On the Optimal Pre-processing for Non-profiling Differential Power … · 2016-10-07 · On the...

On the Optimal Pre-processing for Non-profilingDifferential Power Analysis

Suvadeep Hajra and Debdeep Mukhopadhyay

Indian Institute of Technology Kharagpur

COSADE’14, Paris, France

April 14-15, 2014

Suvadeep Hajra and Debdeep Mukhopadhyay 1

Outline

Introduction

Optimal Pre-processing of the Power Traces

Experimental Evaluation

Comparison with profiling Stochastic attack

Conclusion


Introduction

Distinguisher

. . .

d1, d2, ..., d|K|

k1

k2

k|K|

Figure: DPA AttackSuvadeep Hajra and Debdeep Mukhopadhyay 3

Introduction (cont.)

Univariate DPA

Univariate distinguisher is applied on a selected sample point

Multivariate DPA

univariate distinguisher is applied on every sample point independentlybest result is chosenperforms poorly when the SNR of the leakage are low

Power traces are pre-processed to increase the SNR of the leakage



Univariate DPA


Multivariate DPA





Univariate DPA


Multivariate DPA





Existing Pre-processing techniques1 Comb filter2 FFT3 Multiband filter4 Wavelet transform etc

Mostly, heuristic in nature

Optimal pre-processing using linear FIR has been proposed by Oswaldet al. in [2]

requires semi-profiling approach

Is optimal pre-processing possible in non-profiling DPA attacks?























Matched Filter

The output leakage lo of a linear FIR of order T applied to the tracesl = {l0, · · · , lT−1}

lo =T−1∑t=0

ht lt (1)

where h = {h0, · · · , hT−1} is the impulse response of the filter

Let centered (w.r.t. mean leakage) trace l = {l0, . . . , lT−1}= {d0 + n0, · · · , dT−1 + nT−1} = d + n

SNR of lo is given by

SNR lo =|h′d|2

E [|h′n|2]=|h′d|2h′ΣNh

Matched filter maximizes the SNR of lo by suitably choosing theimpulse response h


Matched Filter


lo =T−1∑t=0

ht lt (1)




SNR lo =|h′d|2




Matched Filter


lo =T−1∑t=0

ht lt (1)




SNR lo =|h′d|2




Matched Filter


lo =T−1∑t=0

ht lt (1)




SNR lo =|h′d|2




Matched Filter (cont.)

The impulse response of the matched filter for the trace l is given by([3, 4])

hMF = Σ−1N d

Both ΣN and d need the secret key to estimate, thus are not feasiblein non-profiling DPA


Matched Filter (cont.)

The impulse response of the matched filter for the trace l is given by([3, 4])

hMF = Σ−1N d

Both ΣN and d need the secret key to estimate, thus are not feasiblein non-profiling DPA


Optimum Linear Filter in Non-profiling DPA

We introduce Signal Ratio (SR) of the output signal lo :

SR lo =|h′d|2E [|h′l|2]

=|h′d|2h′ΣLh

The SNR of the output leakage lo reaches its maximum if and only ifSR of that also reaches its maximum

Impulse response of the optimum linear filter which maximizes the SRof the output signal lo

hopt = Σ−1L d

The estimation of d still requires the correct key




SR lo =|h′d|2E [|h′l|2]

=|h′d|2h′ΣLh



hopt = Σ−1L d





SR lo =|h′d|2E [|h′l|2]

=|h′d|2h′ΣLh



hopt = Σ−1L d





SR lo =|h′d|2E [|h′l|2]

=|h′d|2h′ΣLh



hopt = Σ−1L d



Optimum Linear Filter in Non-profiling DPA (cont.)

Extension of the conventional leakage model over multiple timeinstants [1]:

Conventional leakage model

Lt∗ = at∗Ψ(Sk∗) + Nt∗

Multivariate leakage model

Lt = atΨ(Sk∗) + Nt , t0 ≤ t < t0 + τ

Incorporating algorithmic noise

Lt = at(Ψ(Sk∗) + U + c) + Nt (2)

= at(I + c) + Nt , t0 ≤ t < t0 + τ (3)

where N = {Nt0 , · · · ,Nt0+τ−1} has mean vector 0







Lt = atΨ(Sk∗) + Nt , t0 ≤ t < t0 + τ


Lt = at(Ψ(Sk∗) + U + c) + Nt (2)

= at(I + c) + Nt , t0 ≤ t < t0 + τ (3)








Lt = atΨ(Sk∗) + Nt , t0 ≤ t < t0 + τ


Lt = at(Ψ(Sk∗) + U + c) + Nt (2)

= at(I + c) + Nt , t0 ≤ t < t0 + τ (3)




We limit the attack window to {t0, · · · , t0 + τ − 1}From Eq. (3), d = (i − E [I ] + c)a where a = {a0, · · · , aτ−1}

Thus,

SR lo =|h′(i − E [I ] + c)a|2

h′ΣLh∝ |h

′a|2h′ΣLh

Resulting inhopt = Σ−1

L a ∝ Σ−1L µL

where µL is the mean vector of leakage L = {L0, · · · , Lτ−1} (i.eleakage of the selected window)




Thus,

SR lo =|h′(i − E [I ] + c)a|2

h′ΣLh∝ |h

′a|2h′ΣLh


L a ∝ Σ−1L µL





Thus,

SR lo =|h′(i − E [I ] + c)a|2

h′ΣLh∝ |h

′a|2h′ΣLh


L a ∝ Σ−1L µL





Thus,

SR lo =|h′(i − E [I ] + c)a|2

h′ΣLh∝ |h

′a|2h′ΣLh


L a ∝ Σ−1L µL



Approximate Optimum Linear Filter in Non-profiling DPA

Disadvantages of hoptEstimation of ΣL requires large number of power tracesComputationally intensive

Approximation of hopt : happr = diag(ΣL)−1µL i.e.

happr =

{E [L0]

σ2L0

, · · · , E [Lτ−1]

σ2Lτ−1

}

The approximate optimum filter happr neglects the correlationbetween the leakages of two different sample points

When leakages of the different sample points are significantlycorrelated: perform the attack on a linear transformation of the powertraces such as in frequency domain (using FFT), eigenvector domain(using PCA)





happr =

{E [L0]

σ2L0

, · · · , E [Lτ−1]

σ2Lτ−1

}







happr =

{E [L0]

σ2L0

, · · · , E [Lτ−1]

σ2Lτ−1

}







happr =

{E [L0]

σ2L0

, · · · , E [Lτ−1]

σ2Lτ−1

}





The performed attacks are:

CPA on the unprocessed tracesCPA on the output of the Optimum filter (OF)CPA on the output of the Approximate Optimum filter (AOF)

The attacks are performed in the following domains:

Time domain.Frequency domainEigenvector domain

Experiments are performed in four scenarios:

Scenario (a): on the acquire power tracesScenario (b): by adding high uncorrelated noiseScenario (c): by adding small correlated noiseScenario (d): by adding both the correlated and uncorrelated noise


















Experimental Result: Scenario (a)

1

2

4

8

16

32

64

128

3 6 9 12 15 18 21 24 27 30

Avera

ge G

uessin

g E

ntr

opy

Number of Traces / 100

CPA in Time DomainOF in Time Domain

AOF in Time DomainCPA on PCs

AOF on PCsCPA in Freq DomainAOF in Freq Domain

Figure: Results on Acquired Traces of AES Encryption


Experimental Result: Scenario (b)

1

2

4

8

16

32

64

128

3 6 9 12 15 18 21 24 27 30

Ave

rag

e G

ue

ssin

g E

ntr

op

y





Figure: Results on Acquired Traces adding Uncorrelated Noise


Experimental Result: Scenario (c)

1

2

4

8

16

32

64

128

3 6 9 12 15 18 21 24 27 30

Avera

ge G

uessin

g E

ntr

opy





Figure: Results on Acquired Trace adding Correlated Noise


Experimental Result: Scenario (d)

1

2

4

8

16

32

64

128

3 6 9 12 15 18 21 24 27 30

Avera

ge G

uessin

g E

ntr

opy





Figure: Results on Acquired Traces adding both the Correlated Noise andUncorrelated Noise


Comparison with profiling Stochastic attack

1

2

4

8

16

32

64

128

3 6 9 12 15 18 21 24 27 30

Ave

rag

e G

ue

ssin

g E

ntr

op

y

Number of Traces x 100

Stochastic HD in (a)AOF in Freq domain in (a)

Stochastic HD in (b)AOF in Freq domain in (b)

Stochastic HD in (c)AOF in Freq domain in (c)

Stochastic HD in (d)AOF in Freq domain in (d)

Figure: Results of Profiling Stochastic Attack using HD model and CPA usingAOF in Frequency Domain


Summary

Two linear filters have been proposed for optimal pre-processing innon-profiling DPA

The experimental results show significant decrease in the averageguessing entropy of CPA using the proposed filter

One proposed filter has been compared with profiling Stochasticattack


Summary





Summary





Thank You!


Bibliography I

S. Hajra and D. Mukhopadhyay.

Pushing the Limit of Non-Profiling DPA using Multivariate Leakage Model.Cryptology ePrint Archive, Report 2013/849, 2013.http://eprint.iacr.org/.

D. Oswald and C. Paar.

Improving Side-Channel Analysis with Optimal Linear Transforms.In S. Mangard, editor, CARDIS, volume 7771 of Lecture Notes in Computer Science, pages 219–233. Springer, 2012.

J. Sills and E. Kamen.

Time-varying matched filters.Circuits, Systems and Signal Processing, 15(5):609–630, 1996.

Wikipedia.

Matched filter — Wikipedia, The Free Encyclopedia.http://en.wikipedia.org/wiki/, 2013.[Online; accessed 20-December-2013].


http://eprint.iacr.org/

http://en.wikipedia.org/wiki/

Date post:	04-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

On the Optimal Pre-processing for Non-profiling Differential Power … · 2016-10-07 · On the...

Documents