Wenlong Cao,Fan Huang,Mengce Zheng,Honggang Hu

DOI: https://doi.org/10.1109/cis52066.2020.00066

2020-01-01

Abstract:Field-programmable gate arrays (FPGAs) are widely used in many fields because of their low power consumption, easy design and good performance. For applications running on FPGAs, security is very important. A lot of researches have been done on the security issue of FPGA implementations, many attacks and countermeasures have been proposed. The dual complementary strategy is a countermeasure designed to thwart side channel attacks. In this paper, we perform Correlation Power Analysis (CPA) against dual complementary AES implemented on the SAKURA-G FPGA board. For dual complementary AES with constant Hamming Weight (HW) value, which is demonstrated to be robust against CPA based on HW model, we successfully recover the secret key using Hamming Distance (HD) and Switching Distance (SD) models with 2,000 power traces. For dual complementary AES with constant HD, 16,000 resp. 10,000 power traces are required to recover the key with HD resp. SD model.

Wenhai Zhou,Fan-tong Kong

DOI: https://doi.org/10.1109/ICCT46805.2019.8947185

2019-10-01

Abstract:Correlative electromagnetic side channel attack (CEMA) is a common and effective method in side channel attacks. However, a large amount of data acquisition and processing restricts the time of key cracking. This paper proposes a fast side channel attack method, which encrypts the selected plaintexts and filters the collected electromagnetic data on frequency domain, and then performs CEMA analysis. Finally, only 150 pieces of electromagnetic data are used to successfully crack all the keys of the advanced encryption standard (AES) cryptographic algorithm, and the cracking time is reduced to 1/50 of the traditional method.

Engineering,Computer Science

Xiaofei Dong,Fan Zhang,Samiya Queshi,Yiran Zhang,Ziyuan Liang,Bolin Yang,Feng Gao

DOI: https://doi.org/10.1109/asianhost.2018.8607162

2018-01-01

Abstract:Random delay insertion is a simple yet rather effective technique to increase the difficulty for traditional power analysis. However as compared to the random masking technique, it is uncommonly used as a countermeasure considering the frequency analysis. In this paper, it is investigated that the frequency analysis may not work as efficiently as expected when facing to advanced random delay countermeasures. Hence, a novel attack is proposed which is in the wavelet domain. After preprocessing the wavelet coefficients of power traces with wavelet decomposition, the effects of multiple random delays can be removed. Two attack strategies are proposed to recover the secret key: either indirectly from the reconstructed power traces without random delays or directly from the processed wavelet coefficients. Our experimental results show that the wavelet-based power analysis attack can perform much better than those frequency-based ones, which is evaluated through several standard metrics to show the efficiency and robustness.

Hongying Liu,Guoyu Qian,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.55

2010-01-01

Abstract:As one of the effective side-channel attacks that threaten the security of cryptographic devices, Correlation Power Analysis (CPA) attacks exploit the linear relation between the known power consumption and the predicted power consumption of cryptographic devices to recover keys. A robust cryptographic algorithm should endure both the cryptanalysis from software and hardware implementations. Researches have focused on the security examination of AES (Advanced Encryption Standard). In this paper, we present the CPA attack with the Switching Distance model against an AES implementation on ASIC. Compared with the leakage model of Hamming Distance, the power traces of recovering keys have been decreased by as much as 25%. These should cause more attention of security experts.

Qianmei Wu,Fan Zhang,Shize Guo,Kun Yang,Haoting Shen

DOI: https://doi.org/10.1109/tc.2024.3416682

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:As a common defense against side-channel attacks, random delay insertion introduces noise into the executive flow of encryption, which increases attack complexity. Accordingly, various techniques are exploited to mitigate the defense effect of such insertions. As an advanced mathematical technique, wavelet analysis is considered to be a more effective technology according to its detailed and comprehensive interpretation of signals. In this paper, we propose a unified and fully automated wavelet-based attack framework (denoted as UWAF), whose data processing is kept within one unified wavelet domain, with three enhanced components: denoising, alignment and key extraction. We put forward a new idea of combining machine learning with wavelet analysis to realize the full automation of the program for attack framework, rendering it possible to search exhaustively for the optimal combination of parameter settings in wavelet transform. Our proposal finds a new setting of wavelet parameters that have not been exploited ever before and achieves the performance enhancement for about 20 times fewer traces required for successful key recovery. UWAF is compared with several mainstream attack frameworks. Experimental results show that it outperforms those counterparts, and can be considered as an effective framework-level solution to defeat the countermeasure of random delay insertion.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang,Fan Zhang,Pengfei He

DOI: https://doi.org/10.1109/cc.2017.8068768

2017-01-01

China Communications

Abstract:Correlation power analysis (CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts (RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition (EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions (IMFs), we extract a certain intrinsic mode function (IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.

