Priyanka Aash, profile picture
Uploaded byPriyanka Aash
PDF, PPTX222 views

Ridge-based Profiled Differential Power Analysis

The document discusses ridge-based profiling in differential power analysis, outlining its theoretical advantages over traditional profiling methods. It describes the phases of profiling and exploitation and provides experimental results that highlight the effectiveness of ridge-based methods for reducing overfitting and improving performance in power analysis. Additionally, practical applications and comparisons with other profiling techniques are included, demonstrating the method's robustness and efficiency.

Embed presentation

Download as PDF, PPTX
SESSION ID:SESSION ID: #RSAC Yu Yu Ridge-based Profiled Differential Power Analysis CRYP-F01 Research Professor Shanghai Jiao Tong University
#RSAC Outline 2 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Outline 3 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC (profiled) Difference power analysis 4 Two phases: profiling Exploitation Leakage of : L(·) is leakage function Power model : xz L( )z xT z M() M( ) L( )x xz z M( )z xT z
#RSAC Outline 5 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Classical profiling 6 The leakage follows Gaussian distribution: For each intermediate variable z: The adversary finds sample mean and the sample covariance . Sample mean is obtained by averaging the power consumptions corresponding to intermediate variable z. To accelerate the profiling: we can assume the sample covariance are identical for all the intermediate variable. z zM( ) (N ), µz z ˆµ z ˆ z ˆ
#RSAC LR-based profiling 7
#RSAC LR-based profiling 8
#RSAC Pro and con of LR-based profiling 9
#RSAC Outline 10 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Exploitation phases 11
#RSAC Outline 12 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Our contributions 13 (to mitigate the overfitting issue) New profiling method based on ridge-regression An optimized parameter find method based on cross-validation Theoretical analysis of the new method’s improvement Simulation based and practical experiments
#RSAC Outline 14 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Construction of ridge-based profiling 15
#RSAC Parameter optimization 16
#RSAC Optimized parameter is related to the noise level 17 simulation-based experiment trace number = 2000
#RSAC Outline 18 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Variance of the coefficients 19
#RSAC Variance of the coefficients 20 Figure: The variances of the coefficients for degrees (of the model) and λ. The left and right figures correspond to the cases for d = 1 and d = 2 respectively.
#RSAC Variance of the coefficients 21 Figure: The variances of the coefficients for degrees (of the model) and λ. The left and right figures correspond to the cases for d = 4 and d = 8 respectively.
#RSAC Outline 22 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC How the coefficients shrink in the ridge-based profiling? 23
#RSAC Outline 24 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Setup 25 Profiling methods: ridge-based profiling LR-based profiling classical profiling Target intermediate variable: output of AES-128’s first S-box of the first round. Univariate leakage. Different degrees and randomized coefficients. Metrics: perceived Information, guessing entropy.
#RSAC A comparison of different profilings for leakage degree 8 26
#RSAC A comparison of different profilings for leakage degree 4 27
#RSAC A comparison of different profilings for leakage degree 1 28
#RSAC A comparison of different profilings for with ‘conservatively’ degree of model 29 The adversary may have no knowledge about the actual degree of the leakage function. He can use the model whose degree is higher than the one of the leakage function. We simulate the traces with leakage functions of degrees 1 and 2 and then conduct the above experiments assuming a model of degree 4 for profiling.
#RSAC Degrees of leakage function and model are 1 and 4 respectively 30
#RSAC Degrees of leakage function and model are 2 and 4 respectively 31
#RSAC Outline 32 Introduction (Profiled) Differential power analysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
#RSAC Practical experiments 33 test board: SAKURA-X oscilloscope: LeCroy waverunner 610Zi
#RSAC First setting 34
#RSAC Second setting (robust profiling) 35
#RSAC Summary 36 Ridge-based profiling can save significant factors in the number of traces they need to build a satisfying leakage model: Better performance for nonlinear leakage functions. Time complexity: equal to the one of LR-based profiling. Robust profiling.
#RSAC 37 THANK YOU Question?
