Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Xinjie Zhao,Tao Wang,Shize Guo,Fan Zhang,Zhijie Shi,Huiying Liu,Kehui Wu

2011-01-01

Abstract:Introduced in 2009, Algebraic Side-Channel Attack (ASCA) has become a very effective cryptanalysis technique that is different from conventional side-channel attacks such as DPA and CPA. In this paper, we propose an innovative and generic attack framework named as SATETASCA (SAT based Error Tolerant Algebraic Side-Channel Attack). The proposed framework is effective even if the leakage information is not accurate and has large variants or errors. We show its generality by successfully launching SAT-ETASCA to AES on two different platforms, using different types of leakages. The first attack is to an AES implementation on an 8-bit microcontroller, using the Hamming weight leakage model. We demonstrate that SAT-ETASCA can recover the full key even when the obtained leakage information has about 60% errors. The second attack is based on an innovative idea of applying the external cache …

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Zhe Liu,Jean-Francois Gallais

DOI: https://doi.org/10.1016/j.cose.2013.07.002

IF: 5.105

2013-01-01

Computers & Security

Abstract:Existing trace driven cache attacks (TDCAs) can only analyze the cache events in the first two rounds or the last round of AES, which limits the efficiency of the attacks. Recently, Zhao et al. proposed the multiple deductions-based algebraic side-channel attack (MDASCA) to cope with the errors in leakage measurements and to exploit new leakage models. Their preliminary results showed that MDASCA can improve TDCAs and attack the AES implemented with a compact lookup table of 256 bytes. This paper performs a comprehensive study of MDASCA-based TDCAs (MDATDCA) on most of the AES implementations that are widely used. First, the key recovery in TDCA is depicted by an abstract model regardless of the specific attack techniques. Then, the previous work of TDCAs on AES is classified into three types and its limitations are analyzed. How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA. Extensive experiments are conducted under different implementations, attack scenarios and key lengths of AES. The experimental results are consistent with the theoretical analysis. Many improvements are achieved. For the first time, we show that TDCAs on AES-192 and AES-256 become possible with the MDATDCA technique. Our work attests that combining TDCAs with algebraic techniques is a very efficient way to improve cache attacks.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Pengfei Guo,Yingjian Yan,Fan Zhang,Chunsheng Zhu,Lichao Zhang,Zibin Dai

DOI: https://doi.org/10.1016/j.cose.2023.103255

2023-04-10

Abstract:Cryptographic devices are vulnerable to side-channel attacks, which have attracted broad attention in the hardware security field. The side-channel analysis framework proposed at Eurocrypt 2009 has been widely adopted in academia, containing key elements such as points of interest, leakage models, distinguishers, and security metrics. This classical framework, however, is not intuitively compatible with recent micro-architectural attacks such as cache attacks, therefore, few attempts have been made to link them. In this paper, we extend the classical side-channel analysis framework and migrate its ideas to access-driven cache attacks. We find that cache attacks can be effectively incorporated into this framework. Specifically, we propose a leakage model called cache access pattern vector according to the cache timing leakage characteristics. Furthermore, we propose data preprocessing schemes such as noise reduction, dimensionality reduction, and vector expansion to implement efficient attacks. Subsequently, we proposed seven distinguishers in three categories: difference of means-based analysis, vector distance-based analysis, and mutual information-based analysis. Moreover, we attacked the last round of the AES fast software implementation algorithm based on the Chipyard platform. According to the experimental results, all proposed methods can successfully extract the key, and five of them are comparable to mainstream cache analysis in attack efficiency. Finally, we evaluate the five efficient distinguishers under three different cache micro-architectures using guessing entropy. Based on the experimental environment of this paper, vector distance-based distinguishers have the best attack efficiency, and the difference of mean-based analysis has the worst. Surprisingly, the most general mutual information-based attacks can achieve excellent medium results in a few attack rounds without the help of static analysis tools. Meanwhile, the experimental results demonstrate that cache micro-architecture directly impacts the attack effect, in which the smaller cache line size benefits the attacks, while the random replacement policy increases the noise and difficulty of the attacks.

computer science, information systems

Xiaoxuan Lou,Fan Zhang,Guorui Xu,Ziyuan Liang,Xinjie Zhao,Shize Guo,Kui Ren

DOI: https://doi.org/10.1007/978-3-030-42921-8_29

2020-01-01

Abstract:Block ciphers with Feistel structures are vulnerable to a specific type of cache attacks named differential cache attacks. The attacks leverage side-channel leakages from cache and differential property of cipher component to reveal the master key of cipher. In this paper, we combine the algebraic analysis to enhance the attacks, and propose a novel method named Algebraic Differential Cache Attack (ADCA). By converting both cipher and cache leakages to algebraic equations, ADCA can reveal the cipher key automatically with the help of the SAT solver, which allows the analysis on much deeper rounds and makes a considerable reduction in attack complexity. When it is applied to the block cipher SM4, 10 plaintexts are enough to reveal the master key in 8-rounds analysis, while the traditional differential cache attack needs 20 ones. Finally, to eliminate the impact from noise, an error-tolerant method is proposed to deduce cache events from the leakage traces. It vastly enhances the robustness of attack, and makes the attack more practical. The experimental results show that the error-tolerant ADCA can correctly reveal the master key even when the uncertainty rate of cache events reaches to 60%.

