Yongbin Zhou

Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers

Generic side-channel distinguishers aim at revealing the correct key embedded in cryptographic modules even when few assumptions can be made about their physical leakages. In this context, Kolmogorov-Smirnov Analysis (KSA) and Partial Kolmogorov-Smirnov analysis (PKS) were proposed respectively. Although both KSA and PKS are based on Kolmogorov-Smirnov (KS) test, they really differ a lot from each other in terms of construction strategies. Inspired by this, we construct nine new variants by combining their strategies in a systematic way. Furthermore, we explore the effectiveness and efficiency of all these twelve KS test based distinguishers under various simulated scenarios in a univariate setting within a unified comparison framework, and also investigate how these distinguishers behave in practical scenarios. For these purposes, we perform a series of attacks against both simulated traces and real traces. Success Rate (SR) is used to measure the efficiency of key recovery attacks in our evaluation. Our experimental results not only show how to choose the most suitable KS test based distinguisher in a particular scenario, but also clarify the practical meaning of all these KS test based distinguishers in practice.

Back propagation neural network based leakage characterization for practical security analysis of cryptographic implementations

Side-channel attacks have posed serious threats to the physical security of cryptographic implementations. However, the effectiveness of these attacks strongly depends on the accuracy of underlying side-channel leakage characterization. Known leakage characterization models do not always apply into the real scenarios as they are working on some unrealistic assumptions about the leaking devices. In light of this, we propose a back propagation neural network based power leakage characterization attack for cryptographic devices. This attack makes full use of the intrinsic advantage of neural network in profiling non-linear mapping relationship as one basic machine learning tool, transforms the task of leakage profiling into a neural-network-supervised study process. In addition, two new attacks using this model have also been proposed, namely BP-CPA and BP-MIA. In order to justify the validity and accuracy of proposed attacks, we perform a series of experiments and carry out a detailed comparative study of them in multiple scenarios, with twelve typical attacks using mainstream power leakage characterization attacks, the results of which are measured by quantitative metrics such as SR, GE and DL. It has been turned out that BP neural network based power leakage characterization attack can largely improve the effectiveness of the attacks, regardless of the impact of noise and the limited number of power traces. Taking CPA only as one example, BP-CPA is 16.5% better than existing non-linear leakage characterized based attacks with respect to DL, and is 154% better than original CPA.

How to characterize side-channel leakages more accurately?

The effectiveness of side-channel attacks strongly depends on to what extent the underlying leakage model characterizes the physical leakages of cryptographic implementations and on how largely the subsequent distinguisher exploits these leakages. Motivated by this, we propose a compact yet efficient approach to more accurately characterizing side-channel leakages. It is called BitwiseWeighted Characterization (BWC) approach. We use power analysis attacks as illustrative examples and construct two new BWC-based side-channel distinguishers, namely BWC-DPA and BWC-CPA. We present a comparative study of several distinguishers applied to both simulated power traces and real power measurements from an AES microcontroller prototype implementation to demonstrate the validity and the effectiveness of the proposed methods. For example, the number of traces required to perform successful BWC-CPA (resp. BWC-DPA) is only 66% (resp. 49%) of that of CPA (resp. DPA). Our results firmly validate the power and the accuracy of the proposed side-channel leakages characterization approach.

Differential Fault Analysis on Midori

Midori is an energy-efficient lightweight block cipher published by Banik et al. in ASIACRYPT 2015, which consists of two variants with block sizes of 64-bit and 128-bit, respectively. In this paper, a new method is proposed to exploit cell-oriented fault propagation patterns in recognizing appropriate faulty ciphertexts and fault positions, which poses a serious threat to practical security of Midori. In light of this, we present a Differential Fault Attack against the Midori using cell-oriented fault model. Specifically, by inducing two random cell faults into the input of the antepenultimate round, our attack reduces the secret key search space from \(2^{128}\) to \(2^{32}\) for Midori-128 and from \(2^{128}\) to \(2^{80}\) for Midori-64, respectively. Our experiments confirmed that two faulty ciphertexts induced into the input of antepenultimate round could recover twelve in sixteen cells of subkey with over 80% probability.

Securing Lightweight Block Cipher against Power Analysis Attacks

Side-channel attacks are cryptanalytic methods against cryptographic implementations. Such implementations running on resource constrained devices are particularly vulnerable to these attacks. In this context, every legal user has a full control over these devices and thus be capable of tampering with them at his own will. The hostile environments within which lightweight block cipher implementations are working determine that their physical security are seriously threatened by side-channel attacks, especially power analysis attacks. In this paper, we investigate the vulnerabilities of lightweight block cipher implementations on resource constrained devices against power analysis attacks, and then propose an algorithmic countermeasure called Bitwisely Balanced enCoding (BBC). Taking LBlock and PRESENT as two cases of study, we perform simulation experiments, and the results show that BBC countermeasure can obtain high security with reasonable cost.

On the exact relationship between the Mutual Information Metric and the Success Rate Metric

Abstract In real scenarios, in order to evaluate the physical leakage amount of a crypto device and the key recovery efficiency of a side channel attack, two metrics were proposed. On one hand, the mutual information (MI) metric was proposed to quantify the physical leakage amount of a crypto device. On the other hand, the success rate (SR) metric was proposed to quantify the key recovery efficiency of a side channel attack. Although it is usually assumed that the physical leakage amount of a crypto device influences the key recovery efficiency of an attack a lot, the exact relationship between the MI metric and the SR metric is not clear, and one does not have a quantitative knowledge about the influence of the physical leakage amount of a crypto device on the key recovery efficiency of an attack. In light of this, we analyze and give the exact relationship between the MI metric and the SR metric. Additionally, we do empirical evaluations to verify the soundness of the theoretical analysis. The merit of this work is that one can use the MI metric to understand both the physical leakage amount of a crypto device and the key recovery efficiency of a side channel attack, which can accordingly decrease the evaluation complexity and shorten the evaluation period.

Public-key encryption with keyword search secure against continual memory attacks

Continual memory attacks, inspired by recent realistic physical attacks, have broken many cryptographic schemes that were considered secure in traditional cryptography model. In this paper, we consider the continual memory leakage resilience in public-key encryption with keyword search scheme (PEKS). We give the definition of continual memory leakage resilience security for PEKS, which allows continual secret key leakage in the trapdoor generation algorithm rather than leakage of trapdoor itself. We believe that the definition is more suitable for practical PEKS scenario. To construct a concrete PEKS scheme secure against continual memory attacks, we firstly obtain a continual master-key leakage-resilient anonymous identity-based encryption (IBE) scheme by applying the generic tool provided by Lewko et al. to a fully secure anonymous IBE scheme that comes from the fully secure anonymous hierarchical identity-based encryption (HIBE) scheme of De Caro and colleagues. Then, we transform our continual master-key leakage-resilient anonymous IBE scheme to a PEKS scheme using the generic Anonymous IBE-to-PEKS transformation and prove its continual leakage-resilient security. Copyright

Mahalanobis distance similarity measure based distinguisher for template attack

Under the assumption that power leakages at different interesting points follow multivariate normal distribution, maximum likelihood principle MLP can be used as an efficient distinguisher for template attack TA. Therefore, in key-recovery, one uses MLP to recover the correct key. In pattern recognition, Mahalanobis distance similarity measure MDSM is usually used to measure the similarity of two vectors in terms of their distance. A merit of MDSM is that, when measuring the similarity of two vectors, one takes the cross correlation between different variables into consideration. In this paper, we investigate the application of MDSM as a distinguisher in TA. We will show that there exists a certain relationship between MLP-based TA and MDSM-based TA under the assumption that the covariance matrices of different templates are identical. However, in MDSM-based TA, power leakages at different interesting points are not required to follow multivariate normal distribution. We perform practical experiments to evaluate the key-recovery efficiency of MDSM-based TA. Experimental results verify that, in the same attack scenario, the key-recovery efficiency of MDSM-based TA can be higher than that of MLP-based TA. Copyright

How to Choose Interesting Points for Template Attacks More Effectively

Template attacks are widely accepted to be the most powerful side-channel attacks from an information theoretic point of view. For template attacks, many papers suggested a guideline for choosing interesting points which is still not proven. The guideline is that one should only choose one point as the interesting point per clock cycle. Up to now, many different methods of choosing interesting points were introduced. However, it is still unclear that which approach will lead to the best classification performance for template attacks. In this paper, we comprehensively evaluate and compare the classification performance of template attacks when using different methods of choosing interesting points. Evaluation results show that the classification performance of template attacks has obvious difference when different methods of choosing interesting points are used. The CPA based method and the SOST based method will lead to the best classification performance. Moreover, we find that some methods of choosing interesting points provide the same results in the same circumstance. Finally, we verify the guideline for choosing interesting points for template attacks is correct by presenting a new way of conducting template attacks.

How to Compare Selections of Points of Interest for Side-Channel Distinguishers in Practice?

Side-channel distinguishers aim to reveal the secrets used in crypto devices by utilizing the subtle dependence between some sensitive intermediate values and physical leakages produced during its executions. For this purpose, one or more points of interest POIs corresponding to manipulations of one sensitive intermediate value are usually selected and then fed into distinguishers. However, it turns out in practice that POIs selected, even they are from the same leakage traces, will have significant impacts on the key recovery efficacy of distinguishers. Therefore, it makes a very practical sense to investigate the concrete impacts of POIs selections on side-channel distinguishers, and then pick out from those POIs selections available the most appropriate one for a certain distinguisher. In order to address these problems, we propose an evaluation framework for the analysis of POIs selections for side-channel distinguishers. Basically, our framework consists of two stages: the first stage captures the validity of points selected, while the second one reflects their quality with respect to a certain distinguisher. Specifically, on the one hand, in order to measure the goodness of one POIs selection, we introduce a quantitative metric of accuracy rate, from a perspective of statistics; on the other hand, we adopt the widely accepted security metric of success rate proposed by Standaert et al. at EUROCRYPT 2009 to reflect the quality of the points selected. Eventually, taking five typical POIs selections and three popular side-channel distinguishers as concrete study cases, we perform simulated attacks and practical attacks as well, the results of which not only fully justify our proposed methods but also reveal some interesting observations.