Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Christophe Clavier; Jean Luc Danger; Guillaume Duc; M. Abdelaziz Elaabid; Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker

doi:10.1007/s13389-014-0075-9

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Christophe Clavier
, Jean Luc Danger
, Guillaume Duc
, M. Abdelaziz Elaabid
, Benoît Gérard
, Sylvain Guilley
, Annelie Heuser
, Michael Kasper
, Yang Li
, Victor Lomné
, Daisuke Nakatsu
, Kazuo Ohta
, Kazuo Sakiyama
, Laurent Sauvage
, Werner Schindler
, Marc Stöttinger
, Nicolas Veyrat-Charvillon
, Matthieu Walle
, Antoine Wurcker

Research output: Contribution to journal › Article › peer-review

Abstract

Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

Original language	English
Pages (from-to)	259-274
Number of pages	16
Journal	Journal of Cryptographic Engineering
Volume	4
Issue number	4
DOIs	https://doi.org/10.1007/s13389-014-0075-9
Publication status	Published - 1 Nov 2014

Keywords

AES
Attacks metrics
CPA
DPA contest
Profiled attacks
SCA

Access to Document

10.1007/s13389-014-0075-9

Cite this

Clavier, C., Danger, J. L., Duc, G., Elaabid, M. A., Gérard, B., Guilley, S., Heuser, A., Kasper, M., Li, Y., Lomné, V., Nakatsu, D., Ohta, K., Sakiyama, K., Sauvage, L., Schindler, W., Stöttinger, M., Veyrat-Charvillon, N., Walle, M., & Wurcker, A. (2014). Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest. Journal of Cryptographic Engineering, 4(4), 259-274. https://doi.org/10.1007/s13389-014-0075-9

@article{734b6b8ace1b4f029d17e6f188f0d3d1,

title = "Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest",

abstract = "Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.",

keywords = "AES, Attacks metrics, CPA, DPA contest, Profiled attacks, SCA",

author = "Christophe Clavier and Danger, \{Jean Luc\} and Guillaume Duc and Elaabid, \{M. Abdelaziz\} and Beno{\^i}t G{\'e}rard and Sylvain Guilley and Annelie Heuser and Michael Kasper and Yang Li and Victor Lomn{\'e} and Daisuke Nakatsu and Kazuo Ohta and Kazuo Sakiyama and Laurent Sauvage and Werner Schindler and Marc St{\"o}ttinger and Nicolas Veyrat-Charvillon and Matthieu Walle and Antoine Wurcker",

note = "Publisher Copyright: {\textcopyright} 2014, Springer-Verlag Berlin Heidelberg.",

year = "2014",

month = nov,

day = "1",

doi = "10.1007/s13389-014-0075-9",

language = "English",

volume = "4",

pages = "259--274",

journal = "Journal of Cryptographic Engineering",

issn = "2190-8508",

number = "4",

}

Clavier, C, Danger, JL, Duc, G, Elaabid, MA, Gérard, B, Guilley, S, Heuser, A, Kasper, M, Li, Y, Lomné, V, Nakatsu, D, Ohta, K, Sakiyama, K, Sauvage, L, Schindler, W, Stöttinger, M, Veyrat-Charvillon, N, Walle, M & Wurcker, A 2014, 'Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest', Journal of Cryptographic Engineering, vol. 4, no. 4, pp. 259-274. https://doi.org/10.1007/s13389-014-0075-9

TY - JOUR

T1 - Practical improvements of side-channel attacks on AES

T2 - feedback from the 2nd DPA contest

AU - Clavier, Christophe

AU - Danger, Jean Luc

AU - Duc, Guillaume

AU - Elaabid, M. Abdelaziz

AU - Gérard, Benoît

AU - Guilley, Sylvain

AU - Heuser, Annelie

AU - Kasper, Michael

AU - Li, Yang

AU - Lomné, Victor

AU - Nakatsu, Daisuke

AU - Ohta, Kazuo

AU - Sakiyama, Kazuo

AU - Sauvage, Laurent

AU - Schindler, Werner

AU - Stöttinger, Marc

AU - Veyrat-Charvillon, Nicolas

AU - Walle, Matthieu

AU - Wurcker, Antoine

PY - 2014/11/1

Y1 - 2014/11/1

N2 - Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

AB - Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

KW - AES

KW - Attacks metrics

KW - CPA

KW - DPA contest

KW - Profiled attacks

KW - SCA

U2 - 10.1007/s13389-014-0075-9

DO - 10.1007/s13389-014-0075-9

M3 - Article

AN - SCOPUS:84910631675

SN - 2190-8508

VL - 4

SP - 259

EP - 274

JO - Journal of Cryptographic Engineering

JF - Journal of Cryptographic Engineering

IS - 4

ER -

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Abstract

Keywords

Access to Document

Fingerprint

Cite this