• PDF / 1,778,676 Bytes
• 21 Pages / 439.37 x 666.142 pts Page_size
• 92 Downloads / 142 Views

DOWNLOAD

REPORT

Abstract. Classical side-channel analysis include statistical attacks which require the knowledge of either the plaintext or the ciphertext to predict some internal value to be correlated to the observed leakages. In this paper we revisit a blind (i.e. leakage-only) attack from Linge et al. that exploits joint distributions of leakages. We show – both by simulations and concrete experiments on a real device – that the maximum likelihood (ML) approach is more efficient than Linge’s distancebased comparison of distributions, and demonstrate that this method can be easily adapted to deal with implementations protected by first-order Boolean masking. We give example applications of different variants of this approach, and propose countermeasures that could prevent them. Interestingly, we also observe that, when the inputs are known, the ML criterion is more efficient than correlation power analysis. Keywords: Unknown plaintext likelihood

1

·

Joint distributions

·

Maximum

Introduction

Cryptographic implementations of embedded products like smartcards are known to be vulnerable to statistical side-channel analysis such as Differential Power Analysis [12], Correlation Power Analysis [1] or Mutual Information Analysis [7]. These side-channel analyses are divide-and-conquer attacks where the whole key is recovered by chunks of few bits (e.g. one byte) at a time. This is possible because the device produces a measurable leakage like power consumption or electromagnetic emanation which depends at any instant on the internal value manipulated by the processor. When this value only depends on a public information – like the plaintext or the ciphertext – and a small piece of the key, a so-called subkey, it is possible to validate or invalidate an hypothesis about the subkey by correlating the leakage with a prediction of the internal value. While these statistical analyses all require the knowledge of the input or the output to be correlated with, there are some use cases or protocols where this information is either not available or not exploitable. This is the case for the derivation of the session key that is used to compute application cryptograms c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 24–44, 2017. DOI: 10.1007/978-3-319-66787-4 2

Improved Blind Side-Channel Analysis

25

in the EMV payment scheme [4, p. 128] (see also left of Fig. 8). In this case the attacker does not know the output (session key) and the input only varies on its first two bytes, so that he can expect to recover only the two corresponding bytes of the master key. To deal with situations where neither the plaintext nor the ciphertext are available, Linge et al. introduced the concept of joint distribution analysis [16]. In the case of the AES cipher, the idea is to exploit the fact that the joint distribution of the Hamming weight of a byte m and that of y = S(m ⊕ k) depends on k so that this key byte value can be retrieved (at any round) by comparing the distance between the obs

Recommend Documents

Joint Probability Distributions for Two Random Variables

220 54 4MB

Deformed Joint Free Distributions of Semicircular Elements Induced by Multi Orthogonal Projections

127 88 6MB

Elements of Functional Analysis and Distributions

162 97 216KB

Blind Joint Estimation for OFDM Time-Frequency Parameters

172 61 621KB

A Joint Optimization Criterion for Blind DS-CDMA Detection

156 10 835KB

Economic Exploitation of Children

149 61 22MB

Experimental Analysis Between Exploration and Exploitation

157 67 10MB

Approximation of Distributions by Bounded Sets

179 21 322KB

Blind Separation of Nonstationary Sources Based on Spatial Time-Frequency Distributions

138 88 2MB

Exploitation

180 31 22MB

Analysis of Three Dimensional Aerosol Distributions by Means of Digital Holography

117 70 35MB

Generalized joint Procrustes analysis

164 4 243KB