Abstract
Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
As argued in [17], the guessing entropy can be computed out of all the \(o\)th order success rates.
This notion of stability had already been employed in [13], to accelerate an attack convergence by filtering out small changes in subkeys rank after stability is reached.
It is usually referred to as EIS, short for Equal Images under different Subkeys.
We number bits of an AES state from 0 to 127, starting from the most significant bit of byte 0 to the least significant bit of byte 15.
References
Brier, É., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: CHES, LNCS, vol. 3156, pp. 16–29. Springer: Cambridge (2004)
Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards. In. In Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147 (1999)
Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: CHES, LNCS, vol. 2523, pp. 13–28. Springer (2002). San Francisco Bay (Redwood City), USA
Elaabid, M.A., Guilley, S.: Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator. In: AFRICACRYPT, LNCS, vol. 6055, pp. 243–260. Springer (2010). Stellenbosch, South Africa. doi:10.1007/978-3-642-12678-9_15
Eo, Y., Eisenstadt, W., Jeong, J.Y., Kwon, O.K.: A new on-chip interconnect crosstalk model and experimental verification for CMOS VLSI circuit design. Electron Dev. IEEE Trans. 47(1), 129–140 (2000)
Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates versus Stochastic Methods. In: CHES, LNCS, vol. 4249, pp. 15–29. Springer: Yokohama (2006)
Heuser, A., Kasper, M., Schinder, W., Stöttinger, M.: How a Symmetry Metric Assists Side-Channel Evaluation—A Novel Model Verification Method for Power Analysis. In: 14th Euromicro Conference on Digital System Design Architectures, Methods and Tools (DSD 2011). IEEE (2011)
Heuser, A., Kasper, M., Schindler, W., Stöttinger, M.: A new difference method for side-channel analysis with high-dimensional leakage models. In: O. Dunkelman (ed.) CT-RSA, Lecture Notes in Computer Science, vol. 7178, pp. 365–382. Springer (2012)
Jolliffe, I.: Principal Component Analysis. Springer, London (1986)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: CRYPTO, LNCS, vol. 1666, pp. 388–397. Springer (1999)
Li, Y., Nakatsu, D., Li, Q., Ohta, K., Sakiyama, K.: Clockwise Collision Analysis - Overlooked Side-Channel Leakage Inside Your Measurements. Cryptology ePrint Archive, Report 2011/579 (2011). http://eprint.iacr.org/2011/579
Nakasone, T., Li, Y., Sasaki, Y., Iwamoto, M., Ohta, K., Sakiyama, K.: Key-Dependent Weakness of AES-Based Ciphers under Clockwise Collision Distinguisher. In: T. Kwon, M.K. Lee, D. Kwon (eds.) ICISC, Lecture Notes in Computer Science, vol. 7839, pp. 395–409. Springer (2012)
Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: “Rank Correction”: A New Side-Channel Approach for Secret Key Recovery. In: M. Joye, D. Mukhopadhyay, M. Tunstall (eds.) InfoSecHiComNet, Lecture Notes in Computer Science, vol. 7011, pp. 128–143. Springer (2011)
Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: a Small and Fast Countermeasure for AES, Secure against First- and Second-order Zero-Offset SCAs. In: DATE, pp. 1173–1178 (2012). Dresden, Germany. (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”). On-line version: http://hal.archives-ouvertes.fr/hal-00666337/en
Nieuwland, A.K., Katoch, A., Meijer, M.: Reducing Cross-Talk Induced Power Consumption and Delay. In: E. Macii, O.G. Koufopavlou, V. Paliouras (eds.) Integrated Circuit and System Design, Power and Timing Modeling, Optimization and Simulation, Lecture Notes in Computer Science, vol. 3254, pp. 179–188. Springer (2004)
Paige, C.C., Saunders, M.A.: LSQR: an algorithm for sparse linear equations and sparse least squares. ACM Trans. Math. Softw. 8(1), 43–71 (1982). doi:10.1145/355984.355989
Rivain, M.: On the Exact Success Rate of Side Channel Analysis in the Gaussian Model. In: Selected Areas in Cryptography, LNCS, vol. 5381, pp. 165–183. Springer: Sackville, New Brunswick (2008)
Satoh, A.: Side-channel Attack Standard Evaluation Board, SASEBO. Project of the AIST—RCIS (Research Center for Information Security), http://www.risec.aist.go.jp/project/sasebo/
Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: J.R. Rao, B. Sunar (eds.) CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 30–46. Springer: Edinburgh (2005)
Standaert, F.X., Bulens, P., de Meulenaer, G., Veyrat-Charvillon, N.: Improving the Rules of the DPA Contest. Cryptology ePrint Archive, Report 2008/517 (2008). http://eprint.iacr.org/2008/517
Standaert, F.X., Malkin, T., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer: Cologne (2009)
TELECOM ParisTech SEN research group: DPA Contest (2nd edn) (2009–2010). http://www.DPAcontest.org/v2/
Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.X.: An Optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks. In: Selected Areas in Cryptography (2012)
Acknowledgments
The organization of the DPA contest would have not been possible without the active contribution of many people from Télécom ParisTech in France (Guillaume Duc, Jean-Luc Danger, Moulay Abdelaziz Elaabid, Florent Flament, Sylvain Guilley, Philippe Hoogvorst, Olivier Meynard, Frédéric Pauget, Laurent Sauvage), from Université Catholique de Louvain in Belgium (Philippe Bulens, François-Xavier Standaert, Nicolas Veyrat-Charvillon) and from Tohoku University in Japan (Naofumi Homma).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Clavier, C., Danger, JL., Duc, G. et al. Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest. J Cryptogr Eng 4, 259–274 (2014). https://doi.org/10.1007/s13389-014-0075-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-014-0075-9