Breaking Masked Implementations of the Clyde-Cipher by Means of Side-Channel Analysis

Gohr, Aron; Laus, Friederike; Schindler, Werner

doi:10.46586/tches.v2022.i4.397-437

Cited by 4 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to evaluate the model's efficacy, the weighted harmonic mean between recall and accuracy is determined using the f-measures. Every evaluation metric is formally specified in the formulas (18) to (21).…”

Section: Performance Evaluationmentioning

confidence: 99%

“…[15][16][17] A few of these methods use tree algorithms to bring together a number of poor learners in a model that can be generalized. 18 Deep learning-based cryptography has been recently attracted a lot of interest from the cryptography with symmetric keys community. Deep learning that leverages massive amounts of data to model the human brain through neural networks.…”

Section: Introductionmentioning

confidence: 99%

“…If the block cipher has proven to remain resistant to numerous cutting‐edge cryptanalysis methods over a long period of time it may be considered as secure enough for use in practice 15–17 . A few of these methods use tree algorithms to bring together a number of poor learners in a model that can be generalized 18 …”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A profiled side‐channel attack detection using deep learning model with capsule auto‐encoder network

Maheswari,

Krishnamurthy

2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Side‐channel analysis (SCA) is a type of cryptanalytic attack that uses unintended ‘side‐channel’ leakage through the real‐world execution of the cryptographic algorithm to crack a secret key of an embedded system. These side‐channel errors can be discovered through tracking the energy usage of the device performing the technique, electromagnetic radiations while the encryption process, execution time, cache hits/misses, and others. Nowadays, deep learning‐based detection techniques are considered as emerging techniques that have been proposed for attack detection. Deep learning architectures have the ability to learn autonomously and concentrate on difficult features, in contrast to machine learning models. In light of these factors, the work's motive is thought to be the proposal of a deep learning‐based attack detection method. Many methods are used to decrease these assaults, however, the majority of them are inefficient and time‐demanding. In order to address these challenges, this study employs a novel deep learning‐based methodology. Pre‐processing, feature extraction, and SCA classification are the three stages of the approach proposed in this work. First, pre‐processing is used to remove unnecessary information and improve the quality of the input using data cleaning and min‐max normalization. The previously processed data are then fed as input into the proposed hybrid deep learning architecture. A Deep Residual Capsule Auto‐Encoder (DR_CAE) model is introduced in the proposed study. The deep residual neural network‐50 (DRNN‐50) is utilized to extract relevant features in this case, while the side channel analysis is done by using capsule auto‐encoder (CAE). The parameters of the proposed model are adjusted using the modified white shark optimization (MWSO) technique to improve its performance. In the results section, the proposed model is compared to various existing models in terms of accuracy, precision, recall, F‐measures, time, and so on. The proposed framework has an accuracy of 98.802%, F‐measures of 98.801%, kappa coefficient of 97.6%, the precision value of 98.81%, and recall value of 98.80%.

show abstract

Section: Performance Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A profiled side‐channel attack detection using deep learning model with capsule auto‐encoder network

Maheswari,

Krishnamurthy

2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…This provides an example of easy learning problem where GD-based learning can fail. In this respect, it might be interesting to study to what extent the scattershot encoding introduced by Gohr et al could be an efficient solution [GLS22]. On the other hand, some recent results in learning theory suggest that profiling masked implementations in non-worst-case settings could be hard regardless of the nature of the learning algorithm used by the adversary.…”

Section: Is Profiling In a Non-worst-case Hard Anyway?mentioning

confidence: 99%

Don’t Learn What You Already Know

Masure

Cristiani²,

Lecomte³

et al. 2022

TCHES

View full text Add to dashboard Cite

Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in an uninformed setting to evaluate implementations protected with higher-order masking. On the opposite, worst-case evaluations may be seen as possibly far from what a real-world adversary could do, thereby leading to too conservative security bounds. In this paper, we propose a new threat model that we name scheme-aware benefiting from a trade-off between uninformed and worst-case models. Our scheme-aware model is closer to a real-world adversary, in the sense that it does not need to have access to the random nonces used by masking during the profiling phase like in a worst-case model, while it does not need to learn the masking scheme as implicitly done by an uninformed adversary. We show how to combine the power of deep learning with the prior knowledge of scheme-aware modeling. As a result, we show on simulations and experiments on public datasets how it sometimes allows to reduce by an order of magnitude the profiling complexity, i.e., the number of profiling traces needed to satisfyingly train a model, compared to a fully uninformed adversary.

show abstract

“…Although not many, some works do consider the portability of profiling attacks [3,10,15]. The portability issue was first identified in [7], where waveform realignment and acquisition campaigns normalization were proposed to overcome the drawbacks.…”

Section: B Related Workmentioning

confidence: 99%

Towards Automatic and Portable Data Loading Template Attacks on Microcontrollers

Rioja

Batina

Flores

et al. 2021

2021 22nd International Symposium on Quality Electronic Design (ISQED)

View full text Add to dashboard Cite

Although the original idea of profiling attacks is to recover the secret key of one cryptographic device with a leakage model generated from an "identical copy", this concept (usually called portability) cannot always be upheld. Many previous works create the model and perform the attack on the same device, assuming that the generated model would work for another copy as well. However, intrinsic differences among different devices, trace sets, or experimental setups cause behavioral changes that deemed portability challenging and eventually leading to the attack failure. Besides, another critical issue for the success of template attacks (which is also sometimes overlooked) is the search for points in power traces where leakage depends on data. To address both issues at the same time, in this paper we show an automatic way to tune the selected points of interest in order to improve the performance of portable data loading template attacks. Our approach is able to find common points of leakage across devices in a completely automated manner, which we support with experimental results.

show abstract

Breaking Masked Implementations of the Clyde-Cipher by Means of Side-Channel Analysis

Cited by 4 publications

References 20 publications

A profiled side‐channel attack detection using deep learning model with capsule auto‐encoder network

A profiled side‐channel attack detection using deep learning model with capsule auto‐encoder network

Don’t Learn What You Already Know

Towards Automatic and Portable Data Loading Template Attacks on Microcontrollers

Contact Info

Product

Resources

About