Advertisement

Template Attacks Based on Priori Knowledge

  • Guangjun FanEmail author
  • Yongbin Zhou
  • Hailong Zhang
  • Dengguo Feng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)

Abstract

Template attacks are widely accepted as the strongest side-channel attacks from the information theoretic point of view, and they can be used as a very powerful tool to evaluate the physical security of cryptographic devices. Template attacks consist of two stages, the profiling stage and the extraction stage. In the profiling stage, the attacker is assumed to have a large number of power traces measured from the reference device, using which he can accurately characterize signals and noises in different points. However, in practice, the number of profiling power traces may not be sufficient. In this case, signals and noises are not accurately characterized, and the key-recovery efficiency of template attacks is significantly influenced. We show that, the attacker can still make template attacks powerfully enough in practice as long as the priori knowledge about the reference device be obtained. We note that, the priori knowledge is just a prior distribution of the signal component of the instantaneous power consumption, which the attacker can easily obtain from his previous experience of conducting template attacks, from Internet and many other possible ways. Evaluation results show that, the priori knowledge, even if not accurate, can still help increase the power of template attacks, which poses a serious threat to the physical security of cryptographic devices.

Keywords

Side-channel attacks Power analysis attacks Template attacks Priori knowledge 

Notes

Acknowledgments

This work was supported by the National Basic Research Program of China (No.2013CB338003), the National Natural Science Foundation of China (Nos.61472416, 61272478), and the National Key Scientific and Technological Project (No.2014ZX01032401-001).

References

  1. 1.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 440–456. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  3. 3.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  4. 4.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 253–270. Springer, Heidelberg (2014) Google Scholar
  5. 5.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  6. 6.
    Montminy, D.P., Baldwin, R.O., Temple, M.A., Laspe, E.D.: Improving cross-device attacks using zero-mean unit-variance mormalization. J. Cryptographic Eng. 3(2), 99–110 (2013)CrossRefGoogle Scholar
  7. 7.
    Oswald, E., Mangard, S.: Template attacks on masking—resistance is futile. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 243–256. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  8. 8.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  9. 9.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007) zbMATHGoogle Scholar
  10. 10.
    Hanley, N., Tunstall, M., Marnane, W.P.: Unknown plaintext template attacks. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 148–162. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S., Kizhvatov, I.: Analysis and improvement of the random delay countermeasure of CHES 2009. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 95–109. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  12. 12.
    Durvaux, F., Renauld, M., Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using hidden markov models. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 123–140. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  13. 13.
    Lehmann, E.L., Casella, G.: Theory of Point Estimation, 2nd edn. Springer, New York. ISBN 978-0-387-98502-6Google Scholar
  14. 14.
    Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Medwed, M., Standaert, F.-X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient PRFs. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 193–212. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  16. 16.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  17. 17.
    Ye, X., Eisenbarth, T.: Wide collisions in practice. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 329–343. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Power analysis attacks-revealing the secrets of smartcards. http://dpabook.org/
  20. 20.
    Standaert, F.-X., Koeune, F., Schindler, W.: How to compare profiled side-channel attacks? In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 485–498. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  21. 21.
    Choudary, O., Kuhn, M.G.: Template attacks on different devices. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 179–198. Springer, Heidelberg (2014) Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Guangjun Fan
    • 1
    Email author
  • Yongbin Zhou
    • 2
  • Hailong Zhang
    • 2
  • Dengguo Feng
    • 1
  1. 1.State Key Laboratory of Computer ScienceInstitute of Software, Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Information SecurityInstitute of Information Engineering Chinese Academy of SciencesBeijingChina

Personalised recommendations