Guangjun Fan

How to Choose Interesting Points for Template Attacks More Effectively

Template attacks are widely accepted to be the most powerful side-channel attacks from an information theoretic point of view. For template attacks, many papers suggested a guideline for choosing interesting points which is still not proven. The guideline is that one should only choose one point as the interesting point per clock cycle. Up to now, many different methods of choosing interesting points were introduced. However, it is still unclear that which approach will lead to the best classification performance for template attacks. In this paper, we comprehensively evaluate and compare the classification performance of template attacks when using different methods of choosing interesting points. Evaluation results show that the classification performance of template attacks has obvious difference when different methods of choosing interesting points are used. The CPA based method and the SOST based method will lead to the best classification performance. Moreover, we find that some methods of choosing interesting points provide the same results in the same circumstance. Finally, we verify the guideline for choosing interesting points for template attacks is correct by presenting a new way of conducting template attacks.

Towards optimal leakage exploitation rate in template attacks

Under the assumption that one has a reference device identical or similar to the target device, and thus be well capable of characterizing power leakages of the target device, template attacks are widely accepted to be the most powerful side-channel attacks. However, the question of whether template attacks are really optimal in terms of the leakage exploitation rate is still unclear. In this paper, we present a negative answer to this crucial question by introducing a normalization process into classical template attacks. Specifically, our contributions are two-fold. On the theoretical side, we prove that normalized template attacks are better in terms of the leakage exploitation rate than classical template attacks; on the practical side, we evaluate the key-recovery efficiency of normalized template attacks, classical template attacks, and PCA-based template attacks. Evaluation results show that, compared with both classical template attacks and PCA-based template attacks, normalized template attacks are more effective. We note that, the normalization process does not depend on any special conditions and the computational price of the normalization process is of extremely low, and thus, it is very easy-to-implement in practice. Therefore, the normalization process should be integrated into classical template attacks as a necessary step, so that one can better understand practical threats of this kind of side-channel attacks. Copyright

Template Attacks Based on Priori Knowledge

Template attacks are widely accepted as the strongest side-channel attacks from the information theoretic point of view, and they can be used as a very powerful tool to evaluate the physical security of cryptographic devices. Template attacks consist of two stages, the profiling stage and the extraction stage. In the profiling stage, the attacker is assumed to have a large number of power traces measured from the reference device, using which he can accurately characterize signals and noises in different points. However, in practice, the number of profiling power traces may not be sufficient. In this case, signals and noises are not accurately characterized, and the key-recovery efficiency of template attacks is significantly influenced. We show that, the attacker can still make template attacks powerfully enough in practice as long as the priori knowledge about the reference device be obtained. We note that, the priori knowledge is just a prior distribution of the signal component of the instantaneous power consumption, which the attacker can easily obtain from his previous experience of conducting template attacks, from Internet and many other possible ways. Evaluation results show that, the priori knowledge, even if not accurate, can still help increase the power of template attacks, which poses a serious threat to the physical security of cryptographic devices.