Skip to main content
SpringerLink
Log in

An Improved Second-Order Power Analysis Attack Based on a New Refined Expecter

- Case Study on Protected AES -

  • Conference paper
Information Security Applications (WISA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9503))

Included in the following conference series:

  • 1210 Accesses

Abstract

This work proposes an improved second-order correlation power analysis attack based on a new refined expecter (\(\mathcal {RE}\)). The predicted \(\mathcal {RE}\) with the correct secret key is related to the Hamming weight of the Sbox output mask with a correlation coefficient of 0.35. It gives an improved attack performance in comparison with a traditional second-order attack which exhibits a correlation value of 0.24. In order to verify the practicability and performance of the proposed attack, we perform experiments on both simulated data and an AES implementation on an ARM SecureCore device, protected with first-order masking and shuffling countermeasures. The results demonstrate that our proposed attack outperforms the conventional second-order attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    An signal-to-noise ratio (SNR) is the ratio between variance of signal and of noise, and denoted by \(\frac{\sigma ^{2}(signal)}{\sigma ^{2}(noise)}\) [12]. The higher SNR, the higher quality of the trace.

  2. 2.

    This follows normal distribution with \(\mu =0\) and \(\sigma ^{2}\), where \(\mu \) and \(\sigma ^{2}\) indicate mean and variance, respectively.

  3. 3.

    The guessing entropy indicates the average of how many key bytes remain to be guessed [9].

References

  1. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Cho, J.-W., Han, D.-G.: Security analysis of the masking-shuffling based side channel attack countermeasures. J. Secur. Appl. 6(4), 207–214 (2012)

    Google Scholar 

  3. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  4. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology (2001)

    Google Scholar 

  6. Grosso, V., Standaert, F.-X., Faust, S.: Masking vs. multiparty computation: how large is the gap for AES? J. Crypt. Eng. 4(1), 47–57 (2014)

    Article  Google Scholar 

  7. Grosso, V., Standaert, F.-X., Prouff, E.: Low entropy masking schemes, revisited. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 33–43. Springer, Heidelberg (2014)

    Google Scholar 

  8. Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Ning, P., Vimercati, S., Syverson, P.F. (eds.) CCS 2007, pp. 286–296 (2007)

    Google Scholar 

  10. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  11. Linge, Y., Dumas, C., Lambert-Lacroix, S.: Using the joint distributions of a cryptographic function in side channel analysis. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 199–213. Springer, Heidelberg (2014)

    Google Scholar 

  12. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  13. Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order dpa attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  15. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Acknowledgements

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education(NRF-2013R1A1A2A10062137). The authors would like to thank Dooho Choi at ETRI for supporting us with SCARF boards (http://www.k-scarf.or.kr/). The SCARF boards were supported by the KLA-SCARF project, the ICT R&D program of ETRI.

Author information

Authors and Affiliations

  1. Department of Financial Information Security, Kookmin University, Seoul, Korea

    Hyunjin Ahn & Dong-Guk Han

  2. Centre for Secure Information Technologies, Queen’s University, Belfast, UK

    Hyunjin Ahn, Neil Hanley & Maire O’Neill

  3. Department of Mathematics, Kookmin University, Seoul, Korea

    Dong-Guk Han

Authors
  1. Hyunjin Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Neil Hanley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maire O’Neill
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dong-Guk Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dong-Guk Han .

Editor information

Editors and Affiliations

  1. Pusan National University, Busan, Korea (Republic of)

    Ho-won Kim

  2. Electronics and Telecommunications Research Institute, Daejeon, Korea (Republic of)

    Dooho Choi

A Performance Evaluation of Reasonable Hamming Weight Estimator Functions

A Performance Evaluation of Reasonable Hamming Weight Estimator Functions

Both reasonable Hamming weight estimator functions, Cho’s method [2] and Linge’s method [11], effectively calibrate the Hamming weight value in noise-free signals. On the contrary, in noisy environments, they are likely to have different performances. This section shows the performance evaluation of both in various SNR scenarios.

In this experiment, we consider simulation traces manipulating 8-bit random mask generation. For the sake of comparison, 6 different simulation traces of varying SNR were generated for exploitation in this experiment. Each type includes different white gaussian noise which is generated in MATLAB (simulator is described in Sect. 5.1 in detail). In this experiment, for each SNR, we run 50 experiments of 40, 000 simulation traces i.e. in total \(40,000\times 50=2,000,000\) traces are used for a certain SNR.

Table 3 shows that the SNR is proportional to success rate. White indicates that success rate of Linge’s method is higher than Cho’s, while dark gray in contrast to white. For both methods, the closer to 0 or 8 the Hamming weight, the lower the success rate. However, Linge’s method outperforms Cho’s for most Hamming weights except for 3–5, while the total resolution of Cho’s scheme is higher than the other on noisier traces.

Table 3. Success rates of both Hamming weight estimator functions (Linge’s method / Cho’s method)
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ahn, H., Hanley, N., O’Neill, M., Han, DG. (2016). An Improved Second-Order Power Analysis Attack Based on a New Refined Expecter. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31875-2_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31874-5

  • Online ISBN: 978-3-319-31875-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation