs are computed by taking the weighted sum of the outputs of CPA over all the sample points. In Avg, the traces are pre-processed by taking the absolute average the leakages over all the sample points and then CPA is applied on the average values. In Var [26], CPA is performed on the variance of the traces.
C Proof of Lemma 2
A formal proof of the theorem can be found in [27]. However, we will follow the proof of [28]. In Eq. (8), SR is given as,
The term \(\tilde{i}^2\) in the RHS of the above expression does not have any influence when we maximize SR. Thus by neglecting it, we re-write the above expression as
Now, if \(\mathbf {\Sigma }_{\mathbf {L}}\) is not invertible, a subset of the \(\tau \) sample points of size \(rank(\mathbf {\Sigma }_{\mathbf {L}})\) can be chosen such that the covariance matrix of the chosen sample points is invertible and all the computations can be carried out in this lower dimension. Thus, without loss of generality, we assume \(\mathbf {\Sigma }_{\mathbf {L}}\) is positive definite. Thus, the above expression of SR can be written as
Using the Cauchy-Schwarz inequality on the numerator of the RHS of the above expression, the SR is upper bounded by
And, this upper bound is achieved when \(\mathbf {\Sigma }_{\mathbf {L}}^{1/2}\mathbf {h} = \alpha \mathbf {\Sigma }_{\mathbf {L}}^{-1/2}\mathbf {a}\) or \(\mathbf {h} = \alpha \mathbf {\Sigma }_{\mathbf {L}}^{-1} \mathbf {a}\) for some normalization factor \(\alpha \). Setting the value of \(\alpha \) to one, we complete the proof.
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Hajra, S., Mukhopadhyay, D. (2014). On the Optimal Pre-processing for Non-profiling Differential Power Analysis. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2014. Lecture Notes in Computer Science(), vol 8622. Springer, Cham. https://doi.org/10.1007/978-3-319-10175-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-10175-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10174-3
Online ISBN: 978-3-319-10175-0
eBook Packages: Computer ScienceComputer Science (R0)