Abstract
This work proposes an improved second-order correlation power analysis attack based on a new refined expecter (\(\mathcal {RE}\)). The predicted \(\mathcal {RE}\) with the correct secret key is related to the Hamming weight of the Sbox output mask with a correlation coefficient of 0.35. It gives an improved attack performance in comparison with a traditional second-order attack which exhibits a correlation value of 0.24. In order to verify the practicability and performance of the proposed attack, we perform experiments on both simulated data and an AES implementation on an ARM SecureCore device, protected with first-order masking and shuffling countermeasures. The results demonstrate that our proposed attack outperforms the conventional second-order attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
An signal-to-noise ratio (SNR) is the ratio between variance of signal and of noise, and denoted by \(\frac{\sigma ^{2}(signal)}{\sigma ^{2}(noise)}\) [12]. The higher SNR, the higher quality of the trace.
- 2.
This follows normal distribution with \(\mu =0\) and \(\sigma ^{2}\), where \(\mu \) and \(\sigma ^{2}\) indicate mean and variance, respectively.
- 3.
The guessing entropy indicates the average of how many key bytes remain to be guessed [9].
References
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Cho, J.-W., Han, D.-G.: Security analysis of the masking-shuffling based side channel attack countermeasures. J. Secur. Appl. 6(4), 207–214 (2012)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology (2001)
Grosso, V., Standaert, F.-X., Faust, S.: Masking vs. multiparty computation: how large is the gap for AES? J. Crypt. Eng. 4(1), 47–57 (2014)
Grosso, V., Standaert, F.-X., Prouff, E.: Low entropy masking schemes, revisited. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 33–43. Springer, Heidelberg (2014)
Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)
Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Ning, P., Vimercati, S., Syverson, P.F. (eds.) CCS 2007, pp. 286–296 (2007)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Linge, Y., Dumas, C., Lambert-Lacroix, S.: Using the joint distributions of a cryptographic function in side channel analysis. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 199–213. Springer, Heidelberg (2014)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)
Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order dpa attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)
Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009)
Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)
Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)
Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)
Acknowledgements
This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education(NRF-2013R1A1A2A10062137). The authors would like to thank Dooho Choi at ETRI for supporting us with SCARF boards (http://www.k-scarf.or.kr/). The SCARF boards were supported by the KLA-SCARF project, the ICT R&D program of ETRI.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Performance Evaluation of Reasonable Hamming Weight Estimator Functions
A Performance Evaluation of Reasonable Hamming Weight Estimator Functions
Both reasonable Hamming weight estimator functions, Cho’s method [2] and Linge’s method [11], effectively calibrate the Hamming weight value in noise-free signals. On the contrary, in noisy environments, they are likely to have different performances. This section shows the performance evaluation of both in various SNR scenarios.
In this experiment, we consider simulation traces manipulating 8-bit random mask generation. For the sake of comparison, 6 different simulation traces of varying SNR were generated for exploitation in this experiment. Each type includes different white gaussian noise which is generated in MATLAB (simulator is described in Sect. 5.1 in detail). In this experiment, for each SNR, we run 50 experiments of 40, 000 simulation traces i.e. in total \(40,000\times 50=2,000,000\) traces are used for a certain SNR.
Table 3 shows that the SNR is proportional to success rate. White indicates that success rate of Linge’s method is higher than Cho’s, while dark gray in contrast to white. For both methods, the closer to 0 or 8 the Hamming weight, the lower the success rate. However, Linge’s method outperforms Cho’s for most Hamming weights except for 3–5, while the total resolution of Cho’s scheme is higher than the other on noisier traces.
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ahn, H., Hanley, N., O’Neill, M., Han, DG. (2016). An Improved Second-Order Power Analysis Attack Based on a New Refined Expecter. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-31875-2_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31874-5
Online ISBN: 978-3-319-31875-2
eBook Packages: Computer ScienceComputer Science (R0)