Youssef Souissi

RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs

Amongst the many existing countermeasures against Side Channel Attacks (SCA) on symmetrical cryptographic algorithms, masking is one of the most widespread, thanks to its relatively low overhead, its low performance loss and its robustness against first-order attacks. However, several articles have recently pinpointed the limitations of this countermeasure when matched with variance-based and other high-order analyses. In this article, we present a new form of Boolean masking for the Advanced Encryption Standard (AES) called “RSM”, which shows the same level in performances as the state-of-the-art, while being less area consuming, and secure against Variance-based Power Analysis (VPA) and second-order zero-offset CPA. Our theoretical security evaluation is then validated with simulations as well as real-life CPA and VPA on an AES 256 implemented on FPGA.

First principal components analysis: a new side channel distinguisher

Side Channel Analysis (SCA) are of great concern since they have shown their efficiency in retrieving sensitive information from secure devices. In this paper we introduce First Principal Components Analysis (FPCA) which consists in evaluating the relevance of a partitioning using the projection on the first principal directions as a distinguisher. Indeed, FPCA is a novel application of the Principal Component Analysis (PCA). In SCA like Template attacks, PCA has been previously used as a pre-processing tool. The originality of FPCA is to use PCA no more as a preprocessing tool but as a distinguisher. We conducted all our experiments in real life context, using a recently introduced practiceoriented SCA evaluation framework. We show that FPCA is more performant than first-order SCA (DoM, DPA, CPA) when performed on unprotected DES architecture. Moreover, we outline that FPCA is still efficient on masked DES implementation, and show how it outperforms Variance Power Analysis (VPA) which is a known successful attack on such countermeasures.

Wavelet transform based pre-processing for side channel analysis

We suggest, in a methodological manner, the use of Wavelet transforms to improve side channel analysis (SCA). The proposed applications are involved in several side channel analysis aspects: storage of traces, patterns detection and noise filtering. We show that all these aspects are useful to improve evaluation of information leakages from embedded devices. In particular, we show how wavelets favour practical secret key recovery.

Efficient Dual-Rail Implementations in FPGA Using Block RAMs

Dual-rail precharge logic (DPL) are hardware countermeasures deployed to protect cryptographic coprocessors. However, their implementation on FPGA has been an issue of concern mainly due to imbalanced routing and early propagation effect. We analyzed the causes due to which DPL implementation on FPGA usually fails and previously proposed solutions. Many articles report that early propagation effect can be countered by synchronization mechanisms but routing imbalance is still a problem. In this article, we propose fan out reduction as a solution to counter routing imbalance. We found that the nets which have high fan out can be routed asymmetrically and therefore leak in the side channel. Another cause of imbalance in routing is long timing paths. Reduction of fan out and no. of gates in timing path can be achieved by using memories for implementing majority of cryptographic part. We use balanced-cell based dual rail logic (BCDL) which is a glitch-free DPL capable of using memories efficiently. Next, we present a source-level coding style to efficiently implement BCDL using block RAMs in FPGAs. This is followed by side channel analysis on Stratix II FPGA and results show that with fan out reduction we need 14 times more traces to find the key.

A Pre-processing Composition for Secret Key Recovery on Android Smartphone

Simple Side-Channel Analyses (SSCA) are known as techniques to uncover a cryptographic secret from one single spied waveform. Up to now, these very powerful attacks have been illustrated on simple devices which leakage was obvious. On more advanced targets, such as high-end processors of smartphones, a simple visual analysis of the waveforms might not be sufficient to read the secret at once. In this paper, we detail and explain how a composition of time-frequency pre-processings manages to extract the relevant information from one signal capture of an asymmetric cryptographic operation (RSA and ECC) running on an Android system. The lesson is that side-channel countermeasures must be applied even on advanced platforms such as smartphones to prevent secret information theft through the electromagnetic (EM) waveforms.

Towards different flavors of combined side channel attacks

Side Channel Attacks (SCA) have come a long way since first introduced. Extensive research has improved various aspects of SCA like acquisition techniques, processing of traces, choice of leakage model, choice of distinguishers etc. As a result, side-channel countermeasures have also improved. It is difficult to defeat such countermeasures and requires a huge number of traces. So far, only a few works studied the combination of SCA. In this paper, we put forward two methods to combine different attacks to accelerate SCA or to reduce the number of traces to attack. The first method is a combination of commonly used distinguishers. We provide a theoretical method and an empirical approach to combine Pearson and Spearman correlation coefficients. The second method suggests a combination of different measurements corresponding to the same activity. A metric to assess this combination using information theory is also given. Both methods are supported by application on real traces. The gain is expressed in terms of reduction in number of traces to attack. We report a gain of 50% for the first method and 45% for the second method.

On the optimality of correlation power attack on embedded cryptographic systems

In this paper, we answer the question of what are the necessary conditions under which Correlation Power Attack (CPA), that essentially targets embedded cryptographic implementations, is optimal with regards to attacks that exploit the same leakage model. For this purpose, we offer an in-depth theoretical study which aims at determining the conditions under which the Pearson correlation coefficient is maximized. Moreover, we propose theoretical metrics to practically verify the validity of those conditions. Besides, we illustrate our theoretical study by an experiment on real electromagnetic traces acquired from a DES cryptographic implementation.

Improvement of power analysis attacks using Kalman filter

Power analysis attacks are non intrusive and easily mounted. As a consequence, there is a growing interest in efficient implementation of these attacks against block cipher algorithms such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). In our paper we propose a new technique based on the Kalman theory. We show how this technique could be useful for the cryptographic domain by making power analysis attacks faster. Moreover we prove that the Kalman filter is more powerful than the High Order Statistics technique.

“Re-synchronization by moments”: An efficient solution to align Side-Channel traces

Modern embedded systems rely on cryptographic co-processor to ensure security. These cryptographic co-processor are theoretically secure but their physical implementations are vulnerable against Side-Channel Analysis (SCA). Therefore, embedded systems should be evaluated for their robustness against these attacks. In SCA, the preprocessing of acquired traces is crucial to mount an efficient analysis and therefore make a reliable evaluation. This paper mainly deals with the common problem of aligning SCA traces. For this purpose, we put forward an innovative re-synchronization algorithm and show its efficiency compared to existing techniques. Our results are based on real measurements acquired from several cryptographic implementations.

Vade mecum on side-channels attacks and countermeasures for the designer and the evaluator

Implementation-level attacks are nowadays well known and most designers of security embedded systems are aware of them. However, both the number of vulnerabilities and of protections have seriously grown since the first public reporting of these threats in 1996. It is thus difficult to assess the correct countermeasures association to cover all the possible attack paths. The goal of this paper is to give a clear picture of the possible adequation between actually risks and mitigation techniques. A specific focus is made on two protection techniques addressing primarily side-channel attacks: masking and hiding. For the first time, we provide with a way to estimate a tradeoff depending on the environmental conditions (amount of noise) and on the designer skills (ability to balance the design). This tradeoff is illustrated in a decision diagram, helpful for the security designer to justify choices and to account for the cost overhead.