Advertisement

Overcoming Significant Noise: Correlation-Template-Induction Attack

  • An Wang
  • Man Chen
  • Zongyue Wang
  • Yaoling Ding
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7232)

Abstract

Due to low Signal to Noise Ratio (SNR) in general experimental environments, previous attack methods such as correlation power analysis (CPA) do not always screen out the correct key value. Sometimes the success rate of the attack is so slight that we have to find other ways to make certain of the prosperity. In this paper, rather than adopting the traditional means of singling out a single key value, we suggest a way of setting up a threshold for the attack. Accordingly, we propose a feasible method to filter the inherently enlarging candidate key space, which is called correlation-template-induction attack. The method contains three steps: First, we apply a variation of CPA and get a set of candidate key values. Then, we filter the candidate key space with template attack, which is easy to implement and requires encryptions of just a few input data to screen out the correct key. Next, to achieve optimal of our attack, we mix the concept of induction together with our attack. The experimental results given in this article on an AES smart card implementation guarantee the effectiveness of our method.

Keywords

power analysis attack correlation power analysis template attack correlation-template-induction attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agrawal, D., Rao, J.R., Rohatgi, P.: Multi-channel Attacks. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 2–16. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Bogdanov, A., Kizhvatov, I.: Beyond the Limits of DPA: Combined Side-Channel Collision Attacks. Cryptology ePrint Achieve, Report 2010/590, to appear in IEEE Transactions on Computers (2010), http://eprint.iacr.org/
  3. 3.
    Bogdanov, A.: Improved Side-channel Collision Attacks on AES. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 84–95. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A.: Multiple-Differential Side-Channel Collision Attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 30–44. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Chair, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  10. 10.
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Oswald, E., Parr, C.: Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Plos, T.: Susceptibility of UHF RFID Tags to Electromagnetic Analysis. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 288–300. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Schramm, K., Leander, G., Felke, P., Parr, C.: A Collision-Attack on AES Combining Side Channel- and Differential- Attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163-175. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Schramm, K., Wollinger, T.J., Paar, C.: A New Class of Collision Attacks and Its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • An Wang
    • 1
  • Man Chen
    • 2
  • Zongyue Wang
    • 2
  • Yaoling Ding
    • 3
  1. 1.Institute for Advanced StudyTsinghua UniversityBeijingChina
  2. 2.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityJinanChina
  3. 3.Department of Computer Science and TechnologyTsinghua UniversityBeijingChina

Personalised recommendations