A New Second-Order Side Channel Attack Based on Linear Regression

Dabosville, Guillaume; Doget, Julien; Prouff, Emmanuel

doi:10.1109/tc.2012.112

Cited by 30 publications

(33 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They also argued that the LRA can be applied in the same context as the CPA, but with weaker assumption on the device behavior. Subsequently, these results of Doget et al have been extended in [10] to apply against masked implementations. In parallel, linear regression attacks have been used to analyse/model the deterministic part of the information leakage for complex circuits [14,15].…”

Section: Practical Evaluation Of Linear Regression Attacksmentioning

confidence: 99%

“…the DPA [17] or the multi-bit DPA [23]) were actually originally written as such, whereas the other ones were developed in a partitioning way after their introduction (see e.g. [18] for the CPA, [10] for the LRA and [33] for the MIA). To the best of our knowledge, this property has however never been exploited to improve the attacks efficiency.…”

Section: Algorithmic Complexity Improvements Proposalsmentioning

confidence: 99%

“…Fortunately this complexity can be significantly reduced. It can indeed be easily shown (see [10]) that the processing of the vectors − → β is unchanged if performed for the set of averaged leakages ( …”

Section: On the Lra Efficiencymentioning

confidence: 99%

“…In spite of the evidence of this observation, it is rarely taken into account when analysing the effectiveness of a side channel attack. Such an analysis is indeed frequently done under the assumption, sometimes implicit, that a small number of points of interest (POI) has already been extracted from the traces either by pattern matching [21], or by dimension reduction [1,6,7,32] or thanks to a previous successful attack [10,29]. However, the two first categories of techniques are not yet perfect and, after reduction, the traces are often still composed of several points in practice.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Behind the Scene of Side Channel Attacks

Lomné

Prouff

Roche

2013

Advances in Cryptology - ASIACRYPT 2013

Self Cite

View full text Add to dashboard Cite

Abstract. Since the introduction of side channel attacks in the nineties, a large amount of work has been devoted to their effectiveness and efficiency improvements. On the one side, general results and conclusions are drawn in theoretical frameworks, but the latter ones are often set in a too ideal context to capture the full complexity of an attack performed in real conditions. On the other side, practical improvements are proposed for specific contexts but the big picture is often put aside, which makes them difficult to adapt to different contexts. This paper tries to bridge the gap between both worlds. We specifically investigate which kind of issues is faced by a security evaluator when performing a state of the art attack. This analysis leads us to focus on the very common situation where the exact time of the sensitive processing is drown in a large number of leakage points. In this context we propose new ideas to improve the effectiveness and/or efficiency of the three considered attacks. In the particular case of stochastic attacks, we show that the existing literature, essentially developed under the assumption that the exact sensitive time is known, cannot be directly applied when the latter assumption is relaxed. To deal with this issue, we propose an improvement which makes stochastic attack a real alternative to the classical correlation power analysis. Our study is illustrated by various attack experiments performed on several copies of three micro-controllers with different CMOS technologies (respectively 350, 130 and 90 nanometers).

show abstract

Section: Practical Evaluation Of Linear Regression Attacksmentioning

confidence: 99%

Section: Algorithmic Complexity Improvements Proposalsmentioning

confidence: 99%

Section: On the Lra Efficiencymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Behind the Scene of Side Channel Attacks

Lomné

Prouff

Roche

2013

Advances in Cryptology - ASIACRYPT 2013

Self Cite

View full text Add to dashboard Cite

show abstract

“…If the two leaking operations are similar, e.g., two computations of S-box, then the attack is referred to as a collision attack [6]. Otherwise, the attack is generally termed bivariate, and can consist in second-order CPA [28], multivariate MIA [18], or any other variant (e.g., [15]). For this reason, every intermediate variable is masked independently (e.g., the same masked S-box cannot be used twice), and the sharing is done with strictly more than two shares.…”

Section: Multi-mask Fems Vs Mono-mask Lemsmentioning

confidence: 99%

Detecting Hidden Leakages

Moradi

Guilley

Heuser

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

show abstract