Abstract
Recently, a generic DPA attack using the mutual information index as the side channel distinguisher has been introduced. Mutual Information Analysis’s (MIA) main interest is its claimed genericity. However, it requires the estimation of various probability density functions (PDF), which is a task that involves the complicated problem of selecting tuning parameters. This problem could be the cause of the lower efficiency of MIA that has been reported. In this paper, we introduce an approach that selects the tuning parameters with the goal of optimizing the performance of MIA. Our approach differs from previous works in that it maximizes the ability of MIA to discriminate one key among all guesses rather than optimizing the accuracy of PDF estimates. Application of this approach to various leakage traces confirms the soundness of our proposal.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Formally \(l(x)\) is a probability mass function (PMF) because \(X\) is discrete. To simplify notation, we use the generic acronym PDF.
References
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Aumonier, S.: Generalized correlation power analysis. In: ECRYPT Workshop on Tools For Cryptanalysis, Kraków, Poland, September 2007
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)
Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. Cryptol. J. 24, 269–291 (2001). Springer, New York
Prouff, E., Rivain, M.: Theoretical and practical aspects of mutual information-based side channel analysis. Int. J. Adv. Comput. Technol. (IJACT) 2(2), 121–138 (2010)
Moradi, A., Mousavi, N., Paar, C., Salmasizadeh, M.: A comparative study of mutual information analysis under a Gaussian assumption. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 193–205. Springer, Heidelberg (2009)
Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)
Le, T.-H., Berthier, M.: Mutual information analysis under the view of higher-order statistics. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 285–300. Springer, Heidelberg (2010)
Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting higher-order DPA attacks: multivariate mutual information analysis. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 221–234. Springer, Heidelberg (2010)
Flament, F., Guilley, S., Danger, J.L., Elaabid, M.A., Maghrebi, H., Sauvage, L.: About probability density function estimation for side channel analysis. In: Proceedings of International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE), pp. 15–23 (2010)
Whitnall, C., Oswald, E.: A comprehensive evaluation of mutual information analysis using a fair evaluation framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 316–334. Springer, Heidelberg (2011)
Veyrat-Charvillon, N., Standaert, F.-X.: Generic side-channel distinguishers: improvements and limitations. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 354–372. Springer, Heidelberg (2011)
Venelli, A.: Efficient entropy estimation for mutual information analysis using B-splines. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 17–30. Springer, Heidelberg (2010)
Rosenblatt, M.: Remark on some nonparametric estimates of a density function. Ann. Math. Stat. 27, 832–837 (1956)
Parzen, E.: On the estimation of a probability density function and the mode. Ann. Math. Stat. 33, 1065–1076 (1962)
Sheather, S.J.: Density estimation. Stat. Sci. 19(4), 588–597 (2004)
Silverman, B.W., Green, P.J.: Density Estimation for Statistics and Data Analysis. Chapman and Hall, London (1986)
VLSI Research Group and TELECOM ParisTech: The DPA contest (2008/2009)
Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. comparison side-channel distinguishers: an empirical evaluation of statistical tests for Univariate side-channel attacks against two unprotected CMOS devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009)
Messerges, T.S., Dabbish, E.A., Sloan, R.H., Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of power analysis attacks on smartcards. In: Proceedings of the USENIX Workshop on Smartcard Technology, pp. 151–162 (1999)
Bévan, R., Knudsen, E.W.: Ways to enhance differential power analysis. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 327–342. Springer, Heidelberg (2003)
Tiran, S., Maurine, P.: SCA with magnitude squared coherence. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 234–247. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
From Sect. 2, modeling leakage consists essentially in choosing a selection function \(L\) to classify the leakage samples \(o(m)\), based on the predictions \(v_{m,k}\) according to \(m \in \mathcal {M}\) and \(k \in \mathcal {K}\), either at the word level or at the bit level (Multi-bit).
-
Word. In view of the additive property of the power consumption in CMOS technologies, traditional leakage models inspired are based on works in [2, 21], aims at mapping activities of components using intermediate values to the physical observations by equal summation of \(w\) bits
$$\begin{aligned} L:\mathbb {F}_2^w&\rightarrow [0;w]\nonumber \\ v_{m,k}=([v_{m,k}]_1,\ldots ,[v_{m,k}]_w)&\rightarrow L(v_{m,k})={\displaystyle \sum _{b=1}^{w}[v_{m,k}]_b}. \end{aligned}$$(16)with \([.]_b : \mathbb {F}_2^w \rightarrow \mathbb {F}_2\) being the projection onto the \(i^{th}\) bit. (AES (resp. DES) output Sbox : \(w=8\) (resp. \(w=5\)))
-
Multi-bit. Alternatively, as mentioned in [22], the leakage could be analyzed bit by bit, summing up at the end each equal contribution. The multi-bit version of a distinguisher \(\mathcal {D}_{k,t}\) (\(\mathcal {D} \equiv MI\) in this paper) is calculated as
$$\begin{aligned} \mathcal {D}_{k,t}={\displaystyle \sum _{b=1}^{w}\left| [\mathcal {D}_{k,t}]_{b}\right| }. \end{aligned}$$(17)This model seems better adapted to the EM side-channel for which the assumption of additivity may be less plausible. Initially introduced for the distinguisher using the difference of means, it can be extended to other distinguishers [23].
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Carbone, M. et al. (2014). On Adaptive Bandwidth Selection for Efficient MIA. In: Prouff, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2014. Lecture Notes in Computer Science(), vol 8622. Springer, Cham. https://doi.org/10.1007/978-3-319-10175-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-10175-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10174-3
Online ISBN: 978-3-319-10175-0
eBook Packages: Computer ScienceComputer Science (R0)