This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Beyond the Limits of DPA: Combined Side-Channel Collision Attacks
Aug. 2012 (vol. 61 no. 8)
pp. 1153-1164
Andrey Bogdanov, Katholieke Universiteit Leuven
Ilya Kizhvatov, University of Luxembourg, Luxemborug
The problem of extracting the highest possible amount of key-related information using the lowest possible number of measurements is one of the central questions in side-channel attacks against embedded implementations of cryptographic algorithms. To address it, this work proposes a novel framework enhancing side-channel collision attacks with divide-and-conquer attacks such as differential power analysis (DPA). An information-theoretical metric is introduced for the evaluation of collision detection efficiency. Improved methods of dimension reduction for side-channel traces are developed based on a statistical model of euclidean distance. Experimental results confirm that DPA-combined collision attacks are superior to both DPA-only and collision-only attacks. The new methods of dimension reduction lead to further complexity improvements. All attacks are treated for the case of AES-128 and are practically validated on a widespread 8-bit RISC microcontroller.

[1] C. Archambeau, E. Peeters, F.-X. Standaert, and J.-J. Quisquater, "Template Attacks in Principal Subspaces," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 1-14, 2006.
[2] L. Batina, B. Gierlichs, and K. Lemke-Rust, "Differential Cluster Analysis," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 112-127, 2009.
[3] L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F.-X. Standaert, and N. Veyrat-Charvillon, "Mutual Information Analysis: A Comprehensive Study," J. Cryptology, vol. 24, no. 2, pp. 269-291, 2011.
[4] A. Biryukov, A. Bogdanov, D. Khovratovich, and T. Kasper, "Collision Attacks on Alpha-MAC and Other AES-Based MACs," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 166-180, 2007.
[5] A. Biryukov and D. Khovratovich, "Two New Techniques of Side-Channel Cryptanalysis," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 195-208, 2007.
[6] A. Bogdanov, "Improved Side-Channel Collision Attacks on AES," Proc. Int'l Conf. Selected Areas in Cryptography (SAC '07), pp. 84-95, 2007.
[7] A. Bogdanov, "Multiple-Differential Side-Channel Collision Attacks on AES," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '08), pp. 30-44, 2008.
[8] A. Bogdanov, I. Kizhvatov, and A. Pyshkin, "Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection," Proc. Int'l Conf. Cryptology in India: Progress in Cryptology (INDOCRYPT '08), pp. 251-265, 2008.
[9] E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 16-29, 2004.
[10] S. Chari, J.R. Rao, and P. Rohatgi, "Template Attacks," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 51-62, 2003.
[11] FIPS, Advanced Encryption Standard. Publication 197, Nat'l Bureau of Standards, US Dept. of Commerce, 2001.
[12] B. Gierlichs, K. Lemke-Rust, and C. Paar, "Templates vs. Stochastic Methods," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 15-29, 2006.
[13] H. Handschuh and B. Preneel, "Blind Differential Cryptanalysis for Enhanced Power Attacks," Proc. Int'l Conf. Selected Areas in Cryptography (SAC '06), pp. 163-173, 2006.
[14] J. Kim, Y. Lee, and S. Lee, "DES with Any Reduced Masked Rounds Is Not Secure against Side-Channel Attacks," Computers and Math. with Applications, vol. 60, no. 2, pp. 347-354, 2010.
[15] P.C. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Proc. Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '99), pp. 388-397, 1999.
[16] H. Ledig, F. Muller, and F. Valette, "Enhancing Collision Attacks," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 176-190, 2004.
[17] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer-Verlag, 2007.
[18] S. Mangard, E. Oswald, and F.-X. Standaert, "One for All - All for One: Unifying Standard DPA Attacks," IET Information Security, vol. 5, no. 2, pp. 100-110, June 2011.
[19] A. Moradi, O. Mischke, and T. Eisenbarth, "Correlation-Enhanced Power Analysis Collision Attack," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '10), pp. 125-139, 2010.
[20] J. Pan, J.I. den Hartog, and J. Lu, "You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation," Information Security Applications, pp. 178-192, Springer-Verlag, 2009.
[21] M. Renauld, F.-X. Standaert, and N. Veyrat-Charvillon, "Algebraic Side-Channel Attacks on the AES: Why Time Also Matters in DPA," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '09), pp. 97-111, 2009.
[22] W. Schindler, K. Lemke, and C. Paar, "A Stochastic Model for Differential Side Channel Cryptanalysis," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 30-46, 2005.
[23] K. Schramm, G. Leander, P. Felke, and C. Paar, "A Collision-Attack on AES: Combining Side Channel- and Differential-Attack," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), pp. 163-175, 2004.
[24] K. Schramm, T.J. Wollinger, and C. Paar, "A New Class of Collision Attacks and Its Application to DES," Proc. Int'l Workshop Fast Software Encryption (FSE '03), pp. 206-222, 2003.
[25] F.-X. Standaert, T. Malkin, and M. Yung, "A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks," Proc. Ann. Int'l Conf. Advances in Cryptology: The Theory and Applications of Cryptographic Techniques (EUROCRYPT '09), pp. 443-461, 2009.
[26] A. Wiemers, "Collision Attacks for Comp128 on Smartcards," Proc. ECC-Brainpool WorkshopSide-Channel Attacks on Cryptographic Algorithms, Dec. 2001.

Index Terms:
Analysis of algorithms and problem complexity, data encryption, cryptographic implementations, physical security, side-channel analysis, collision attacks, AES.
Citation:
Andrey Bogdanov, Ilya Kizhvatov, "Beyond the Limits of DPA: Combined Side-Channel Collision Attacks," IEEE Transactions on Computers, vol. 61, no. 8, pp. 1153-1164, Aug. 2012, doi:10.1109/TC.2011.140
Usage of this product signifies your acceptance of the Terms of Use.