ABSTRACT
In recent years, there has been a growing focus on improving the efficiency of the power side-channel analysis (SCA) attack by using machine learning or artificial intelligence methods, however, they can only be as good as the data they are trained on. Previous work has not given much attention to improving the accuracy of measurements by optimizing the measurement setup and the parameters, and most new researchers rely on heuristics to make measurements. This paper proposes an effective methodology to launch power SCA and increase the efficiency of the attack by improving the measurements. We examine the heuristics related to measurement parameters, investigate ways to optimize the parameters, determine their effects empirically, and provide a theoretical analysis to support the findings. To demonstrate the shortcomings of commercial measurement devices, we present a low-cost measurement board design and its hardware realization. In doing so, we are able to improve the power measurements, by optimizing the measurement setup, which in turn improves the efficiency of the attack.
- 2011. Side-Channel Attack Standard Evaluation Board SASEBO-W Specification. http://www.toptdc.com/en/product/sasebo/Google Scholar
- Amina Amrouche, Larbi Boubchir, and Said Yahiaoui. 2022. Side Channel Attack using Machine Learning. In International Conference on Software Defined Systems.Google ScholarCross Ref
- Melissa Azouaoui, Davide Bellizia, Ileana Buhan, Nicolas Debande, Sébastien Duval, Christophe Giraud, Éliane Jaulmes, François Koeune, Elisabeth Oswald, François-Xavier Standaert, et al. 2020. A systematic appraisal of side channel evaluation strategies. In Security Standardisation Research (SSR)Google Scholar
- Analog Devices. 2005. 270 MHz Differential Receiver Amplifiers. Datasheet.Google Scholar
- Robert W Erickson and Dragan Maksimovic. 2007. Fundamentals of power electronics. Springer Science & Business Media.Google Scholar
- S Geetha, KK Satheesh Kumar, Chepuri RK Rao, M Vijayan, and DC Trivedi. 2009. EMI shielding. Journal of applied polymer science 112, 4 (2009), 2073--2086.Google ScholarCross Ref
- Umer Hassan and Muhammad Sabieh Anwar. 2010. Reducing noise by repetition: introduction to signal averaging. European Journal of Physics 31, 3 (2010), 453.Google ScholarCross Ref
- Texas Instruments. 2023. Tiva? TM4C123GH6PM Microcontroller. Datasheet.Google Scholar
- T Kasper, D Oswald, and C Paar. 2009. New methods for cost-effective sidechannel attacks on cryptographic RFIDs. In Workshop on RFID Security.Google Scholar
- Nikolay V Kirianaki, Sergey Y Yurish, Nestor O Shpak, and Vadim P Deynega. 2002. Data acquisition and signal processing for smart sensors. Wiley New York.Google Scholar
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology. Springer, 388--397.Google Scholar
- Paul Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. 2011. Introduction to differential power analysis. Journal of Cryptographic Engineering 1 (2011).Google Scholar
- Owen Lo, William J Buchanan, and Douglas Carson. 2017. Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology 1, 2 (2017), 88--107.Google ScholarCross Ref
- Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2008. Power analysis attacks: Revealing the secrets of smart cards. Vol. 31. Springer.Google ScholarDigital Library
- Hammond Manufacturing. 2023. EMI/RFI Shielded Enclosures. Datasheet.Google Scholar
- Hassen Mestiri, Noura Benhadjyoussef, Mohsen Machhout, and Rached Tourki. 2013. A comparative study of power consumption models for cpa attack. International Journal of Computer Network and Information Security (2013).Google Scholar
- Microchip. 2021. Maximizing the signal.Google Scholar
- Amir Moradi. 2016. Advances in side-channel security. Ph. D. Dissertation. Bochum, Ruhr-Universität Bochum, Habil.-Schr., 2015.Google Scholar
