Abstract
Profiled attacks are widely considered to be the most powerful form of side-channel analysis attacks. A common form is known as Gaussian template attacks which fit a Gaussian distribution to better model the behavior of the target device. Since profiled attacks build the model based on a device identical to the target device, manufacturing variances are an important factor for the success of such attacks. With shrinking the feature size, the influence of manufacturing variation on the power consumption of integrated circuits increases. It has been warned that this issue might render template attacks less effective. We evaluate this assumption on an ASIC design manufactured in 40 nm technology. We characterize the introduced variation and show that these can be easily mitigated. By performing attacks on multiple samples of the same ASIC, we show that template attacks on small technology sizes are still successful.
Highlights
For today’s embedded systems dealing with cryptographic primitives and secrets involved in cryptographic operations, side-channel analysis (SCA) attacks are considered as one of the most serious threads
We have shown that template attacks are still a high risk for integrated circuits manufactured in small technology nodes like 40 nm
While the manufacturing variation in our samples clearly leads to variation in the power consumption even more than the actual data-dependent leakage, this can be accounted for by adjusting the mean of the attack measurements
Summary
For today’s embedded systems dealing with cryptographic primitives and secrets involved in cryptographic operations, side-channel analysis (SCA) attacks are considered as one of the most serious threads. Along the same line, compared to that using power consumption, measuring the electromagnetic emanation (EM) of the device can lead to stronger attacks [11] since EM signals can be localized and are usually less influenced by other irrelevant parts of the circuit Such multi-query attacks are conducted under a black-box scenario, where no (or little) information about the device-under-test (DUT) is known. Since no register is packed into the targeted ASIC, the changes on S-box input and output pins lead to various amount of power consumption in different ASIC samples This can justify the variety that the authors have observed in [27]. In contrast to the worst-case scenario, we try to evaluate the real-world applicability of such profiling attacks by examining 11 ASIC sample chips This includes analyzing a full AES implementation compared to the single S-box of [27]. To be more precise, such variations are compensated by already-available portability methods like mean compensation [20] usually used to compensate other variations, e.g., in the measurement setup
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call