CPA Attacks Research Articles

Transition Factors of Power Consumption Models for CPA Attacks on Cryptographic RISC-V SoC

Physical cryptographic devices are vulnerable to side-channel information leakages during operation. They are widely used in software as well as hardware implementations, ranging from microcontrollers and microprocessors to hardware accelerators in System on Chips (SoCs). Nowadays, cryptographic RISC-V SoCs are becoming the most prominent solution compared to the rest. Cryptographic accelerators provide users with a very high level of flexibility and customization of chips suited to specific applications in these systems. First, this research aims to confirm the effectiveness of the Correlation Power Analysis attack on cryptographic SoCs based on three different power consumption models. In each model, the effectiveness of an attack depends on the transition factor, which is a ratio related to different characteristics of the device's power consumption. Then, we focus on modifying the configuration on the SoC and attacking the AES hardware implementation on these designs. The experimental results show that applying the Switching Distance model brings the highest performance. With our suggested range of transition factors, the number of traces needed to find the secret key can be reduced by 13.35% in the best case.

Bio inspired based Multi-objective Data-Privacy-Preservation-Technique (MO-DPPT) system model for cloud data

The significance of data security in the cloud system has boosted the increasing quantity of sensitive and personal data being harvested by data controllers. As the cloud has more outsourced, unsecured sensitive data for public access, the data security for the cloud sectors is very important. The majority of state-of-the-art strategies fail to manage optimal privacy in implementing data privacy preservation model. To ensure data privacy preservation, most of the traditional techniques can perform the transformation on the actual data. These traditional methods are utilized limitedly, as they are pretty memory intensive and complicated. Hence, to defeat this dispute, this paper tries to develop a novel approach named Multi-Objective Data-Privacy-Preservation-Technique (MO-DPPT) that can look after the data privacy issues. The two main phases of the data privacy preservation model consist of the data sanitization and restoration process. Here, the optimal key generation is based on the proposed sanitization process and it is done by a novel meta-heuristic algorithm namely the Muddy Soil Fish Optimization Algorithm (MSFOA). The optimal key generation is achieved by developing the multi-objective function that focuses on the parameters of hiding ratio (HR) rate, Preservation Ratio (PR) rate, False Rule (FR) generation rate, and Degree of Modification (DM). Moreover, the proposed MSFOA algorithm has confirmed improved execution through statistical analysis, analysis on KPA and CPA attacks, and computational time analysis over the conventional algorithms. Finally, the proposed MSFOA based MO-DPPT system model using is compared with the existing traditional algorithms namely PSO, GWO, JA, SSO, JA-SSO, and the performance analysis of the proposed MSFOA based MO-DPPT system model has proven the superior efficiency in improving cloud security.

Side-Channel Attacks on Masked Bitsliced Implementations of AES

In this paper, we provide a detailed analysis of CPA and Template Attacks on masked implementations of bitsliced AES, targeting a 32-bit platform through the ChipWhisperer side-channel acquisition tool. Our results show that Template Attacks can recover the full AES key successfully within 300 attack traces even on the masked implementation when using a first-order attack (no pre-processing). Furthermore, we confirm that the SubBytes operation is overall a better target for Template Attacks due to its non-linearity, even in the case of bitsliced implementations, where we can only use two bits per key byte target. However, we also show that targeting the AddRoundKey can be used to attack bitsliced implementations and that, in some cases, it can be more efficient than the SubBytes attack.

Formally proved security of assembly code against power analysis

In his keynote speech at CHES 2004, Kocher advocated that side-channel attacks were an illustration that formal cryptography was not as secure as it was believed because some assumptions (e.g., no auxiliary information is available during the computation) were not modeled. This failure is caused by formal methods’ focus on models rather than implementations. In this paper, we present formal methods and tools for designing protected code and proving its security against power analysis. These formal methods avoid the discrepancy between the model and the implementation by working on the latter rather than on a high-level model. Indeed, our methods allow us (a) to automatically insert a power balancing countermeasure directly at the assembly level, and to prove the correctness of the induced code transformation; and (b) to prove that the obtained code is balanced with regard to a reasonable leakage model. We also show how to characterize the hardware to use the resources which maximize the relevancy of the model. The tools implementing our methods are then demonstrated in a case study on an 8-bit AVR smartcard for which we generate a provably protected present implementation that reveals to be at least 250 times more resistant to CPA attacks.

On Lai–Massey and quasi-Feistel ciphers

We introduce a new notion called a quasi-Feistel cipher, which is a generalization of the Feistel cipher, and contains the Lai---Massey cipher as an instance. We show that most of the works on the Feistel cipher can be naturally extended to the quasi-Feistel cipher. From this, we give a new proof for Vaudenay's theorems on the security of the Lai---Massey cipher, and also we introduce for Lai---Massey a new construction of pseudorandom permutation, analoguous to the construction of Naor---Reingold using pairwise independent permutations. Also, we prove the birthday security of (2b?1)- and (3b?2)-round unbalanced quasi-Feistel ciphers with b branches against CPA and CPCA attacks, respectively.