SESSION ID:SESSION ID: #RSAC Si Gao My Traces Learn What You Did in the Dark: Recovering Secret Signals without Key Guesses CRYP-F01 PhD Student Trusted Computing and Information Assurance Laboratory Institute of Software, Chinese Academy of Sciences
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC Introduction Side Channel Analysis (SCA) Exploit the computation leakages — Leakages depend on the intermediate state
#RSAC Introduction Traditional SCA flow (Non-profiled) Guess-and-determine — Step 1: take a key guess Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
#RSAC Introduction Traditional SCA flow (Non-profiled) Guess-and-determine — Step 2: Compute the intermediate states from T plaintexts and the key guess  Eg. The output of an AES Sbox, x=S(p⊕kg) Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
#RSAC Introduction Traditional SCA flow (Non-profiled) Guess-and-determine — Step 3: Compute the expected leakages of the key guess  Eg. The Hamming Weight model, where M(x)=HW(x) Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
#RSAC Introduction Traditional SCA flow (Non-profiled) Guess-and-determine — Step 4: Finding out the most likely key guess  Eg. In CPA, rank key guesses with Pearson's correlation coefficient Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
#RSAC Introduction Traditional SCA flow (Non-profiled) Question: did Eve actually recover the intermediate states x? — Only found the most likely one from a predetermined list Not a problem for SCA — Focus on key recovery (Kerckhoffs's principle) Pros — The predetermined list (signal list) << whole signal space — SCA works when SNR<<1 — Efficient key-recovery
#RSAC Introduction Traditional SCA flow (Non-profiled) Cons — The key guess space should be small — Known plaintext/ciphertext, known encryption algorithms Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
#RSAC Introduction Traditional SCA flow (Non-profiled) Limitations: only works for the first/last few rounds — The related key guess space is too large for SCA  Eg. In AES, the first/last two rounds are protected Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . . Too large
#RSAC Introduction Traditional SCA flow (Non-profiled) Limitations: Side Channel Analysis for Reverse Engineering — Cannot compute the intermediate states Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . . Unknown
#RSAC Introduction A New Model (Non-profiled) Directly exploit the leakages, without the pre-determined list A much harder problem — Signal List<<Signal Space — A preliminary attempt in this direction Eve Actual Leakage Most likely key guess k  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M     * * * 1 ,..., Tx x x
#RSAC Introduction Notes on profiled attacks Much stronger pre-conditions — The Attacker gets an identical encryption device  Build templates  Perform template matching — Works even if T=1 (in theory) — Reverse the intermediate states without key guesses Not always appropriate — Power Variability Issues [Renauld, M., et al EUROCRYPT 2011] We only focus on non-profiled attacks in this paper Eve Actual Leakage Most likely key guess k  (1),..., ( )l l Tl Intermediate States Templates Tp     * * * 1 ,..., Tx x x
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC Preliminaries Blind Source Separation (BSS) n people were talking simultaneously m microphones placed in different positions all records can be regarded as linear mixtures of the original conversations source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS
#RSAC Preliminaries Blind Source Separation (BSS) unknown sources:n conversations unknown mix matrix:the mix features of m microphones source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS
#RSAC Preliminaries Independent Component Analysis (ICA) Blind sources S=(s1,s2,…,sn) Linear mix matrix A m observations Y=(y1,y2,…,ym) Y=A*S+N (N represents the noise ) source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS Goal: recover S from Y
#RSAC Preliminaries Independent Component Analysis (ICA) ICA assumptions — Independence: the sources are independent of each other — Non-gaussian: the distribution of the blind sources are not gaussian — n ≤ m ICA algorithms — Many popular algorithms — Not “that” different, use FastICA in this paper
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC ICA-based signal recovery ICA versus SCA: Similarities n bits intermediate state X Assume the leakage s.t. the weighted Hamming Weight Model
#RSAC ICA-based signal recovery ICA versus SCA: Differences Number of observations: m v.s. 1 Level of Noise: low v.s. high 0 1 1( ) n nL x x x     
