Xinping Zhou

Enhanced Correlation Power Analysis by Biasing Power Traces

Biasing power traces with high Signal to Noise Ratio (SNR) proposed by K. Yongdae et al. can significantly improve the efficiency of the CPA. But it is still a problem to be solved that how to efficiently select power traces with high SNR. Through the analysis of the statistical characteristics of power traces, we propose three methods to better solve this problem in this paper. We bias power traces by using the Minkowski distance (i.e. Euclidean distance or Manhattan distance) between each power trace and mean power trace. Biasing power traces can also be carried out by using probability density function values of power consumption of interesting points, or even directly using power consumption of interesting points. Our schemes can blindly select power traces with high SNR in a high probability. The efficiency of the CPA by using the three of our methods is significantly improved. Thus, our schemes are more effective compared to the one proposed by K. Yongdae et al.

A new efficient interesting points enhanced electromagnetic attack on AT89S52

Electromagnetic attacks are non-invasive attacks and pose serious threats to the security of cryptographic devices. However, its environment is complex and the noise on electromagnetic traces is often large. Thus, traditional differential electromagnetic analysis (DEMA) and correlation electromagnetic analysis (CEMA) require a lot of electromagnetic traces to recover the key used in the cryptographic devices. In order to reduce the number of electromagnetic traces required in our attacks, two high efficiency side channel distinguishers named multiple interesting points combined differential electromagnetic analysis (MIP-DEMA) and multiple interesting points combined correlation electromagnetic analysis (MIP-CEMA) are proposed in this paper. Experimental results on AES algorithm targeting an AT89S52 microcontroller show that, to get success rates of 0.80 and 1.00, only 40% ~ 60% of electromagnetic traces are needed in our MIP-DEMA and MIP-CEMA.

Improved wavelet transform for noise reduction in power analysis attacks

In side channel attacks (SCA), noise has been a hot topic for affecting the quality of obtained observations. In this paper, we propose a kind of improved wavelet transform denoising method based on singular spectral analysis (SSA) and detrended fluctuation analysis (DFA). Principal signal component in SSA can be selected by DFA adaptively, and residual part can be denoised by wavelet transform to retrieve important information. The method of superposition between signal component and denoised residual part improves the denoising efficiency of original wavelet transform. In order to verify the usefulness of the proposed method, we choose the correlation power analysis (CPA) to attack hard implementation of AES by using wavelet transform and the proposed method for preprocessing. Results show that the proposed method improve the success rate whilst decrease the necessary number of power consumption traces significantly. And the proposed method outperforms wavelet transform in noise elimination.

A Novel Use of Kernel Discriminant Analysis as a Higher-Order Side-Channel Distinguisher

Distinguishers play an important role in Side Channel Analysis (SCA), where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. However, the direct relationship between leakages and predictions can be disrupted by the mathematical combining of d random values with each sensitive intermediate value of the cryptographic algorithm (a so-called “d-th order masking scheme”). In the case of software implementations, as long as the masking has been correctly applied, the guessable intermediates will be independent of any one point in the trace, or indeed of any tuple of fewer than \(d+1\) points. However, certain \(d+1\)-tuples of time points may jointly depend on the guessable intermediates. A typical approach to exploiting this data dependency is to pre-process the trace – computing carefully chosen univariate functions of all possible \(d+1\)-tuples – before applying the usual univariate distinguishers. This has a computational complexity which is exponential in the order d of the masking scheme. In this paper, we propose a new distinguisher based on Kernel Discriminant Analysis (KDA) which directly exploits properties of the mask implementation without the need to exhaustively pre-process the traces, thereby distinguishing the correct key with lower complexity. Experimental results for 2nd and 3rd order attacks (i.e. against 1st and 2nd order masking) verify that the KDA is an effective distinguisher in protected settings.

Categorising and Comparing Cluster-Based DPA Distinguishers

Side-channel distinguishers play an important role in differential power analysis, where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. A class of distinguishers which can be described as ‘cluster-based’ have the advantage that they are able to exploit multi-dimensional leakage samples in scenarios where only loose, ‘semi-profiled’ approximations of the true leakage forms are available. This is by contrast with univariate distinguishers exploiting only single points (e.g. correlation), and Template Attacks requiring concise fitted models which can be overly sensitive to mismatch between the profiling and attack acquisitions. This paper collects together—to our knowledge, for the first time—the various different proposals for cluster-based DPA (concretely, Differential Cluster Analysis, First Principal Components Analysis, and Linear Discriminant Analysis), and shows how they fit within the robust ‘semi-profiling’ attack procedure proposed by Whitnall et al. at CHES 2015. We provide discussion of the theoretical similarities and differences of the separately proposed distinguishers as well as an empirical comparison of their performance in a range of (real and simulated) leakage scenarios and with varying parameters. Our findings have application for practitioners constrained to rely on ‘semi-profiled’ models who wish to make informed choices about the best known procedures to exploit such information.

Power Traces Clipping and Splicing Enhanced Correlation Collision Analysis

Correlation enhanced Collision Attacks (CCA) can be able to exploit any first-order leakage without knowing the precise hypothetical power model. However, the correlation between time samples of two S-boxes is relatively weak, which leads to the low efficiency of CCA. Actually, the efficiency of CCA is much lower than that of Correlation Power Analysis (CPA). In this paper, two methods named Invalid Power Traces Clipping based CCA (IPTC-CCA) and Power Traces Splicing based CCA (PTS-CCA) are proposed to improve the efficiency of CCA. IPTC+PTS-CCA, a combination of IPTC-CCA and PTSCCA, which is more efficient than both stand-alone IPTC-CCA and PTS-CCA, is also proposed in this paper. Experiments on the power trace set of Rotating S-boxes Masking (RSM) protected AES-256 algorithm implemented on the Side-channel Attack Standard Evaluation Board (SASEBO) from the website DPA contest v4 show that the 3 schemes proposed in this paper can significantly improve the efficiency of CCA.

Hirschman optimal transform based correlation frequency electromagnetic analysis

Correlation Electromagnetic analysis (CEMA) has been effective in revealing the cryptographic key on cryptosystems. Random delay insertion (RDI) causes misalignments to prevent the action of these attacks in the time domain to avoid information leakage. In this paper, we first use the newly proposed time-frequency transformation Hirschman Optimal Transform (HOT) to transform the signal from the time domain to the frequency domain for analysis. Experimental results show that this method conquers the weakness in the time domain analysis in which the samples have to be aligned accurately. So, our proposed method can be used to break cipher chips with random delay. We find that our method is more efficient than a similar approach based on the DFT.

POSTER: A Novel Wavelet Denoising Method Based on Robust Principal Component Analysis in Side Channel Attacks

In the context of side channel attacks (SCA), multiple preprocessing methods proposed are used to improve the quality of measurements and enhance the attack performance. Different from existing preprocessing methods which accord to the spectral distribution of noise or depend on some objective functions to search optimal linear transform, we treat noise as an ensemble and separate it by discrete wavelet transform and robust principal component analysis (RPCA) blindly. All experiments show that the proposed method has a great impact on the noise reduction of a typical hardware implementation of AES when comparing to some existing methods.

Group Verification Based Multiple-Differential Collision Attack

Bogdanov and Kizhvatov proposed the concept of test of chain, but they didn’t give a practical scheme. Wang et al. proposed fault tolerant chain to enhance test of chain and gave a practical scheme. However, the attack efficiency of Correlation enhanced Collision Attack (CCA) is much lower than that of Correlation Power Analysis (CPA). A combination of CCA and CPA in fault tolerant chain proposed by Wang et al. may be unreasonable. Most importantly, when the threshold \(Thr_{\varDelta }\) introduced in Sect. 2.3 is large, the key recovery becomes very complex. Fault tolerant chain is unapplicable to this situation. In order to solve these problems, we propose a kind of new chain named group verification chain in this paper. We combine our group verification chain with MDCA and propose Group Verification based Multiple-Differential Collision Attack (GV-MDCA). Experiments on power trace set downloaded from the website DPA contest v4 show that our group verification chain significantly improves the efficiency of fault tolerant chain.

Error Tolerance based Single Interesting Point Side Channel CPA Distinguisher

The efficiency can be significantly improved if the attacker uses interesting points to perform Correlation Power Analysis (CPA). The prerequisite for this is that the attacker knows the positions of interesting points. However, it is difficult for the attacker to accurately find the locations of interesting points if he only has a small number of power traces. In this paper, we propose a Frequency based Interesting Points Selection algorithm (FIPS) to select interesting points under the condition that the attacker only has a very small number of power traces. Moreover, an error tolerant Single Interesting Point based CPA (SIP-CPA) is proposed. Experiments on AES algorithm implemented on an AT89S52 single chip and power trace set of DPA contest v1 of DES algorithm implemented on the Side Channel Attack Standard Evaluation Board (SASEBO) show that, our SIP-CPA can significantly improve the efficiency of CPA.