Skip to main content
SpringerLink
Log in

Non-profiled Mask Recovery: The Impact of Independent Component Analysis

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11389))

  • 710 Accesses

Abstract

As one of the most prevalent SCA countermeasures, masking schemes are designed to defeat a broad range of side channel attacks. An attack vector that is suitable for low-order masking schemes is to try and directly determine the mask(s) (for each trace) by utilising the fact that often an attacker has access to several leakage points of the respectively used mask(s). Good examples for implementations of low-order masking schemes include the table re-computation schemes as well as the masking scheme in DPAContest V4.2. We propose a novel approach based on Independent Component Analysis (ICA) to efficiently utilise the information from several leakage points to reconstruct the respective masks (for each trace) and show it is a competitive attack vector in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For specific processors, such implementation is not necessarily secure [12].

  2. 2.

    Throughout this paper, we always use subscript i as the i-th bit. Unlike traditional SCA, the intermediate state x here represents the random mask, which is not dependent on a key guess k.

  3. 3.

    For simplicity, we assume all leakage share the same leakage function L. However, ICA does work with different L-s, as long as they are all linear combinations of x.

  4. 4.

    A v-variate attack means it takes v leakage samples in total.

  5. 5.

    Here linear means linear on real values, rather than \(GF_{2^n}\).

References

  1. Gao, S., Chen, H., Wu, W., Fan, L., Cao, W., Ma, X.: My traces learn what you did in the dark: recovering secret signals without key guesses. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 363–378. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52153-4_21

    Chapter  Google Scholar 

  2. von Willich, M.: A technique with an information-theoretic basis for protecting secret data from differential power attacks. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 44–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_6

    Chapter  Google Scholar 

  3. Roche, T., Prouff, E.: Higher-order glitch free implementation of the AES using secure multi-party computation protocols. J. Cryptogr. Eng. 2, 111–127 (2012)

    Article  Google Scholar 

  4. Balasch, J., Faust, S., Gierlichs, B., Verbauwhede, I.: Theory and practice of a leakage resilient masking scheme. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 758–775. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_45

    Chapter  Google Scholar 

  5. Bruneau, N., Guilley, S., Najm, Z., Teglia, Y.: Multi-variate high-order attacks of shuffled tables recomputation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 475–494. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_24

    Chapter  Google Scholar 

  6. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_27

    Chapter  Google Scholar 

  7. Messerges, T.S.: Securing the AES finalists against power analysis attacks. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_11

    Chapter  Google Scholar 

  8. Prouff, E., Rivain, M.: A generic method for secure SBox implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77535-5_17

    Chapter  Google Scholar 

  9. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_25

    Chapter  Google Scholar 

  10. Pan, J., den Hartog, J.I., Lu, J.: You cannot hide behind the mask: power analysis on a provably secure S-Box implementation. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 178–192. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10838-9_14

    Chapter  Google Scholar 

  11. Tunstall, M., Whitnall, C., Oswald, E.: Masking tables—an underestimated security risk. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 425–444. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_22

    Chapter  Google Scholar 

  12. Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3-share threshold implementations for 4-bit S-boxes. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 99–113. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40026-1_7

    Chapter  Google Scholar 

  13. Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1173–1178 (2012)

    Google Scholar 

  14. TELECOM ParisTech SEN research group: DPA contest v4. http://www.dpacontest.org/v4/

  15. Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13, 411–430 (2000)

    Article  Google Scholar 

  16. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  17. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31

    Chapter  Google Scholar 

  18. Bhasin, S., Bruneau, N., Danger, J.-L., Guilley, S., Najm, Z.: Analysis and improvements of the DPA contest v4 implementation. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds.) SPACE 2014. LNCS, vol. 8804, pp. 201–218. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12060-7_14

    Chapter  Google Scholar 

Download references

Acknowledgements

This work has been funded in part by the National Key R&D Program of China(2018YFB0904900, 2018YFB0904901) and EPSRC under grant agreement EP/N011635/1 (LADA).

Author information

Authors and Affiliations

  1. University of Bristol, Bristol, UK

    Si Gao & Elisabeth Oswald

  2. Institute of Software, Chinese Academy of Sciences, Beijing, China

    Hua Chen

  3. Southern Power Grid Science Research Institute, Guangzhou, China

    Wei Xi

Authors
  1. Si Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisabeth Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei Xi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Si Gao .

Editor information

Editors and Affiliations

  1. Rambus - Cryptography Research, Rotterdam, Zuid-Holland, The Netherlands

    Begül Bilgin

  2. Nagravision, Cheseaux-sur-Lausanne, Vaud, Switzerland

    Jean-Bernard Fischer

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gao, S., Oswald, E., Chen, H., Xi, W. (2019). Non-profiled Mask Recovery: The Impact of Independent Component Analysis. In: Bilgin, B., Fischer, JB. (eds) Smart Card Research and Advanced Applications. CARDIS 2018. Lecture Notes in Computer Science(), vol 11389. Springer, Cham. https://doi.org/10.1007/978-3-030-15462-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-15462-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-15461-5

  • Online ISBN: 978-3-030-15462-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation