How to Certify the Leakage of a Chip?

Durvaux, François; Standaert, François‐Xavier; Veyrat-Charvillon, Nicolas

doi:10.1007/978-3-642-55220-5_26

Cited by 71 publications

(53 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yet, we note that in general, assumption errors can also lead to imperfect models, that are more difficult to deal with (see, e.g. [8]) and are certainly worth further investigations. Besides, and as already mentioned, since we now want to compare TA, SVM and RF, we need to evaluate and compare them with security metrics (since the two latter ones do not output the probabilities required to estimate information theoretic metrics).…”

Section: Imperfect Profilingmentioning

confidence: 95%

“…It implies that the parametersθ x,k correspond to mean vectorsμ x,k and covariance matricesΣ x,k . However, we note that any other PDF estimation could be considered by the adversary/evaluator [8]. We will further consider two types of TA: in the Naive Template Attack (NTA), we will indeed estimate one covariance matrix per intermediate value; in the Efficient Template Attack (ETA), we will pool the covariance estimates (assumed to be equal) across all intermediate values, as previously suggested in [5].…”

Section: Template Attacksmentioning

confidence: 99%

“…making measurement). Of particular interest for the next section will be the context of perfect profiling, where we assume that the adversary's model and the chip distribution are identical (which, strictly speaking, can only happen in simulated experimental settings since any profiling based on real traces will at least be imperfect because of small estimation errors [8]). In this context, the estimated PI will exactly correspond to the (worst-case) estimated MI.…”

Section: Success Rate (Sr)mentioning

confidence: 99%

See 2 more Smart Citations

Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis)

Lerman

Poussier

Bontempi

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Template attacks and machine learning are two popular approaches to profiled side-channel analysis. In this paper, we aim to contribute to the understanding of their respective strengths and weaknesses, with a particular focus on their curse of dimensionality. For this purpose, we take advantage of a well-controlled simulated experimental setting in order to put forward two important intuitions. First and from a theoretical point of view, the data complexity of template attacks is not sensitive to the dimension increase in side-channel traces given that their profiling is perfect. Second and from a practical point of view, concrete attacks are always affected by (estimation and assumption) errors during profiling. As these errors increase, machine learning gains interest compared to template attacks, especially when based on random forests.

show abstract

Section: Imperfect Profilingmentioning

confidence: 95%

Section: Template Attacksmentioning

confidence: 99%

Section: Success Rate (Sr)mentioning

confidence: 99%

See 1 more Smart Citation

Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis)

Lerman

Poussier

Bontempi

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Second, a fundamental question whenever performing a leakage detection is to determine whether the conclusions were obtained with sufficient confidence. A standard approach for answering this question is to perform cross-validation, which was recently suggested as an important part of leakage certification procedures [7]. Yet, this comes at the cost of additional data and time requirements.…”

Section: Discussion: Recycling Cepaca To Gain Confidencementioning

confidence: 99%

Moments-Correlating DPA

Moradi

Standaert

2016

Proceedings of the 2016 ACM Workshop on Theory of Implementation Security

Self Cite

View full text Add to dashboard Cite

We generalize correlation-enhanced power analysis collision attacks into moments-correlating DPA. The resulting distinguisher is applicable to the profiled and non-profiled (collision) settings and is able to exploit information lying in any statistical moment. It also benefits from a simple ruleof-thumb to estimate its data complexity. Experimental results show that such a tool allows answering with confidence to some important questions regarding the design of sidechannel countermeasures (e.g. what is the most informative statistical moment in the leakages of a threshold implementation). We further argue that moments-correlating DPA is a natural candidate for leakage detection tests, enjoying the simplicity of correlation power analysis and advanced features for the evaluation of higher-order attacks with an easy-to-compute confidence level.

show abstract

“…These techniques seem very different at first sight because they require different experimental methods and different algorithms. But several works have been proposed to described them in a common framework [13,17,6]. The aim of such frameworks is to provide strong theoretical basis but practical tools to fairly estimate the information leakage of circuits and thus increase the level of trust in such devices.…”

Section: Introductionmentioning

confidence: 99%

Physical functions: the common factor of side-channel and fault attacks?

Robisson

Bouder

2015

J Cryptogr Eng

View full text Add to dashboard Cite

Abstract. Security is a key component for information technologies and communication. Among the security threats, a very important one is certainly due to vulnerabilities of the integrated circuits that implement cryptographic algorithms. These electronic devices (such as smartcards) could fall into the hands of malicious people and then could be subject to "physical attacks". These attacks are generally classified into two categories : fault and side-channel attacks. One of the main challenges to secure circuits against such attacks is to propose methods and tools to estimate as soundly as possible, the efficiency of protections. Numerous works attend to provide tools based on sound statistical techniques but, to our knowledge, only address side-channel attacks. In this article, a formal link between fault and side-channel attacks is presented. The common factor between them is what we called the 'physical' function which is an extension of the concept of 'leakage function' widely used in side-channel community. We think that our work could make possible the re-use (certainly modulo some adjustments) for fault attacks of the strong theoretical background developed for side-channel attacks. This work could also make easier the combination of side-channel and fault attacks and thus, certainly could facilitate the discovery of new attack paths. But more importantly, the notion of physical functions opens from now new challenges about estimating the protection of circuits.

show abstract

How to Certify the Leakage of a Chip?

Cited by 71 publications

References 16 publications

Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis)

Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis)

Moments-Correlating DPA

Physical functions: the common factor of side-channel and fault attacks?

Contact Info

Product

Resources

About