Abdelaziz Elaabid (#986)
Topic of his/her doctorate.
Side channel attacks: advanced experimentations on template attacks
Year of completion
In the 90's, the emergence of new cryptanalysis methods revolutionized the security of cryptographic devices. These attacks are based on power consumption analysis, when the microprocessor is running the cryptographic algorithm. Especially, we analyse in this thesis some properties of the template attack, with examples from attacks against an unprotected ASIC implementation. We point out that the efficiency of template attacks can be unleashed by using a relevent power model, and we provide some practical improvements by the use of different signal processing techniques. Furthermore, we investigate the relevance of the theoretical framework on profiled SCAs presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyse consists in a case-study based on side-channel measurements acquired experimentally from a hardwired cryptographic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the investigations we describe are more complex, due to the underlying chip's architecture and to the large amount of algorithmic noise.In this context, we explore the appropriateness of different choices for the sensitive variables, and we show that a skilled attacker aware of the register transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. The principal component analysis (PCA) is used to represent the templates in some dimensions, and we give a physical interpretation of the templates eigenvalues and eigenvectors. We introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack. Also, it has been underlined that the various samples garnered during the same acquisition can carry complementary information. In this context, there is an opportunity to study how to best combine many attacks with many leakages from different sources or using different samples from a single source. That brings some concrete answers to the attack combination problem. Also we focus on identifying the problems that arise when there is a discrepancy between the templates and the traces to match. Based on a real-world case-study, we show that two phenomena can hinder the success of template attacks when the precharacterized templates are outdated : the traces can be desynchronized and the amplitudes can be scaled differently. Then we suggest two remedies to cure the template mismatches : waveform realignment and acquisition campaign normalization. Eventually, we propose in a methodological manner, some applications of Wavelet transforms in the side-channel context. We show that SCAs when performed with a multi-resolution analysis are much better, in terms of security metrics, than considering only the time or the frequency resolution. Actually, the gain in number of traces needed to recover the secret key is relatively considerable with repect to an ordinary attack.
elaabid (at) gmail.com