Ling Song,Lei Hu,Siwei Sun,Zhang Zhang,Danping Shi,Ronglin Hao

DOI: https://doi.org/10.1007/978-3-319-21966-0_1

2015-01-01

Abstract:Algebraic side-channel attacks are a type of side-channel analysis which can recover the secret information with a small number of samples (e.g., power traces). However, this type of side-channel analysis is sensitive to measurement errors which may make the attacks fail. In this paper, we propose a new method of algebraic side-channel attacks which considers noisy leakages as integers restricted to intervals and finds out the secret information with the help of a constraint programming compiler named BEE. To demonstrate the efficiency of this new method in algebraic side-channel attacks, we analyze some popular implementations of block ciphers-PRESENT, AES, and SIMON under the Hamming weight or Hamming distance leakage model. For AES, our method requires the least leakages compared with existing works under the same error model. For both PRESENT and SIMON, we provide the first analytical results of them under algebraic side-channel attacks in the presence of errors. To further demonstrate the wide applicability of this new method, we also extend it to cold boot attacks. In the cold boot attacks against AES, our method increases the success rate by over 25% than previous works.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.

Shuai Wang,Yuyan Bao,Xiao Liu,Pei Wang,Danfeng Zhang,Dinghao Wu

DOI: https://doi.org/10.48550/arXiv.1905.13332

2019-05-31

Abstract:Cache-based side channels enable a dedicated attacker to reveal program secrets by measuring the cache access patterns. Practical attacks have been shown against real-world crypto algorithm implementations such as RSA, AES, and ElGamal. By far, identifying information leaks due to cache-based side channels, either in a static or dynamic manner, remains a challenge: the existing approaches fail to offer high precision, full coverage, and good scalability simultaneously, thus impeding their practical use in real-world scenarios. In this paper, we propose a novel static analysis method on binaries to detect cache-based side channels. We use abstract interpretation to reason on program states with respect to abstract values at each program point. To make such abstract interpretation scalable to real-world cryptosystems while offering high precision and full coverage, we propose a novel abstract domain called the Secret-Augmented Symbolic domain (SAS). SAS tracks program secrets and dependencies on them for precision, while it tracks only coarse-grained public information for scalability. We have implemented the proposed technique into a practical tool named CacheS and evaluated it on the implementations of widely-used cryptographic algorithms in real-world crypto libraries, including Libgcrypt, OpenSSL, and mbedTLS. CacheS successfully confirmed a total of 154 information leaks reported by previous research and 54 leaks that were previously unknown. We have reported our findings to the developers. And they confirmed that many of those unknown information leaks do lead to potential side channels.

Cryptography and Security

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

Weiwei Shan,Shuai Zhang,Jiaming Xu,Minyi Lu,Longxing Shi,Jun Yang

DOI: https://doi.org/10.1109/jssc.2019.2953855

IF: 5.4

2019-01-01

IEEE Journal of Solid-State Circuits

Abstract:Hardware countermeasure of side channel attack (SCA) becomes necessary to protect crypto circuits. Many countermeasures endured large area and power consumption. We propose a SCA-resistant methodology based on machine learning, which compensates the Hamming distance (HD) probability of the intermediate data directly. By making the HD probabilities unable to be distinguished from correct and incorrect sub-keys, it provides resistance to SCA. Optimum HD redistribution is obtained by a machine learning algorithm and then sent to the compensation circuit. Applied in an Advanced Encryption Standard (AES)-128 circuit, the whole compensated circuit is implemented on a 28-nm CMOS process. The experimental results show that it resists correlation-based SCA with 1.5 million traces, corresponding to 446 $\times $ improvements of measures to disclosure compared with a nonprotected AES circuit. In addition, it has no impact on the frequency and throughput rate, and its power overhead of 38% and area overhead of 36% are relatively low, making it suitable for resource-constrained encryption circuits.