- Colin O'Flynn and Zhizhang (David) Chen. 2014. ChipWhisperer. In Constructive Side-Channel Analysis and Secure Design.Google Scholar
- Alan V Oppenheim, Alan S Willsky, Syed Hamid Nawab, and Jian-Jiun Ding. 1997. Signals and systems. Vol. 2. Prentice hall.Google Scholar
- Elisabeth Oswald, Stefan Mangard, Christoph Herbst, and Stefan Tillich. 2006. Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In Topics in Cryptology. Springer, Berlin, Heidelberg.Google Scholar
- Yu Ou and Lang Li. 2022. Side-channel analysis attacks based on deep learning network. Frontiers of Computer Science 16 (2022), 1--11.Google ScholarDigital Library
- Colin O'Flynn and Zhizhang Chen. 2015. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. Journal of Cryptographic Engineering 5 (2015), 53--69.Google ScholarCross Ref
- Q. Pan, J. Wu, A.K. Bashir, J. Li, and J. Wu. 2022. Side-Channel Fuzzy Analysis- ? Based AI Model Extraction Attack With Information-Theoretic Perspective in Intelligent IoT. IEEE Trans. on Fuzzy Systems 30, 11 (2022), 4642--4656.Google ScholarDigital Library
- Martin Petrvalsky, Milos Drutarovsky, and Michal Varchola. 2014. Differential power analysis attack on ARM based AES implementation without explicit synchronization. In International Conference Radioelektronika.Google ScholarCross Ref
- Thomas Plos, Michael Hutter, and Christoph Herbst. 2008. Enhancing sidechannel analysis with low-cost shielding techniques. In Proceedings of Austrochip.Google Scholar
- Rambus Press. 2021. Side-channel attacks explained.Google Scholar
- Maria Isabel Ribeiro. 2004. Gaussian probability density functions: Properties and error characterization. Institute for Systems and Robotics, Portugal (2004).Google Scholar
- Tobias Schneider and Amir Moradi. 2015. Leakage assessment methodology: A clear roadmap for side-channel evaluations. In Cryptographic Hardware and Embedded Systems (CHES). Springer.Google Scholar
- François-Xavier Standaert, Philippe Bulens, Giacomo de Meulenaer, and Nicolas Veyrat-Charvillon. 2008. Improving the Rules of the DPA Contest. Cryptology EPrint Archive (2008).Google Scholar
- François-Xavier Standaert, Jean-Jacques Quisquater, and Bart Preneel. 2004. Power Analysis Attacks Against FPGA Implementations of the DES. In Field Programmable Logic and Application. Springer.Google Scholar
- NewAE Technology. 2018. CW501 differential probe. Product Datasheet.Google Scholar
- Tektronix. 2017. Tools to Boost Oscilloscope Measurement Resolution to More than 11 Bits. Application Note.Google Scholar
- Tektronix. 2023. P6248, P6247, and P6246 Differential Probes. Product Datasheet.Google Scholar
- Tektronix. 2023. Passive Voltage Probes. Product Datasheet.Google Scholar
- Rajesh Velegalati, Jens-Peter Kaps, et al. 2013. Towards a flexible, opensource board for side-channel analysis (fobos). Cryptographic architectures embedded in reconfigurable devices (2013).Google Scholar
- Tzong-Lin Wu, Frits Buesink, and Flavio Canavero. 2013. Overview of Signal Integrity and EMC Design Technologies on PCB. IEEE Trans. on Electromagnetic Compatibility 55, 4 (2013), 624--638.Google ScholarCross Ref
- Hao Xie, Xi Tian, and Keju Zhang. 2022. Noise Reduction Method Based on Wavelet Analysis for RF side-channel Signals. In Global Conference on Robotics, Artificial Intelligence and Information Technology (GCRAIT).Google ScholarCross Ref
- Juntao Yao, Zhedong Ma, Yanwen Lai, and Shuo Wang. 2021. A Survey of Modeling and Reduction Techniques of Radiated EMI in Power Electronics. In IEEE International Joint EMC/SI/PI and EMC Europe Symposium.Google ScholarCross Ref
Index Terms
- Better Side-Channel Attacks Through Measurements
Recommendations
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
DES with any reduced masked rounds is not secure against side-channel attacks
The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Comments