#RSAC ICA-based signal recovery Constructing multi-channel observations XOR constant — If a binary source s is XORed with a constant k, the resultant source s′ is — XOR 1 equals to flip the signal sign — Move the sign to the leakage function — Different leakage functions→ Multi-channel observations 0 ' 1 1 k k      s s s
#RSAC ICA-based signal recovery Constructing multi-channel observations XOR constant Whitening Transformation  0,1s  * 1,1 s 2 0 1     Whitening Transformation  ' 1 1,0  s s  * ' 1, 1 s ( 1)  ICA ambiguity Leakage Function L Leakage Function L Real source Equivalent source
#RSAC ICA-based signal recovery Noise tolerance Noise affects the performance of ICA — ICA usually works in cases where SNR>>1 — For application in SCA, we need more robust algorithm Ignored feature in ICA — the distribution of the sources is given: binary signals — the priori distribution can make ICA more robust to noise — EM-ICA: specialized for discrete sources with random noise, using Expectation- Maximization algorithm [Belouchrouni, Cardoso 1994]
#RSAC ICA-based signal recovery Specialized ICA for SCA A specialized ICA based on EM-ICA
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC Applications in SCA Experimental Setting Target Implementation — Unprotected software implementation of DES — 8 bit microprocessor (IC card) Measurement — LeCroy WaveRunner 610Zi oscilloscope — Sampling at 20 MSa/s, 80 000 sample points per trace (first 3 rounds) — 20 000 traces Extra property — Perform P bit-by-bit — Bit-wise leakage Natural multi-channel observations
#RSAC Applications in SCA New SCA distinguisher Attack one of the Sbox in the first round — Recover the intermediate states from ICA — Compute the Sbox outputs with key guess — Find the correct key through comparing the distance between and k X k rX k XrX L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX k X
#RSAC Applications in SCA New SCA distinguisher Attack one of the Sbox in the first round — Key rank: CPA (HW) v.s. ICA
#RSAC Applications in SCA Extending SCA to the Middle Rounds Recovering the 8 Sboxes’ outputs in the second round — 4-bit outputs, n=4 — The success rate of an ICA recovery L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX Correct signal
#RSAC Applications in SCA Extending SCA to the Middle Rounds Recovering the 8 Sboxes’ outputs in the second round — 80% success rate is usually more than enough for round-reduced key-recovery
#RSAC Applications in SCA Reverse Engineering on Sbox A customized DES with secret Sboxes — Attacker controls the plaintext — Attacker knows IP and E — The secret key is embedded in the secret Sbox — Traditional non-profiled SCA does not work (secret Sbox) — Attacker can choose several leakage points '( ) ( )S x S x k  L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
#RSAC Applications in SCA Reverse Engineering on Sbox A customized DES with secret Sboxes — Leakage point selection:  Manually pick  Linear Discriminant Analysis (LDA) — Linear Discriminant Analysis  Do not need precise points, only an approximate range  Better recovery with larger trace sets  not suitable when the number of traces is smaller than the range of interest
#RSAC Applications in SCA Reverse Engineering on Sbox A customized DES with secret Sboxes
#RSAC Applications in SCA Reverse Engineering on Feistel Round Function A customized Feistel cipher (both S and P are altered) — Attacker controls the plaintext — Attacker knows IP and E — The first Sbox’s input in the second round The 6 least significant bits of E First round function Initial state after IP L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
#RSAC Applications in SCA Reverse Engineering on Feistel Round Function A customized Feistel cipher (both S and P are altered) — Build observations with our XOR constant method  Choose L0 so that E0(L0)={0x01,0x02,0x04,0x08,0x10,0x20}  Randomly picked a T-length signal R0  Measure the leakages for each (E0,R0)  Repeat 10 times, randomly pick other bits in L0 XOR constant secret signal L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
#RSAC Applications in SCA Reverse Engineering on Feistel Round Function A customized Feistel cipher (both S and P are altered)
#RSAC Outline Applications in SCA ICA-based signal recovery Preliminaries Introduction Summary
#RSAC Summary SCA ≠ guess-and-determine Directly recover the secret intermediate states without any key guess — Proposed an ICA-based SCA  Construct multi-channel observations with XOR constant  Utilize the priori distribution with EM-ICA — New possibilities in non-profiled SCA  Attacking the middle round’s encryption  Reverse engineering with fewer restrictions A promising tool in the future? — Needs more research effort
#RSAC Thanks for your attention!

More Related Content

PDF
Ast2Cfg - A Framework for CFG-Based Analysis and Visualisation of Ada Programs
byGneuromante canalada.org
 
PPT
Syntactic Salt and Sugar Presentation
bygrepalex
 
PDF
Aspect Mining for Large Systems
byThomas Zimmermann
 
PDF
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
byICSM 2011
 
PPTX
GCC
byKir Chou
 
PDF
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
byLaboratory of Dependable Systems(I), GIEE, NTU
 
PDF
Pragmatic Optimization in Modern Programming - Ordering Optimization Approaches
byMarina Kolpakova
 
PDF
2006 Small Scheme
bybergel
 
Ast2Cfg - A Framework for CFG-Based Analysis and Visualisation of Ada Programs
byGneuromante canalada.org
 
Syntactic Salt and Sugar Presentation
bygrepalex
 
Aspect Mining for Large Systems
byThomas Zimmermann
 
Dynamic Analysis - SCOTCH: Improving Test-to-Code Traceability using Slicing ...
byICSM 2011
 
GCC
byKir Chou
 
Paper-review: A Parallel Test Pattern Generation Algorithm to Meet Multiple Q...
byLaboratory of Dependable Systems(I), GIEE, NTU
 
Pragmatic Optimization in Modern Programming - Ordering Optimization Approaches
byMarina Kolpakova
 
2006 Small Scheme
bybergel
 

What's hot

PPT
Macro
byGoogle
 
PDF
Pragmatic Optimization in Modern Programming - Mastering Compiler Optimizations
byMarina Kolpakova
 
PPTX
Java gets a closure
byTomasz Kowalczewski
 
PDF
Code GPU with CUDA - SIMT
byMarina Kolpakova
 
PPTX
Session1
byomarAbdelrhman2
 
PDF
Trace-Checking CPS Properties: Bridging the Cyber-Physical Gap
byLionel Briand
 
PDF
ECAD lab manual
byDr. Swaminathan Kathirvel
 
PDF
PHP Forum Paris 2012: Magic behind the numbers. Software metrics in practice
bySebastian Marek
 
PDF
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
byMathias Magdowski
 
PDF
A race of two compilers: GraalVM JIT versus HotSpot JIT C2. Which one offers ...
byJ On The Beach
 
DOC
VLSI Experiments I
byGouthaman V
 
PDF
Sep logic slide
byrainoftime
 
PDF
(chapter 3) A Concise and Practical Introduction to Programming Algorithms in...
byFrank Nielsen
 
PDF
Detecting Occurrences of Refactoring with Heuristic Search
byInstitute of Science Tokyo
 
PDF
Uncovering Performance Problems in Java Applications with Reference Propagati...
byDacong (Tony) Yan
 
PDF
Arvindsujeeth scaladays12
bySkills Matter Talks
 
Macro
byGoogle
 
Pragmatic Optimization in Modern Programming - Mastering Compiler Optimizations
byMarina Kolpakova
 
Java gets a closure
byTomasz Kowalczewski
 
Code GPU with CUDA - SIMT
byMarina Kolpakova
 
Session1
byomarAbdelrhman2
 
Trace-Checking CPS Properties: Bridging the Cyber-Physical Gap
byLionel Briand
 
ECAD lab manual
byDr. Swaminathan Kathirvel
 
PHP Forum Paris 2012: Magic behind the numbers. Software metrics in practice
bySebastian Marek
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
byMathias Magdowski
 
A race of two compilers: GraalVM JIT versus HotSpot JIT C2. Which one offers ...
byJ On The Beach
 
VLSI Experiments I
byGouthaman V
 
Sep logic slide
byrainoftime
 
(chapter 3) A Concise and Practical Introduction to Programming Algorithms in...
byFrank Nielsen
 
Detecting Occurrences of Refactoring with Heuristic Search
byInstitute of Science Tokyo
 
Uncovering Performance Problems in Java Applications with Reference Propagati...
byDacong (Tony) Yan
 
Arvindsujeeth scaladays12
bySkills Matter Talks
 

Similar to Ridge-based Profiled Differential Power Analysis

PDF
Models and approaches for Differential Power Analysis
byAndrej Šimko
 
PPTX
Side Channel Analysis: Practice and a Bit of Theory
byPositive Hack Days
 
PPTX
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
byRootedCON
 
PDF
Autonomous Hacking: The New Frontiers of Attack and Defense
byPriyanka Aash
 
PPTX
1300 david oswald id and ip theft with side-channel attacks
byPositive Hack Days
 
PDF
Power Analysis Attacks
byLee Stewart
 
PPTX
Power Analysis Attacks
byLee Stewart
 
PPT
SCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.ppt...
bySiddharthKumar18048
 
PPT
Side-Channel Attacks in Memory: A threat
bybansidhar11
 
PDF
Introduction to differential power analysis - Rambus
byRambus
 
PDF
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
PDF
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
PDF
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
PDF
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
PDF
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
PDF
Timing issues on power side-channel leakage of advanced encryption standard c...
byInternational Journal of Reconfigurable and Embedded Systems
 
PDF
Fake gyarmathyvarasdi
byEva Gyarmathy
 
PDF
Why are we still vulnerable to Side Channel Attacks?
byRiscure
 
PDF
slides_korkikian
byRoman Korkikian
 
PDF
CheapSCAte: Attacking IoT with less than $60
byRiscure
 
Models and approaches for Differential Power Analysis
byAndrej Šimko
 
Side Channel Analysis: Practice and a Bit of Theory
byPositive Hack Days
 
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
byRootedCON
 
Autonomous Hacking: The New Frontiers of Attack and Defense
byPriyanka Aash
 
1300 david oswald id and ip theft with side-channel attacks
byPositive Hack Days
 
Power Analysis Attacks
byLee Stewart
 
Power Analysis Attacks
byLee Stewart
 
SCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.pptSCA.ppt...
bySiddharthKumar18048
 
Side-Channel Attacks in Memory: A threat
bybansidhar11
 
Introduction to differential power analysis - Rambus
byRambus
 
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
Embedded Systems Security: Building a More Secure Device
byPriyanka Aash
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWARE
byVLSICS Design
 
Timing issues on power side-channel leakage of advanced encryption standard c...
byInternational Journal of Reconfigurable and Embedded Systems
 
Fake gyarmathyvarasdi
byEva Gyarmathy
 
Why are we still vulnerable to Side Channel Attacks?
byRiscure
 
slides_korkikian
byRoman Korkikian
 
CheapSCAte: Attacking IoT with less than $60
byRiscure
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 

Recently uploaded

PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Workflow and decision Automation with Flowable
bychakib ch
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 

Ridge-based Profiled Differential Power Analysis

  • 1.
    SESSION ID:SESSION ID: #RSAC YuYu Ridge-based Profiled Differential Power Analysis CRYP-F01 Research Professor Shanghai Jiao Tong University
  • 2.
    #RSAC Outline 2 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 3.
    #RSAC Outline 3 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 4.
    #RSAC (profiled) Difference poweranalysis 4 Two phases: profiling Exploitation Leakage of : L(·) is leakage function Power model : xz L( )z xT z M() M( ) L( )x xz z M( )z xT z
  • 5.
    #RSAC Outline 5 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 6.
    #RSAC Classical profiling 6 The leakagefollows Gaussian distribution: For each intermediate variable z: The adversary finds sample mean and the sample covariance . Sample mean is obtained by averaging the power consumptions corresponding to intermediate variable z. To accelerate the profiling: we can assume the sample covariance are identical for all the intermediate variable. z zM( ) (N ), µz z ˆµ z ˆ z ˆ
  • 7.
  • 8.
  • 9.
    #RSAC Pro and conof LR-based profiling 9
  • 10.
    #RSAC Outline 10 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 11.
  • 12.
    #RSAC Outline 12 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 13.
    #RSAC Our contributions 13 (to mitigatethe overfitting issue) New profiling method based on ridge-regression An optimized parameter find method based on cross-validation Theoretical analysis of the new method’s improvement Simulation based and practical experiments
  • 14.
    #RSAC Outline 14 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 15.
  • 16.
  • 17.
    #RSAC Optimized parameter isrelated to the noise level 17 simulation-based experiment trace number = 2000
  • 18.
    #RSAC Outline 18 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 19.
    #RSAC Variance of thecoefficients 19
  • 20.
    #RSAC Variance of thecoefficients 20 Figure: The variances of the coefficients for degrees (of the model) and λ. The left and right figures correspond to the cases for d = 1 and d = 2 respectively.
  • 21.
    #RSAC Variance of thecoefficients 21 Figure: The variances of the coefficients for degrees (of the model) and λ. The left and right figures correspond to the cases for d = 4 and d = 8 respectively.
  • 22.
    #RSAC Outline 22 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 23.
    #RSAC How the coefficientsshrink in the ridge-based profiling? 23
  • 24.
    #RSAC Outline 24 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 25.
    #RSAC Setup 25 Profiling methods: ridge-based profiling LR-basedprofiling classical profiling Target intermediate variable: output of AES-128’s first S-box of the first round. Univariate leakage. Different degrees and randomized coefficients. Metrics: perceived Information, guessing entropy.
  • 26.
    #RSAC A comparison ofdifferent profilings for leakage degree 8 26
  • 27.
    #RSAC A comparison ofdifferent profilings for leakage degree 4 27
  • 28.
    #RSAC A comparison ofdifferent profilings for leakage degree 1 28
  • 29.
    #RSAC A comparison ofdifferent profilings for with ‘conservatively’ degree of model 29 The adversary may have no knowledge about the actual degree of the leakage function. He can use the model whose degree is higher than the one of the leakage function. We simulate the traces with leakage functions of degrees 1 and 2 and then conduct the above experiments assuming a model of degree 4 for profiling.
  • 30.
    #RSAC Degrees of leakagefunction and model are 1 and 4 respectively 30
  • 31.
    #RSAC Degrees of leakagefunction and model are 2 and 4 respectively 31
  • 32.
    #RSAC Outline 32 Introduction (Profiled) Differential poweranalysis Profiling phase Exploitation phase Our contributions Ridge-based profiling Theoretical analysis Why and how is ridge-based profiling better? How the coefficients shrink in the ridge-based profiling? Experimental Results Simulation-based experiments Experiments on real FPGA implementation
  • 33.
  • 34.
  • 35.
  • 36.
    #RSAC Summary 36 Ridge-based profiling cansave significant factors in the number of traces they need to build a satisfying leakage model: Better performance for nonlinear leakage functions. Time complexity: equal to the one of LR-based profiling. Robust profiling.
  • 37.
  • 38.
    SESSION ID:SESSION ID: #RSAC SiGao My Traces Learn What You Did in the Dark: Recovering Secret Signals without Key Guesses CRYP-F01 PhD Student Trusted Computing and Information Assurance Laboratory Institute of Software, Chinese Academy of Sciences
  • 39.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 40.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 41.
    #RSAC Introduction Side Channel Analysis(SCA) Exploit the computation leakages — Leakages depend on the intermediate state
  • 42.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Guess-and-determine — Step 1: take a key guess Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
  • 43.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Guess-and-determine — Step 2: Compute the intermediate states from T plaintexts and the key guess  Eg. The output of an AES Sbox, x=S(p⊕kg) Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
  • 44.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Guess-and-determine — Step 3: Compute the expected leakages of the key guess  Eg. The Hamming Weight model, where M(x)=HW(x) Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
  • 45.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Guess-and-determine — Step 4: Finding out the most likely key guess  Eg. In CPA, rank key guesses with Pearson's correlation coefficient Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
  • 46.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Question: did Eve actually recover the intermediate states x? — Only found the most likely one from a predetermined list Not a problem for SCA — Focus on key recovery (Kerckhoffs's principle) Pros — The predetermined list (signal list) << whole signal space — SCA works when SNR<<1 — Efficient key-recovery
  • 47.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Cons — The key guess space should be small — Known plaintext/ciphertext, known encryption algorithms Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . .
  • 48.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Limitations: only works for the first/last few rounds — The related key guess space is too large for SCA  Eg. In AES, the first/last two rounds are protected Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . . Too large
  • 49.
    #RSAC Introduction Traditional SCA flow(Non-profiled) Limitations: Side Channel Analysis for Reverse Engineering — Cannot compute the intermediate states Eve Encryption Algorithm Plaintext k1 k2 k3 . . . kr Key Guess List Signal List . . . . Actual Leakage Most likely key guess k  1 1 1 (1),..., ( )k k kx x Tx  2 2 2 (1),..., ( )k k kx x Tx  (1),..., ( )r r rk k kx x Tx  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M Expected Leakages    1 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    2 1 1 = ( (1)),..., ( ( ))k k kM M M Tx x x    = ( (1)),..., ( ( ))r r rk k kM M M Tx x x . . . . Unknown
  • 50.
    #RSAC Introduction A New Model(Non-profiled) Directly exploit the leakages, without the pre-determined list A much harder problem — Signal List<<Signal Space — A preliminary attempt in this direction Eve Actual Leakage Most likely key guess k  (1),..., ( )l l Tl Intermediate States (Assumed) Leakage Model M     * * * 1 ,..., Tx x x
  • 51.
    #RSAC Introduction Notes on profiledattacks Much stronger pre-conditions — The Attacker gets an identical encryption device  Build templates  Perform template matching — Works even if T=1 (in theory) — Reverse the intermediate states without key guesses Not always appropriate — Power Variability Issues [Renauld, M., et al EUROCRYPT 2011] We only focus on non-profiled attacks in this paper Eve Actual Leakage Most likely key guess k  (1),..., ( )l l Tl Intermediate States Templates Tp     * * * 1 ,..., Tx x x
  • 52.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 53.
    #RSAC Preliminaries Blind Source Separation(BSS) n people were talking simultaneously m microphones placed in different positions all records can be regarded as linear mixtures of the original conversations source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS
  • 54.
    #RSAC Preliminaries Blind Source Separation(BSS) unknown sources:n conversations unknown mix matrix:the mix features of m microphones source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS
  • 55.
    #RSAC Preliminaries Independent Component Analysis(ICA) Blind sources S=(s1,s2,…,sn) Linear mix matrix A m observations Y=(y1,y2,…,ym) Y=A*S+N (N represents the noise ) source from http://http://slsp.kaist.ac.kr/xe/?mid=BSS Goal: recover S from Y
  • 56.
    #RSAC Preliminaries Independent Component Analysis(ICA) ICA assumptions — Independence: the sources are independent of each other — Non-gaussian: the distribution of the blind sources are not gaussian — n ≤ m ICA algorithms — Many popular algorithms — Not “that” different, use FastICA in this paper
  • 57.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 58.
    #RSAC ICA-based signal recovery ICAversus SCA: Similarities n bits intermediate state X Assume the leakage s.t. the weighted Hamming Weight Model
  • 59.
    #RSAC ICA-based signal recovery ICAversus SCA: Differences Number of observations: m v.s. 1 Level of Noise: low v.s. high 0 1 1( ) n nL x x x     
  • 60.
    #RSAC ICA-based signal recovery Constructingmulti-channel observations XOR constant — If a binary source s is XORed with a constant k, the resultant source s′ is — XOR 1 equals to flip the signal sign — Move the sign to the leakage function — Different leakage functions→ Multi-channel observations 0 ' 1 1 k k      s s s
  • 61.
    #RSAC ICA-based signal recovery Constructingmulti-channel observations XOR constant Whitening Transformation  0,1s  * 1,1 s 2 0 1     Whitening Transformation  ' 1 1,0  s s  * ' 1, 1 s ( 1)  ICA ambiguity Leakage Function L Leakage Function L Real source Equivalent source
  • 62.
    #RSAC ICA-based signal recovery Noisetolerance Noise affects the performance of ICA — ICA usually works in cases where SNR>>1 — For application in SCA, we need more robust algorithm Ignored feature in ICA — the distribution of the sources is given: binary signals — the priori distribution can make ICA more robust to noise — EM-ICA: specialized for discrete sources with random noise, using Expectation- Maximization algorithm [Belouchrouni, Cardoso 1994]
  • 63.
    #RSAC ICA-based signal recovery SpecializedICA for SCA A specialized ICA based on EM-ICA
  • 64.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 65.
    #RSAC Applications in SCA ExperimentalSetting Target Implementation — Unprotected software implementation of DES — 8 bit microprocessor (IC card) Measurement — LeCroy WaveRunner 610Zi oscilloscope — Sampling at 20 MSa/s, 80 000 sample points per trace (first 3 rounds) — 20 000 traces Extra property — Perform P bit-by-bit — Bit-wise leakage Natural multi-channel observations
  • 66.
    #RSAC Applications in SCA NewSCA distinguisher Attack one of the Sbox in the first round — Recover the intermediate states from ICA — Compute the Sbox outputs with key guess — Find the correct key through comparing the distance between and k X k rX k XrX L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX k X
  • 67.
    #RSAC Applications in SCA NewSCA distinguisher Attack one of the Sbox in the first round — Key rank: CPA (HW) v.s. ICA
  • 68.
    #RSAC Applications in SCA ExtendingSCA to the Middle Rounds Recovering the 8 Sboxes’ outputs in the second round — 4-bit outputs, n=4 — The success rate of an ICA recovery L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX Correct signal
  • 69.
    #RSAC Applications in SCA ExtendingSCA to the Middle Rounds Recovering the 8 Sboxes’ outputs in the second round — 80% success rate is usually more than enough for round-reduced key-recovery
  • 70.
    #RSAC Applications in SCA ReverseEngineering on Sbox A customized DES with secret Sboxes — Attacker controls the plaintext — Attacker knows IP and E — The secret key is embedded in the secret Sbox — Traditional non-profiled SCA does not work (secret Sbox) — Attacker can choose several leakage points '( ) ( )S x S x k  L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
  • 71.
    #RSAC Applications in SCA ReverseEngineering on Sbox A customized DES with secret Sboxes — Leakage point selection:  Manually pick  Linear Discriminant Analysis (LDA) — Linear Discriminant Analysis  Do not need precise points, only an approximate range  Better recovery with larger trace sets  not suitable when the number of traces is smaller than the range of interest
  • 72.
    #RSAC Applications in SCA ReverseEngineering on Sbox A customized DES with secret Sboxes
  • 73.
    #RSAC Applications in SCA ReverseEngineering on Feistel Round Function A customized Feistel cipher (both S and P are altered) — Attacker controls the plaintext — Attacker knows IP and E — The first Sbox’s input in the second round The 6 least significant bits of E First round function Initial state after IP L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
  • 74.
    #RSAC Applications in SCA ReverseEngineering on Feistel Round Function A customized Feistel cipher (both S and P are altered) — Build observations with our XOR constant method  Choose L0 so that E0(L0)={0x01,0x02,0x04,0x08,0x10,0x20}  Randomly picked a T-length signal R0  Measure the leakages for each (E0,R0)  Repeat 10 times, randomly pick other bits in L0 XOR constant secret signal L0 R0 IP E SP  L1 R1 E SP  K1 K2 …… rX
  • 75.
    #RSAC Applications in SCA ReverseEngineering on Feistel Round Function A customized Feistel cipher (both S and P are altered)
  • 76.
    #RSAC Outline Applications in SCA ICA-basedsignal recovery Preliminaries Introduction Summary
  • 77.
    #RSAC Summary SCA ≠ guess-and-determine Directlyrecover the secret intermediate states without any key guess — Proposed an ICA-based SCA  Construct multi-channel observations with XOR constant  Utilize the priori distribution with EM-ICA — New possibilities in non-profiled SCA  Attacking the middle round’s encryption  Reverse engineering with fewer restrictions A promising tool in the future? — Needs more research effort
  • 78.