Takaya Kubota,Kota Yoshida,Mitsuru Shiozaki,Takeshi Fujino

DOI: https://doi.org/10.1016/j.micpro.2020.103383

IF: 3.503

2021-11-01

Microprocessors and Microsystems

Abstract:<p>In the field of image recognition, machine learning technologies, especially deep learning, have been rapidly advancing alongside the advances of hardware such as GPUs. In image recognition, in general, large numbers of labeled images to be identified are input to a neural network, and repeatedly learning the images enables the neural network to identify objects with high accuracy. A new profiling side-channel attack method, the deep learning side-channel attack (DL-SCA), utilizes the neural network's high identifying ability to unveil a cryptographic module's secret key from side-channel information. In DL-SCAs, the neural network is trained with power waveforms captured from a target cryptographic module, and the trained network extracts the leaky part that depends on the secret. However, at this stage, the main target of investigation has been software implementation, and studies regarding hardware implementation, such as ASIC, are somewhat lacking. In this paper, we first depict deep learning techniques, profiling side-channel attacks, and leak models to clarify the relation between secret and side channels. Next, we investigate the use of DL-SCA against hardware implementations of AES and discuss the problem derived from the Hamming distance model and ShiftRow operation of AES. To solve the problem, we propose a new network training method called "mixed model dataset based on round-round XORed value." We prove that our proposal solves the problem and gives the attack capability to neural networks. We also compare the attack performance and characteristics of DL-SCA to conventional analysis methods such as correlation power analysis and conventional template attack. In our experiment, a dedicated ASIC chip for side-channel analysis is utilized and the chip is also equipped with a side-channel countermeasure AES. We show how DL-SCA can recover secret keys against the side-channel countermeasure circuit. Our results demonstrate that DL-SCA can be a more powerful option against side-channel countermeasure implementations than conventional SCAs.</p>

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Qingyun Zou,Xiaoxin Cui,Zhenhui Dai,Yisong Kuang,Yi Zhong,Chenglong Zou,Xiaole Cui

DOI: https://doi.org/10.1587/elex.18.20210309

2021-01-01

IEICE Electronics Express

Abstract:An asynchronous Advanced Encryption Standard (AES) cryptographic processor for low-area and side-channel attack (SCA) resistant applications is introduced. To reduce the area and power, two Substituting Byte blocks (S-Boxes) are reused in key expansion and the data encryption module, respectively. To mitigate SCA, we adopt asynchronous dual-rail logic with dual-rail balanced logic and new dual-rail spacer latch. Common and Machine learning (ML) SCA simulations are performed to validate SCA resistance. To the best of our knowledge, we are the first ones to perform the ML SCA evaluations on asynchronous AES. Simulation results with 200K power traces demonstrate that our asynchronous AES is immune to the attacks. Our proposed asynchronous AES occupies an area of 0.016 mm(2) in TSMC 28 nm technology and consumes 1 nJ per encryption at a supply voltage of 0.9 V.

Weiwei Shan,Shuai Zhang,Yukun He

DOI: https://doi.org/10.1049/el.2017.1460

2017-01-01

Electronics Letters

Abstract:Side channel analysis (SCA) is effective to reveal the key of crypto devices by applying statistical analysis to a number of power traces, thus hardware countermeasure is necessary to protect the crypto circuits. A SCA-resistance methodology by machine learning trained power compensation module is proposed to compensate the probability of hamming distance (HD) of the intermediate data directly, to make it unable to be distinguished from correct and incorrect sub-key, thus providing resistance to SCA. The machine learning algorithm is used to find out the best HD redistribution mapping by using neural dynamic programming. Implemented on an AES-128 encryption algorithm circuit on a Xilinx Spartan-6 FPGA mounted on a SAKURA-G board, experimental SCA results show that it can provide more than 200 x measures to disclosure and still has no sign to reveal the advanced encryption standard (AES) sub-key. In addition, it has low power and area overhead and zero frequency overhead, thus is appropriate for hardware implementation of SCA countermeasure.

Wei Yang,Yuchen Cao,Yongbin Zhou,Hailong Zhang,Qian Zhang

DOI: https://doi.org/10.1109/lsp.2016.2521441

2016-01-01

IEEE Signal Processing Letters

Abstract:Side Channel Attack (SCA) recovers secret information from an embedded device with implementation of cryptographic algorithm by exploiting its physical leakages. For most SCA methods to achieve good performance, the measured leakages are often desired to be well aligned. However, due to some specific reasons such as inaccurate measurements or carefully designed countermeasures, misalignment of leakages frequently occurs in practice. Misalignment significantly reduces the efficiency of SCA methods, or even makes them fail. To address this issue, two alignment approaches are proposed: a local alignment based on shotgun distance and a global alignment based on weighted edit distance. Compared with previous methods, the proposed methods are capable of keeping the secret dependant leakages, while not introducing any redundant information. In addition, the proposed methods could also reduce the negative effects of noise, which is another factor seriously decreasing the efficiency of SCA methods. Interestingly, it is pretty easy to set appropriate parameters for these two methods. Practical experiments show that the proposed methods outperform previous methods in three different circumstances and different noise levels.

Yohaï-Eliel Berreby,Laurent Sauvage

2023-09-23

Abstract:Over the past few years, deep learning has been getting progressively more popular for the exploitation of side-channel vulnerabilities in embedded cryptographic applications, as it offers advantages in terms of the amount of attack traces required for effective key recovery. A number of effective attacks using neural networks have already been published, but reducing their cost in terms of the amount of computing resources and data required is an ever-present goal, which we pursue in this work. We focus on the ANSSI Side-Channel Attack Database (ASCAD), and produce a JAX-based framework for deep-learning-based SCA, with which we reproduce a selection of previous results and build upon them in an attempt to improve their performance. We also investigate the effectiveness of various Transformer-based models.

Cryptography and Security,Artificial Intelligence

Qiang Zhou,Baolei Mao,Maoyuan Qin,Wei Hu,Fanfei Meng,Mingzhu Fang

DOI: https://doi.org/10.1109/iccc59590.2023.10507675

2023-01-01

Abstract:Side-channel attacks have been proven to be effective for retrieving secret keys by exploiting implementation vulnerabilities in encryption function. In recent years, deep learning techniques have been integrated into profiled side-channel attacks to achieve outstanding results. However, most state-of-the-art work only conducts attacks under ideal conditions where the profiling device (template device) and the target device are identical. The profiling traces are from the profiling device and the attack traces are from the target device. Unfortunately, constructing a template device is challenging and a flawed template device will lead to discrepancies between the profiling and the target devices. This inconsistent data distribution and discrepancies hamper the profiled SCA. To address these issues, we propose a domain generalization-based side-channel attack architecture called DGSCA. Especially, We simulate a scenario where the acquisition of target data is challenging and can’t be used for model training. Initially, we combine the Deep CORAL method with Mixup to deserve domain invariant representations across source domains. Subsequently, we integrate meta-learning into the DGSCA framework to enhance the model’s generalization ability, which is accomplished by randomly partitioning the source and target domains and leveraging the knowledge gained from the source domain to improve the attack result in the target domain. Moreover, we implement four different deep learning models (MLP, CNN, ResNet, DenseNet) and evaluate the DGSCA framework using the publicly available ASCAD dataset. The experimental results on the ASCAD desynchronous dataset show that our method successfully recovers the key within 1665 traces and demonstrate the scalability and generality of our proposed framework.

Zhong Zeng,Dawu Gu,Junrong Liu,Zheng Guo

DOI: https://doi.org/10.1109/CIS.2014.80

2014-01-01

Abstract:Side-channel attack (SCA) is a very efficient cryptanalysis technology to attack cryptographic devices. It takes advantage of physical information leakages to recover the cryptographic key. In order to strengthen the power to extract the cryptographic key-relevant information, this article introduces the Support Vector Machine technologies. Taking a software implementation of masked AES-256 on an Atmel ATMega-163 smart card, we applied an improved profiled side-channel attack to recover the cryptographic key. The current best result of our attack is able to recover the first 128 bits key using only one power trace.

HOU Fang-yong,GU Da-wu,LI Xiao-yong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.08.016

2007-01-01

Abstract:Side-channel attacks bring forth serious threat to cryptography security; it reduces the complexity of cryptanalysis by utilizing some characteristics in hardware/software implementation of the cipher. Being the main encryption standard for the present time and the future, the security of AES is of a special importance However, recent researches have revealed that, AES cipher program on mainstream computing platforms may suffer from one kind of attack resulted from the leaked running information through Cache. According to related research, this paper proposes the basic processes of such attack, describes its current status and progresses, analyzes its feasibility in real world, and explains the countermeasures and suggestions.

Jiliang Zhang,Congcong Chen,Jinhua Cui,Keqin Li

DOI: https://doi.org/10.1145/3645109

IF: 16.6

2024-02-07

ACM Computing Surveys

Abstract:Microarchitectural vulnerabilities, such as Meltdown and Spectre, exploit subtle microarchitecture state to steal the user’s secret data and even compromise the operating systems (OSes). In recent years, considerable discussion lies in understanding the attack-defense mechanisms and exploitability of such vulnerabilities. Unfortunately, there have been few investigations into a systematic elaboration of threat models, attack scenarios and requirements, and defense targets of the resulting attacks. In this article, we fill this gap and make the following contributions. We first propose two sets of taxonomies for classifying microarchitectural timing side-channel attacks (MTSCAs) and their countermeasures according to various attack conditions. Based on the taxonomies proposed, we then review published attacks and existing defenses and systematically analyze their internals. In particular, we also provide a comprehensive analysis of the similarities and differences among those attacks, uncovering the corresponding practicality and severity by identifying the attack targets/platforms and the security boundaries that can be bypassed to reveal information. We further examine the scalability of those defenses through specifying expected defense goals and costs. We also discuss corresponding detection methods based on different classifications. Finally, we propose several key challenges of existing countermeasures and the attack trends, and discuss directions for future research.

computer science, theory & methods