Univariate side channel attacks and leakage modeling

Doget, Julien; Prouff, Emmanuel; Rivain, Matthieu; Standaert, François‐Xavier

doi:10.1007/s13389-011-0010-2

Cited by 153 publications

(111 citation statements)

References 15 publications

Supporting

Mentioning

108

Contrasting

Order By: Relevance

“…This study was motivated by the observation that the classical LRA distinguisher value for one leakage time is not comparable as such to that computed for another leakage time. Figure 1(a) illustrates this claim for an LRA targeting the device B described in Section 2.5: when directly applying the protocol given in [11,31], the correct key candidate does not maximize the distinguisher value globally but only in a local area, which makes the attack unsuccessful unless this area is known by the adversary (which is not assumed here). This observation led us to study the handling of distinguishing values in SCA attacks.…”

Section: Effectiveness Discussionmentioning

confidence: 99%

“…More generally, our study relies on a well studied problem which is the comparison of the results of two different instantaneous attacks [11,20,33,34,36,38]. For the LRA, it will lead to a modification of the candidate selection rule.…”

Section: Effectiveness Discussionmentioning

confidence: 99%

“…the highest correlation coefficient in a Correlation Power Analysis -CPA- [8]). Nevertheless we argue that this strategy can be ineffective for some attack categories, including the case of the Linear Regression Analysis (LRA) [11,30,31]. For the latter one, we propose a new strategy to select the most likely candidate and we demonstrate its effectiveness in practice.…”

Section: Introductionmentioning

confidence: 93%

“…Initially, they were presented with a profiling step and were viewed as an alternative to the template attacks [13]. In [11], the authors have shown how to express the linear regression attacks such that the profiling stage is no longer required. They also argued that the LRA can be applied in the same context as the CPA, but with weaker assumption on the device behavior.…”

Section: Practical Evaluation Of Linear Regression Attacksmentioning

confidence: 99%

“…[8,9,11,12,31]). In order to to compare and classify them, theoretical frameworks have then been introduced [11,22,35,39]. Their main purpose is to identify the attacks similarities and differences, and to exhibit contexts where one is better than another.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Behind the Scene of Side Channel Attacks

Lomné

Prouff

Roche

2013

Advances in Cryptology - ASIACRYPT 2013

Self Cite

View full text Add to dashboard Cite

Abstract. Since the introduction of side channel attacks in the nineties, a large amount of work has been devoted to their effectiveness and efficiency improvements. On the one side, general results and conclusions are drawn in theoretical frameworks, but the latter ones are often set in a too ideal context to capture the full complexity of an attack performed in real conditions. On the other side, practical improvements are proposed for specific contexts but the big picture is often put aside, which makes them difficult to adapt to different contexts. This paper tries to bridge the gap between both worlds. We specifically investigate which kind of issues is faced by a security evaluator when performing a state of the art attack. This analysis leads us to focus on the very common situation where the exact time of the sensitive processing is drown in a large number of leakage points. In this context we propose new ideas to improve the effectiveness and/or efficiency of the three considered attacks. In the particular case of stochastic attacks, we show that the existing literature, essentially developed under the assumption that the exact sensitive time is known, cannot be directly applied when the latter assumption is relaxed. To deal with this issue, we propose an improvement which makes stochastic attack a real alternative to the classical correlation power analysis. Our study is illustrated by various attack experiments performed on several copies of three micro-controllers with different CMOS technologies (respectively 350, 130 and 90 nanometers).

show abstract

Section: Effectiveness Discussionmentioning

confidence: 99%

Section: Effectiveness Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 93%

Section: Practical Evaluation Of Linear Regression Attacksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Behind the Scene of Side Channel Attacks

Lomné

Prouff

Roche

2013

Advances in Cryptology - ASIACRYPT 2013

Self Cite

View full text Add to dashboard Cite

show abstract

A statistical model for DPA when algorithmic noise is dependent on target

Qiu

Zhang

Cao

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

In side‐channel attacks, information about any intermediate data except the target data will be considered as noise, namely, the “algorithmic noise.” Algorithmic noise is always assumed to be independent of the target data. As a result, it is thought to be an equivalence of physical noise. Numerous investigations are built on this intuitive assumption. In this paper, we claim that this assumption is not always true and find the algorithm (e.g., SIMON) for which the algorithmic noise is dependent on the target data. On this condition, we reconsider the issue of success rate estimation and build a modified statistical model to accurately estimate the success rate when the algorithmic noise is dependent on the target data. Finally, experimental results for SIMON algorithm validate the soundness of our methodology. It is also worth mentioning that SIMON is a candidate proposed by the National Security Agency as the standard light‐weight block cipher. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract