Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks

Guilley, Sylvain; Sauvage, Laurent; Hoogvorst, Philippe; Pacalet, Renaud; Bertoni, Guido; Chaudhuri, Sumanta

doi:10.1109/tc.2008.109

Cited by 33 publications

(19 citation statements)

References 36 publications

(56 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to template attacks, stochastic attacks (Schindler et al, 2005) have used the multivariate Gaussian noise distribution assumption to successfully profile and attack microcontrollers. Although not a profiling attack, mutual information analysis (MIA) is studied in Prouff and Rivain (2010) with the data encryption standard (DES) on an 8-bit smart card as well as on a SecMat V3/2 ASIC testbed (Guilley et al, 2008). MIA was found to be successful with few traces using a parametric estimation.…”

Section: Introductionmentioning

confidence: 99%

Random Forest profiling attack on advanced encryption standard

Patel

Baldwin

2014

IJACT

View full text Add to dashboard Cite

Random Forest, a non-parametric classifier, is proposed for byte-wise profiling attack on advanced encryption standard (AES) and shown to improve results on PIC microcontrollers, especially in high-dimensional variable spaces. It is shown in this research that data collected from 40 PIC microcontrollers exhibited highly non-Gaussian variables. For the full-dimensional dataset consisting of 50,000 variables, Random Forest correctly extracted all 16 bytes of the AES key. For a reduced set of 2,700 variables captured during the first round of the encryption, Random Forest achieved success rates as high as 100% for cross-device attacks on 40 PIC microcontrollers from four different device families. With further dimensionality reduction, Random Forest still outperformed classical template attack for this dataset, requiring fewer traces and achieving higher success rates with lower misclassification rate. The importance of analysing the system noise in choosing a classifier for profiling attack is examined and demonstrated through this work. His area of specialty is computer security, computer communication networks, and wireless network protocols with an emphasis on real-time analysis. He has published over 90 articles in the area of security, wireless networks, wireless protocols, and queuing theory as well as numerous conference papers in the area. He has been awarded two patents and four USAF inventions for his work in computer security. His current research interests include computer communication networks, computer security, cyber operations and reconfigurable computing systems.

show abstract

Section: Introductionmentioning

confidence: 99%

Random Forest profiling attack on advanced encryption standard

Patel

Baldwin

2014

IJACT

View full text Add to dashboard Cite

show abstract

“…Moreover, we restrict the number of hypotheses to those on the first round key, seen as eight classes of 6-bit each. Hence, an attack on the unprotected module using the HD can only concern R. Once again, experiments confirm that CPA is more powerful than the DPA in presence of noise (traces have not been averaged) [34]. Best results on unprotected implementations are obtained with the HD model, as it matches the physical phenomenon responsible for power consumption (commutations), and by targeting four bits at the same time, increasing the signal-to-noise (SNR) ratio of the correct peak with respect to the peaks present in incorrect guesses.…”

Section: Resultsmentioning

confidence: 71%

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Sauvage

Nassar

Guilley

et al. 2010

International Journal of Reconfigurable Computing

Self Cite

View full text Add to dashboard Cite

FPGA design of side-channel analysis countermeasures using unmasked dual-rail with precharge logic appears to be a great challenge. Indeed, the robustness of such a solution relies on careful differential placement and routing whereas both FPGA layout and FPGA EDA tools are not developed for such purposes. However, assessing the security level which can be achieved with them is an important issue, as it is directly related to the suitability to use commercial FPGA instead of proprietary custom FPGA for this kind of protection. In this article, we experimentally gave evidence that differential placement and routing of an FPGA implementation can be done with a granularity fine enough to improve the security gain. However, so far, this gain turned out to be lower for FPGAs than for ASICs. The solutions demonstrated in this article exploit the dual-output of modern FPGAs to achieve a better balance of dual-rail interconnections. However, we expect that an in-depth analysis of routing resources power consumption could still help reduce the interconnect differential leakage.

show abstract

“…Even variancebased distinguishers as introduced in [35,3,27] can be made more efficient using NICV. As a preprocessing step, NICV can leverage metrics and distinguishers based on Linear Discriminant Analysis (LDA) [21] or on Principal Component Analysis (PCA) [16,21,34] are also using some kind of L 2 distance between classes (as does the NICV, see next section).…”

Section: General Backgroundmentioning

confidence: 99%

Side-channel leakage and trace compression using normalized inter-class variance

Bhasin

Danger

Guilley

et al. 2014

Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy

Self Cite

View full text Add to dashboard Cite

Security and safety critical devices must undergo penetration testing including Side-Channel Attacks (SCA) before certification. SCA are powerful and easy to mount but often need huge computation power, especially in the presence of countermeasures. Few efforts have been done to reduce the computation complexity of SCA by selecting a small subset of points where leakage prevails. In this paper, we propose a method to detect relevant leakage points in side-channel traces. The method is based on Normalized Inter-Class Variance (NICV). A key advantage of NICV over state-of-the-art is that NICV does neither need a clone device nor the knowledge of secret parameters of the crypto-system. NICV has a low computation requirement and it detects leakage using public information like input plaintexts or output ciphertexts only. It is shown that NICV can be related to Pearson correlation and signal to noise ratio (SNR) which are standard metrics. NICV can be used to theoretically compute the minimum number of traces required to attack an implementation. A theoretical rationale of NICV with some practical application on real crypto-systems are provided to support our claims.

show abstract

Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks

Cited by 33 publications

References 36 publications

Random Forest profiling attack on advanced encryption standard

Random Forest profiling attack on advanced encryption standard

Exploiting Dual-Output Programmable Blocks to Balance Secure Dual-Rail Logics

Side-channel leakage and trace compression using normalized inter-class variance

Contact Info

Product

Resources

About