Abstract
Locating a cryptographic operation in a side-channel trace, i.e. finding out where it is in the time domain, without having a template, can be a tedious task even for unprotected implementations. The sheer amount of data can be overwhelming. In a simple call to OpenSSL for AES-128 ECB encryption of a single data block, only 0.00028% of the trace relate to the actual AES-128 encryption. The rest is overhead. We introduce the (to our best knowledge) first method to locate a cryptographic operation in a side-channel trace in a largely automated fashion. The method exploits meta information about the cryptographic operation and requires an estimate of its implementation’s execution time.The method lends itself to parallelization and our implementation in a tool greatly benefits from GPU acceleration. The tool can be used offline for trace segmentation and for generating a template which can then be used online in real-time waveformmatching based triggering systems for trace acquisition or fault injection. We evaluate it in six scenarios involving hardware and software implementations of different cryptographic operations executed on diverse platforms. Two of these scenarios cover realistic protocol level use-cases and demonstrate the real-world applicability of our tool in scenarios where classical leakage-detection techniques would not work. The results highlight the usefulness of the tool because it reliably and efficiently automates the task and therefore frees up time of the analyst.The method does not work on traces of implementations protected by effective time randomization countermeasures, e.g. random delays and unstable clock frequency, but is not affected by masking, shuffling and similar countermeasures.
Highlights
Introduction and related workSide-channel attacks are well-known methods to extract secret information from embedded cryptographic devices
When the execution time of the Cryptographic Operations (COs) is negligible in comparison with the overhead, searching the CO becomes like searching for a needle in a haystack
The tool presented in this work aids an evaluator in the process of locating a particular CO within a side-channel trace in aautomatic manner, requiring only a minimal amount of user input
Summary
Side-channel attacks are well-known methods to extract secret information from embedded cryptographic devices They are based on the dependency between the data being processed and a physical observable (instantaneous power consumption, electromagnetic radiation, etc.) of the device. Techniques such as DPA [KJJ99], CPA [BCO04] or MIA [GBTP08] exploit these side-channels to extract secret data protected via Cryptographic Operations (COs) from such devices. All these techniques have in common that they require measurement data from a very large number of executions of the same CO with different inputs. When evaluating an implementation against side-channel attacks in a lab setting, it is often straightforward to find the targeted CO segments within a side-channel trace as Licensed under Creative Commons License CC-BY 4.0
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