Qingsheng Hu,Xiangning Fan,Qiaowei Zhang

DOI: https://doi.org/10.1109/cyberc.2019.00019

2019-01-01

Abstract:In order to improve the efficiency of side-channel attack and reduce attack costs, an effective differential power analysis (DPA) method for advanced encryption standard (AES) is presented. By building the power acquisition platform based on current main stream EDA tools, a lot of power consumption traces can be achieved with ease. In addition, a critical distinguishing function is investigated so as to the key recovering can be more efficient and practical. Finally, two attacking experiments using our analytical method for AES are performed based on the developed DPA platform. Simulation results show that the key of the AES can be cracked correctly illustrating our analytical method has high effectiveness.

Hongying Liu,Yukiyasu Tsuoo,Yibo Fan,Bin Hu,Satoshi Goto

DOI: https://doi.org/10.2299/jsp.16.241

2012-01-01

Journal of Signal Processing

Abstract:Electromagnetic emissions leak confidential data of cryptographic devices. By exploiting such emissions, electromagnetic analysis (EMA) is performed with EM probes to extract secret information from these devices. Owing to the locality of EM emissions, namely, secret information may leak from multiple locations around cryptographic devices, it is difficult to determine the exact location before conducting an EMA. In this paper, signal variance of EM emissions during encryption is proposed to identify the information leakage of unprotected and protected cryptographic modules. We prove that signal variance is an equivalent metric to Difference of Means (DoM). Thus, by computing the higher signal variances based on near-field scan, the data-dependent EM emissions are disclosed, namely, the leakage locations are found. In addition, a small and low-cost probe is made to verify the proposed EMA on application-specific integrated circuit (ASIC) implementations. The experiment on AES PPRM1 implementation indicates that misjudgments of leakage are reduced, and the accuracy is improved 48.6% compared with existing methods. Moreover, the experiment of EMA against AES WDDL implementation shows that signal variance is also effective in exposing the leakage locations in the presence of countermeasures. The performance of EMA is enhanced.

Martin Hell,Oskar Westman

DOI: https://doi.org/10.37936/ecti-cit.2020142.239925

2020-06-03

Abstract:Side-channel attacks on cryptographic algorithms targets the implementation of the algorithm. Information can leak from the implementation in several different ways and, in this paper, electromagnetic radiation from an FPGA is considered. We examine to which extent key information from an AES implementation can be deduced using a low-end oscilloscope. Moreover, we examine how the antenna's distance from the FPGA affects the results in this setting. Our experiments show that some key bits indeed can be inferred from the measurements, despite having a far from optimal setting.

Jie Li,Weiwei Shan,Yuxiang Lü,Huafang Sun

DOI: https://doi.org/10.3969/j.issn.1001-0505.2012.06.008

2012-01-01

Abstract:With the threat of differential power analysis (DPA, a type of side channel attack) to encryption devices, a new DPA countermeasure method is proposed and implemented on data encryption standard (DES) algorithm, using "asymmetric" mask technique which introduces asymmetrical random transformation to eliminate the relevance between power consumption and the key in order to resist DPA attack. Its hardware implementation was designed and realized on FPGA(field-programmable gate array). Then, a real power analysis attack FPGA platform is built to test the proposed DES as well as the unprotected DES respectively. The experiment results show that even when the power samples and analyzing time are nearly 5 times larger than the unprotected DES, our improved DES still cannot be attacked to gain the right key by Correlation Power Analysis. Therefore, the "asymmetric" mask technique is effective in resisting correlation power analysis.

LIU Zheng-lin,HAN Yu,ZOU Xue-cheng,CHEN Yi-cheng

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.03.006

2008-01-01

Abstract:The power consumption of a digital circuit implemented in the CMOS technology depends on the data that the circuit is processing. Power analysis attacks based on the fact pose a serious threat to cryptographic devices for extracting secret data. In this paper, we discuss the vulnerability of AES hardware implementations, and present the hypothetical circuit model. We also assess the susceptibility to differential power analysis (DPA) and correlation power analysis (CPA) attacks using different statistical methods in theoretical estimation. Furthermore, we give some possible hardware countermeasures against PA attacks.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji,Jing Huang

DOI: https://doi.org/10.1016/j.jss.2012.11.007

IF: 3.5

2013-01-01

Journal of Systems and Software

Abstract:The side-channel cube attack (SCCA) is a powerful cryptanalysis technique that combines the side-channel and cube attack. This paper proposes several advanced techniques to improve the Hamming weight-based SCCA (HW-SCCA) on the block cipher PRESENT. The new techniques utilize non-linear equations and an iterative scheme to extract more information from leakage. The new attacks need only 2^8^.^9^5 chosen plaintexts to recover 72 key bits of PRESENT-80 and 2^9^.^7^8 chosen plaintexts to recover 121 key bits of PRESENT-128. To the best of our knowledge, these are the most efficient SCCAs on PRESENT-80/128. To show the feasibility of the proposed techniques, real attacks have been conducted on PRESENT on an 8-bit microcontroller, which are the first SCCAs on PRESENT on a real device. The proposed HW-SCCA can successfully break PRESENT implementations even if they have some countermeasures such as random delay and masking.

Yu Han,Xuecheng Zou,Zhenglin Liu,Yi-Cheng Chen

DOI: https://doi.org/10.4236/ijcns.2008.11010

2008-01-01

Abstract:This paper presents an effective way to enhance power analysis attacks on AES hardware implementations.The proposed attack adopts hamming difference of intermediate results as power mode.It arranges plaintext inputs to differentiate power traces to the maximal probability.A simulation-based AES ASIC implementation and experimental platform are built.Various power attacks are conducted on our AES hardware implementation.Unlike on software implementations, conventional power attacks on hardware implementations may not succeed or require more computations.However, the method we proposed effectively improves the success rate using acceptable number of power traces and fewer computations.Furthermore from experimental data, the correlation factor between the hamming distance of key guesses and the difference of DPA traces has the value 0.9233 to validate power model and attack results.

ShuaiWei Zhang,XiaoYuan Yang,Lin Chen,Weidong Zhong

DOI: https://doi.org/10.1155/2019/6124165

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:Side-channel attacks on cryptographic chips in embedded systems have been attracting considerable interest from the field of information security in recent years. Many research studies have contributed to improve the side-channel attack efficiency, in which most of the works assume the noise of the encryption signal has a linear stable Gaussian distribution. However, their performances of noise reduction were moderate. Thus, in this paper, we describe a highly effective data-preprocessing technique for noise reduction based on empirical mode decomposition (EMD) and demonstrate its application for a side-channel attack. EMD is a time-frequency analysis method for nonlinear unstable signal processing, which requires no prior knowledge about the cryptographic chip. During the procedure of data preprocessing, the collected traces will be self-adaptably decomposed into sum of several intrinsic mode functions (IMF) based on their own characteristics. And then, meaningful IMF will be reorganized to reduce its noise and increase the efficiency of key recovering through correlation power analysis attack. This technique decreases the total number of traces for key recovering by 17.7%, compared to traditional attack methods, which is verified by attack efficiency analysis of the SM4 block cipher algorithm on the FPGA power consumption analysis platform.

Weiwei Shan,Shuai Zhang,Yukun He

DOI: https://doi.org/10.1049/el.2017.1460

2017-01-01

Electronics Letters

Abstract:Side channel analysis (SCA) is effective to reveal the key of crypto devices by applying statistical analysis to a number of power traces, thus hardware countermeasure is necessary to protect the crypto circuits. A SCA-resistance methodology by machine learning trained power compensation module is proposed to compensate the probability of hamming distance (HD) of the intermediate data directly, to make it unable to be distinguished from correct and incorrect sub-key, thus providing resistance to SCA. The machine learning algorithm is used to find out the best HD redistribution mapping by using neural dynamic programming. Implemented on an AES-128 encryption algorithm circuit on a Xilinx Spartan-6 FPGA mounted on a SAKURA-G board, experimental SCA results show that it can provide more than 200 x measures to disclosure and still has no sign to reveal the advanced encryption standard (AES) sub-key. In addition, it has low power and area overhead and zero frequency overhead, thus is appropriate for hardware implementation of SCA countermeasure.

李元,刘政林,邹雪城,韩煜,陈毅成

IF: 1.992

2008-01-01

Microelectronics Journal

Abstract:An Atmel AT89C55 microcontroller was used to construct a real attack platform of cipher circuits.Power analyses against opcode and operand were conducted on this low-cost platform.Measured results showed that there existed a linear relationship between hamming weight of changing operand and difference of measuring power.Unit hamming weight would cause approximately 5 mV of power deviation under experimental conditions.Using differential power analysis (DPA)and correlation power analysis (CPA), the encrypted operation of advanced encryption standard (AES)was attacked.Experimental results showed that the CPA method had a higher success rate, and the1 number of plaintext samples and average filtering could significantly affect SNR of correlation coefficients.

Takaya Kubota,Kota Yoshida,Mitsuru Shiozaki,Takeshi Fujino

DOI: https://doi.org/10.1016/j.micpro.2020.103383

IF: 3.503

2021-11-01

Microprocessors and Microsystems

Abstract:<p>In the field of image recognition, machine learning technologies, especially deep learning, have been rapidly advancing alongside the advances of hardware such as GPUs. In image recognition, in general, large numbers of labeled images to be identified are input to a neural network, and repeatedly learning the images enables the neural network to identify objects with high accuracy. A new profiling side-channel attack method, the deep learning side-channel attack (DL-SCA), utilizes the neural network's high identifying ability to unveil a cryptographic module's secret key from side-channel information. In DL-SCAs, the neural network is trained with power waveforms captured from a target cryptographic module, and the trained network extracts the leaky part that depends on the secret. However, at this stage, the main target of investigation has been software implementation, and studies regarding hardware implementation, such as ASIC, are somewhat lacking. In this paper, we first depict deep learning techniques, profiling side-channel attacks, and leak models to clarify the relation between secret and side channels. Next, we investigate the use of DL-SCA against hardware implementations of AES and discuss the problem derived from the Hamming distance model and ShiftRow operation of AES. To solve the problem, we propose a new network training method called "mixed model dataset based on round-round XORed value." We prove that our proposal solves the problem and gives the attack capability to neural networks. We also compare the attack performance and characteristics of DL-SCA to conventional analysis methods such as correlation power analysis and conventional template attack. In our experiment, a dedicated ASIC chip for side-channel analysis is utilized and the chip is also equipped with a side-channel countermeasure AES. We show how DL-SCA can recover secret keys against the side-channel countermeasure circuit. Our results demonstrate that DL-SCA can be a more powerful option against side-channel countermeasure implementations than conventional SCAs.</p>

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Weiwei Shan,Shuai Zhang,Jiaming Xu,Minyi Lu,Longxing Shi,Jun Yang

DOI: https://doi.org/10.1109/jssc.2019.2953855

IF: 5.4

2019-01-01

IEEE Journal of Solid-State Circuits

Abstract:Hardware countermeasure of side channel attack (SCA) becomes necessary to protect crypto circuits. Many countermeasures endured large area and power consumption. We propose a SCA-resistant methodology based on machine learning, which compensates the Hamming distance (HD) probability of the intermediate data directly. By making the HD probabilities unable to be distinguished from correct and incorrect sub-keys, it provides resistance to SCA. Optimum HD redistribution is obtained by a machine learning algorithm and then sent to the compensation circuit. Applied in an Advanced Encryption Standard (AES)-128 circuit, the whole compensated circuit is implemented on a 28-nm CMOS process. The experimental results show that it resists correlation-based SCA with 1.5 million traces, corresponding to 446 $\times $ improvements of measures to disclosure compared with a nonprotected AES circuit. In addition, it has no impact on the frequency and throughput rate, and its power overhead of 38% and area overhead of 36% are relatively low, making it suitable for resource-constrained encryption circuits.

W. Yu,J. Chen

DOI: https://doi.org/10.1049/el.2018.5411

2018-09-01

Electronics Letters

Abstract:A deep learning (DL)‐assisted and combined side‐channel attack (SCA) is exploited to disclose the secret key of an advanced encryption standard (AES) cryptographic circuit with a countermeasure. Different physical leakages of the protected AES cryptographic circuit such as power dissipation and electromagnetic (EM) emission are captured together at first. Then the deep neural networks are utilised to model the relationship between the power noise and the EM noise by analysing the captured power dissipation and EM emission profiles. Ultimately, a special power attack is performed on the protected AES cryptographic circuit to leak the secret key efficiently through using the EM noise to filter the power noise. As demonstrated in the results, for the conventional SCAs, the secret key of the protected AES cryptographic circuit is undisclosed to the adversary even if 1 million plaintexts are enabled. By contrast, only analysing 32,500 number of plaintexts are sufficient to leak the secret key if the DL‐assisted and combined SCA is executed.

engineering, electrical & electronic