Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Clavier, Christophe; Danger, Jean‐Luc; Duc, Guillaume; Elaabid, M. Abdelaziz; Gérard, Benoît; Guilley, Sylvain; Heuser, Annelie; Kasper, Michael; Li, Yang; Lomné, Victor; Nakatsu, Daisuke; Ohta, Kazuo; Sakiyama, Kazuo; Sauvage, Laurent; Schindler, Werner; Stöttinger, Marc; Veyrat-Charvillon, Nicolas; Walle, Matthieu; Wurcker, Antoine

doi:10.1007/s13389-014-0075-9

Cited by 29 publications

(16 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, when the number of executions/ measurements per unknown binary is not a restricting factor for the malware analyst, then computing the mean over 𝑡 traces will result in a more accurate prediction. This meaning process is usually in the side-channel domain, as in [8]. Interestingly, we could not observe a straightforward improvement when applying this technique to MLP and CNN classifications.…”

Section: Discussionmentioning

confidence: 81%

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Pham

Marion

Mastio

et al. 2021

Annual Computer Security Applications Conference

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device. Using our approach, a malware analyst is able to obtain precise knowledge about malware type and identity, even in the presence of obfuscation techniques which may prevent static or symbolic binary analysis. We recorded 100,000 measurement traces from an IoT device infected by various in-the-wild malware samples and realistic benign activity. Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors. In our experiments, we were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%. Even more, our results show that we are able to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to the binary, which makes our approach particularly useful for malware analysts. CCS CONCEPTS• Security and privacy → Malware and its mitigation.

show abstract

Section: Discussionmentioning

confidence: 81%

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Pham

Marion

Mastio

et al. 2021

Annual Computer Security Applications Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…As illustrated in Appendix A, Figure 6, the data complexity of an attack using PCA is approximately doubled in this case, which can be explained by the correlation between the noise distributions taken at different time samples. Note that this projection pursuit was included amongst the best attacks of this contest, leading to a data complexity of 1173 traces (439 after key enumeration) as detailed in [7].…”

Section: Resultsmentioning

confidence: 99%

Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits

Durvaux

Standaert

Veyrat-Charvillon

et al. 2015

Constructive Side-Channel Analysis and Secure Design

Self Cite

View full text Add to dashboard Cite

Abstract. The selection of points-of-interest in leakage traces is a frequently neglected problem in the side-channel literature. However, it can become the bottleneck of practical adversaries/evaluators as the size of the measurement traces increases, especially in the challenging context of masked implementations, where only a combination of multiple shares reveals information in higher-order statistical moments. In this paper, we describe new (black box) tools for efficiently dealing with this problem. The proposed techniques exploit projection pursuits and specialized local search algorithms, work with minimum memory requirements and practical time complexity. We validate them with two case-studies of unprotected and first-order masked implementations in an 8-bit device, the latter one being hard to analyze with previously known methods.

show abstract

“…As a profiling model, we used the XOR model that was proposed in [5]. In [5], the advantage of the XOR model in correctly profiling the leakage of AES-comp implementation was shown. The XOR model leads to successful key recovery with reduced power traces compared to the HD model.…”

Section: Profiling Model: Xor Modelmentioning

confidence: 99%

“…Generally speaking, one can expect side-channel attacks to have a reduced data complexity with a more accurate leakage model. Specifically, we use a Hamming distance (HD) model as the non-profiling leakage model and the XOR (exclusive-or) model proposed in [5] as the representative of the profiling leakage model. It is expected that the profiling model will improve the authentication accuracy of the system.…”

Section: Introductionmentioning

confidence: 99%

Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES

Kasuya

Sakiyama

2018

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Various electronic devices are increasingly being connected to the Internet. Meanwhile, security problems, such as fake silicon chips, still exist. The significance of verifying the authenticity of these devices has led to the proposal of side-channel authentication. Side-channel authentication is a promising technique for enriching digital authentication schemes. Motivated by the fact that each cryptographic device leaks side-channel information depending on its used secret keys, cryptographic devices with different keys can be distinguished by analyzing the side-channel information leaked during their calculation. Based on the original side-channel authentication scheme, this paper adapts an ID-based authentication scheme that can significantly increase the authentication speed compared to conventional schemes. A comprehensive study is also conducted on the proposed ID-based side-channel authentication scheme. The performance of the proposed authentication scheme is evaluated in terms of speed and accuracy based on an FPGA-based AES implementation. With the proposed scheme, our experimental setup can verify the authenticity of a prover among 2 70 different provers within 0.59 s; this could not be handled effectively using previous schemes.

show abstract

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Cited by 29 publications

References 16 publications

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits

Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES

Contact Info

Product

Resources

About