Side-Channel Expectation-Maximization Attacks
Block ciphers are protected against side-channel attacks by masking. On one hand, when the leakage model is unknown, second-order correlation attacks are typically used. On the other hand, when the leakage model can be profiled, template attacks are prescribed. But what if the profiled model does n...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2022-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9840 |
| _version_ | 1797690047872368640 |
|---|---|
| author | Julien Béguinot Wei Cheng Sylvain Guilley Olivier Rioul |
| author_facet | Julien Béguinot Wei Cheng Sylvain Guilley Olivier Rioul |
| author_sort | Julien Béguinot |
| collection | DOAJ |
| description |
Block ciphers are protected against side-channel attacks by masking. On one hand, when the leakage model is unknown, second-order correlation attacks are typically used. On the other hand, when the leakage model can be profiled, template attacks are prescribed. But what if the profiled model does not exactly match that of the attacked device?
One solution consists in regressing on-the-fly the scaling parameters from the model. In this paper, we leverage an Expectation-Maximization (EM) algorithm to implement such an attack. The resulting unprofiled EM attack, termed U-EM, is shown to be both efficient (in terms of number of traces) and effective (computationally speaking). Based on synthetic and real traces, we introduce variants of our U-EM attack to optimize its performance, depending on trade-offs between model complexity and epistemic noise. We show that the approach is flexible, in that it can easily be adapted to refinements such as different points of interest and number of parameters in the leakage model.
|
| first_indexed | 2024-03-12T01:53:57Z |
| format | Article |
| id | doaj.art-1d432a83b7c8462d941d4d8dc431a3ac |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-03-12T01:53:57Z |
| publishDate | 2022-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-1d432a83b7c8462d941d4d8dc431a3ac2023-09-08T07:01:07ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252022-08-012022410.46586/tches.v2022.i4.774-799Side-Channel Expectation-Maximization AttacksJulien Béguinot0Wei Cheng1Sylvain Guilley2Olivier Rioul3LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, FranceLTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France; Secure-IC S.A.S., Paris, FranceSecure-IC S.A.S., Paris, France; LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, FranceLTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France Block ciphers are protected against side-channel attacks by masking. On one hand, when the leakage model is unknown, second-order correlation attacks are typically used. On the other hand, when the leakage model can be profiled, template attacks are prescribed. But what if the profiled model does not exactly match that of the attacked device? One solution consists in regressing on-the-fly the scaling parameters from the model. In this paper, we leverage an Expectation-Maximization (EM) algorithm to implement such an attack. The resulting unprofiled EM attack, termed U-EM, is shown to be both efficient (in terms of number of traces) and effective (computationally speaking). Based on synthetic and real traces, we introduce variants of our U-EM attack to optimize its performance, depending on trade-offs between model complexity and epistemic noise. We show that the approach is flexible, in that it can easily be adapted to refinements such as different points of interest and number of parameters in the leakage model. https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9840Side-Channel AnalysisMasked CryptographyMaximum Likelihood DistinguisherLeakage Model RegressionExpectation Maximization (EM)Unprofiled EM (U-EM) Attack |
| spellingShingle | Julien Béguinot Wei Cheng Sylvain Guilley Olivier Rioul Side-Channel Expectation-Maximization Attacks Transactions on Cryptographic Hardware and Embedded Systems Side-Channel Analysis Masked Cryptography Maximum Likelihood Distinguisher Leakage Model Regression Expectation Maximization (EM) Unprofiled EM (U-EM) Attack |
| title | Side-Channel Expectation-Maximization Attacks |
| title_full | Side-Channel Expectation-Maximization Attacks |
| title_fullStr | Side-Channel Expectation-Maximization Attacks |
| title_full_unstemmed | Side-Channel Expectation-Maximization Attacks |
| title_short | Side-Channel Expectation-Maximization Attacks |
| title_sort | side channel expectation maximization attacks |
| topic | Side-Channel Analysis Masked Cryptography Maximum Likelihood Distinguisher Leakage Model Regression Expectation Maximization (EM) Unprofiled EM (U-EM) Attack |
| url | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9840 |
| work_keys_str_mv | AT julienbeguinot sidechannelexpectationmaximizationattacks AT weicheng sidechannelexpectationmaximizationattacks AT sylvainguilley sidechannelexpectationmaximizationattacks AT olivierrioul sidechannelexpectationmaximizationattacks |