Better Side-Channel Attacks Through Measurements

Authors:
Alok K. Singh

Virginia Tech, Arlington, VA, USA

Virginia Tech, Arlington, VA, USA

0009-0004-0442-0106
View Profile

,
Ryan M. Gerdes

Virginia Tech, Arlington, VA, USA

Virginia Tech, Arlington, VA, USA

0000-0003-0876-1181
View Profile

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware SecurityNovember 2023Pages 15–26https://doi.org/10.1145/3605769.3623988

Published:26 November 2023Publication History

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security

Pages 15–26

ABSTRACT

In recent years, there has been a growing focus on improving the efficiency of the power side-channel analysis (SCA) attack by using machine learning or artificial intelligence methods, however, they can only be as good as the data they are trained on. Previous work has not given much attention to improving the accuracy of measurements by optimizing the measurement setup and the parameters, and most new researchers rely on heuristics to make measurements. This paper proposes an effective methodology to launch power SCA and increase the efficiency of the attack by improving the measurements. We examine the heuristics related to measurement parameters, investigate ways to optimize the parameters, determine their effects empirically, and provide a theoretical analysis to support the findings. To demonstrate the shortcomings of commercial measurement devices, we present a low-cost measurement board design and its hardware realization. In doing so, we are able to improve the power measurements, by optimizing the measurement setup, which in turn improves the efficiency of the attack.

References

2011. Side-Channel Attack Standard Evaluation Board SASEBO-W Specification. http://www.toptdc.com/en/product/sasebo/Google Scholar
Amina Amrouche, Larbi Boubchir, and Said Yahiaoui. 2022. Side Channel Attack using Machine Learning. In International Conference on Software Defined Systems.Google ScholarCross Ref
Melissa Azouaoui, Davide Bellizia, Ileana Buhan, Nicolas Debande, Sébastien Duval, Christophe Giraud, Éliane Jaulmes, François Koeune, Elisabeth Oswald, François-Xavier Standaert, et al. 2020. A systematic appraisal of side channel evaluation strategies. In Security Standardisation Research (SSR)Google Scholar
Analog Devices. 2005. 270 MHz Differential Receiver Amplifiers. Datasheet.Google Scholar
Robert W Erickson and Dragan Maksimovic. 2007. Fundamentals of power electronics. Springer Science & Business Media.Google Scholar
S Geetha, KK Satheesh Kumar, Chepuri RK Rao, M Vijayan, and DC Trivedi. 2009. EMI shielding. Journal of applied polymer science 112, 4 (2009), 2073--2086.Google ScholarCross Ref
Umer Hassan and Muhammad Sabieh Anwar. 2010. Reducing noise by repetition: introduction to signal averaging. European Journal of Physics 31, 3 (2010), 453.Google ScholarCross Ref
Texas Instruments. 2023. Tiva? TM4C123GH6PM Microcontroller. Datasheet.Google Scholar
T Kasper, D Oswald, and C Paar. 2009. New methods for cost-effective sidechannel attacks on cryptographic RFIDs. In Workshop on RFID Security.Google Scholar
Nikolay V Kirianaki, Sergey Y Yurish, Nestor O Shpak, and Vadim P Deynega. 2002. Data acquisition and signal processing for smart sensors. Wiley New York.Google Scholar
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology. Springer, 388--397.Google Scholar
Paul Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. 2011. Introduction to differential power analysis. Journal of Cryptographic Engineering 1 (2011).Google Scholar
Owen Lo, William J Buchanan, and Douglas Carson. 2017. Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology 1, 2 (2017), 88--107.Google ScholarCross Ref
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2008. Power analysis attacks: Revealing the secrets of smart cards. Vol. 31. Springer.Google ScholarDigital Library
Hammond Manufacturing. 2023. EMI/RFI Shielded Enclosures. Datasheet.Google Scholar
Hassen Mestiri, Noura Benhadjyoussef, Mohsen Machhout, and Rached Tourki. 2013. A comparative study of power consumption models for cpa attack. International Journal of Computer Network and Information Security (2013).Google Scholar
Microchip. 2021. Maximizing the signal.Google Scholar
Amir Moradi. 2016. Advances in side-channel security. Ph. D. Dissertation. Bochum, Ruhr-Universität Bochum, Habil.-Schr., 2015.Google Scholar
Colin O'Flynn and Zhizhang (David) Chen. 2014. ChipWhisperer. In Constructive Side-Channel Analysis and Secure Design.Google Scholar
Alan V Oppenheim, Alan S Willsky, Syed Hamid Nawab, and Jian-Jiun Ding. 1997. Signals and systems. Vol. 2. Prentice hall.Google Scholar
Elisabeth Oswald, Stefan Mangard, Christoph Herbst, and Stefan Tillich. 2006. Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In Topics in Cryptology. Springer, Berlin, Heidelberg.Google Scholar
Yu Ou and Lang Li. 2022. Side-channel analysis attacks based on deep learning network. Frontiers of Computer Science 16 (2022), 1--11.Google ScholarDigital Library
Colin O'Flynn and Zhizhang Chen. 2015. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. Journal of Cryptographic Engineering 5 (2015), 53--69.Google ScholarCross Ref
Q. Pan, J. Wu, A.K. Bashir, J. Li, and J. Wu. 2022. Side-Channel Fuzzy Analysis- ? Based AI Model Extraction Attack With Information-Theoretic Perspective in Intelligent IoT. IEEE Trans. on Fuzzy Systems 30, 11 (2022), 4642--4656.Google ScholarDigital Library
Martin Petrvalsky, Milos Drutarovsky, and Michal Varchola. 2014. Differential power analysis attack on ARM based AES implementation without explicit synchronization. In International Conference Radioelektronika.Google ScholarCross Ref
Thomas Plos, Michael Hutter, and Christoph Herbst. 2008. Enhancing sidechannel analysis with low-cost shielding techniques. In Proceedings of Austrochip.Google Scholar
Rambus Press. 2021. Side-channel attacks explained.Google Scholar
Maria Isabel Ribeiro. 2004. Gaussian probability density functions: Properties and error characterization. Institute for Systems and Robotics, Portugal (2004).Google Scholar
Tobias Schneider and Amir Moradi. 2015. Leakage assessment methodology: A clear roadmap for side-channel evaluations. In Cryptographic Hardware and Embedded Systems (CHES). Springer.Google Scholar
François-Xavier Standaert, Philippe Bulens, Giacomo de Meulenaer, and Nicolas Veyrat-Charvillon. 2008. Improving the Rules of the DPA Contest. Cryptology EPrint Archive (2008).Google Scholar
François-Xavier Standaert, Jean-Jacques Quisquater, and Bart Preneel. 2004. Power Analysis Attacks Against FPGA Implementations of the DES. In Field Programmable Logic and Application. Springer.Google Scholar
NewAE Technology. 2018. CW501 differential probe. Product Datasheet.Google Scholar
Tektronix. 2017. Tools to Boost Oscilloscope Measurement Resolution to More than 11 Bits. Application Note.Google Scholar
Tektronix. 2023. P6248, P6247, and P6246 Differential Probes. Product Datasheet.Google Scholar
Tektronix. 2023. Passive Voltage Probes. Product Datasheet.Google Scholar
Rajesh Velegalati, Jens-Peter Kaps, et al. 2013. Towards a flexible, opensource board for side-channel analysis (fobos). Cryptographic architectures embedded in reconfigurable devices (2013).Google Scholar
Tzong-Lin Wu, Frits Buesink, and Flavio Canavero. 2013. Overview of Signal Integrity and EMC Design Technologies on PCB. IEEE Trans. on Electromagnetic Compatibility 55, 4 (2013), 624--638.Google ScholarCross Ref
Hao Xie, Xi Tian, and Keju Zhang. 2022. Noise Reduction Method Based on Wavelet Analysis for RF side-channel Signals. In Global Conference on Robotics, Artificial Intelligence and Information Technology (GCRAIT).Google ScholarCross Ref
Juntao Yao, Zhedong Ma, Yanwen Lai, and Shuo Wang. 2021. A Survey of Modeling and Reduction Techniques of Radiated EMI in Power Electronics. In IEEE International Joint EMC/SI/PI and EMC Europe Symposium.Google ScholarCross Ref

Index Terms

Better Side-Channel Attacks Through Measurements
1. Hardware
  1. Communication hardware, interfaces and storage
    1. Signal processing systems
      1. Noise reduction
  2. Printed circuit boards
    1. Electromagnetic interference and compatibility
2. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Read More
DES with any reduced masked rounds is not secure against side-channel attacks

The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to ...
Read More
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security
November 2023
138 pages
ISBN:9798400702624
DOI:10.1145/3605769
General Chairs:
Chip Hong Chang
NTU Singapore
,
Ulrich Ruhrmair
LMU Munich and U Connecticut
,
Program Chairs:
Lejla Batina
Radboud U
,
Domenic Forte
U of Florida
Copyright © 2023 Owner/Author
This work is licensed under a Creative Commons Attribution-NoDerivatives International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 November 2023
Check for updates
Author Tags
a/d converter
measurement setup
pcb design
power sca
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate6of20submissions,30%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 295
  Total Downloads
- Downloads (Last 12 months)295
- Downloads (Last 6 weeks)50
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Better Side-Channel Attacks Through Measurements

ASHES '23: Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR

DES with any reduced masked rounds is not secure against side-channel attacks

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures