IACR News item: 15 June 2014
Omar Choudary, Markus G. Kuhn
ePrint Reporteavesdrop on tamper-resistant hardware. They use a profiling step to
compute the parameters of a multivariate normal distribution from a
training device and an attack step in which the parameters obtained
during profiling are used to infer some secret value (e.g.
cryptographic key) on a target device. Evaluations using the same
device for both profiling and attack can miss practical problems
that appear when using different devices. Recent
studies showed that variability caused by the use of either
different devices or different acquisition campaigns on the same
device can have a strong impact on the performance of template
attacks. In this paper, we explore further the effects that lead to
this decrease of performance, using four different Atmel XMEGA 256
A3U 8-bit devices. We show that a main difference between devices is
a DC offset and we show that this appears even if we use the same
device in different acquisition campaigns. We then explore several
variants of the template attack to compensate for these differences.
Our results show that a careful choice of compression method and
parameters is the key to improving the performance of these attacks
across different devices. In particular we show how to maximise the
performance of template attacks when using Fisher\'s Linear
Discriminant Analysis or Principal Component Analysis. Overall, we
can reduce the entropy of an unknown 8-bit value below 1.5 bits even
when using different devices.
Additional news items may be found on the IACR news page.