Maamar Ouladj - Side-Channel Analysis of Embedded Systems: An Efficient Algorithmic Approach

Todays digital era connects everyone and everything in between through the Internet of Things (IoTs). That situation leads to an omnipresence of embedded systems in our daily life endowed with integrated capability to run cryptographic protocols (consumer electronics, telecommunication and industrial appliances, governmental and military systems, etc.). Those need to manage authorized access, firmware integrity, life-cycle irreversible steps, and so on. Thus, the functional correctness of IoTs is an absolute prerequisite. Nevertheless, unless suitable care is given, cryptographic protocol implementations in both software and hardware happen to leak sensitive information during their execution. Side-Channel Attacks (SCA) is a scientific field whose purpose is the analysis of this leaked information, in order to recover the secret parameters of the protocols. In the seminal paper on Side-Channel Attacks (SCA), published by Kocher et al. [], or a contention for Central Processing Unit (CPU) resources such as cache memories.

In practice, small devices (such as smart cards) are common targets of SCA. But, also larger devices such as smartphones and computers can be attacked through their side-channel leakage [].

The first step requires some acquisition skills, which is typically carried out by automated experimental benches, as, for instance, described in Chap. 3 of []. The second step is essentially agnostic with respect to the attacked device, in that it consists in distinguishing the correct secret key from several hypotheses.

As stated in the SCA literature, according to the adversary abilities (knowing or not the leakage model of the device, having or not a copy of this target device, ...), the optimal attack is either the Correlation Power Analysis (CPA) [].

Instead of carrying out an SCA straightforwardly on the raw traces, one can carry it out using the averaged leakage per message value []. In this book, we first generalize the use of the Walsh-Hadamard transform for any situation. Consequently, using both of the coalescence principle, the spectral approach, and others optimizations, we provide several improvements of the implementation complexity in both of CPA, LRA, and the Template attacks. All these improvements of the complexities are conflated and put in perspective in this book. They lead asymptotically to optimal SCA assaults, from a computational standpoint, even in presence of countermeasures.

The attacks will be illustrated throughout this book on the running example of the Advanced Encryption Standard (AES []).

Outline and Contributions

The present book is structured in three parts. The first part consists in the state of the art about known attacks. The second part contains the efficient processing of the prominent attacks put forward in the first part.

The beginning of the Part I provides a state of the art of Side-Channel Analyses (SCAs) through three chapters. Chapter consists in some foundations of side-channel attacks. Namely, a general framework of SCA is introduced, then different leakage models are given, and eventually different security metrics are defined. Also we introduce different techniques used for trace pre-processing, leakage-wise.

Chapter tackles the most important side-channel distinguishers. Namely, we introduce Simple Power Analysis (SPA), Differential Power Analysis (DPA), Correlation Power Analysis (CPA, either using Pearson or rank-based statistics), Covariance-Based Distinguisher, Collision Side-Channel Attacks, Mutual Information Analysis (MIA), Kolmogorov-Smirnov Distance (KS)-based distinguisher, Chi-squared Test (Chi-2-Test)-based distinguisher, Template Attack (TA), Linear Regression-based Side-Channel Attacks (LRA), Machine Learning Distinguishers, and the most recent Higher Order Optimal Distinguisher (HOOD).

In Chap. , we introduce the different countermeasures aiming at stymying SCA attacks, namely, the hiding (on the time/amplitude dimension) and the masking techniques. For the time dimensions hiding, we introduce both of the random insertion of dummy operations, the jittering, and the shuffling of operations. For the amplitude dimensions hiding, we introduce the two complementary techniques for reducing the Signal-to-Noise Ratio (SNR), namely, the noise increase and the signal reduction. For the masking countermeasure, we introduce different known masking schemes, namely, the Boolean Masking (BM), the Multiplicative Masking (MM), the Affine Masking (AfM), the Arithmetic Masking (ArM), the Polynomials-based Masking (PM), Leakage Squeezing Masking (LSM), the Rotating S-boxes Masking (RSM), the Inner Product Masking (IPM), and the most recent Direct Sum Masking (DSM) schemes. After that, we introduce an extension of the DSM to a so-called Multi-shares Direct Sum Masking (DSM).