Leakage Traces Research Articles

Plaintext-based Side-channel Collision Attack

Side-channel Collision Attacks (SCCA) is a classical method that exploits information dependency leaked during cryptographic operations. Unlike collision attacks that seek instances where two different inputs to a cryptographic algorithm yield identical outputs, SCCAs specifically target the internal state, where identical outputs are more likely. Although SCCA does not rely on the pre-assumption of the leakage model, it explicitly operates on precise trace segments reflecting the target operation, which is challenging to perform when the leakage measurements are noisy. Besides, its attack performance may vary dramatically, as it relies on selecting a reference byte (and its corresponding leakages) to “collide” other bytes. A poor selection would lead to many bytes unrecoverable. These two facts make its real-world application problematic. This paper addresses these challenges by introducing a novel plaintext-based SCCA. We leverage the bijective relationship between plaintext and secret data, using plaintext as labels to train profiling models to depict leakages from varying operations. By comparing the leakage representations produced by the profiling model instead of the leakage segmentation itself, all secret key differences can be revealed simultaneously without processing leakage traces. Furthermore, we propose a novel error correction scheme to rectify false predictions further. Experimental results show that our approach significantly surpasses the state-of-the-art SCCA in both attack performance and computational complexity (e.g., training time reduced from approximately three hours to five minutes). These findings underscore our method's effectiveness and practicality in real-world attack scenarios.

Locality-based electromagnetic leakage assessment using CNN

Deep learning side-channel analysis (SCA) attacks have recently gained in popularity. The ability of deep learning models to retrieve a key byte while minimizing the need for pre-processing steps in both cases of misaligned traces and when the leakage model is multivariate has contributed to the popularity gain. Near-field electromagnetic (EM) probes have enabled leakage capture with high spatial resolution, and the field of deep learning side-channel research looks to find models which reduce the required number of leakage traces to retrieve a key byte successfully. However, despite the many papers researching techniques to reduce the number of traces required for a successful attack, location-based research for EM SCA remains untouched. Due to the nature of EM probes and the architecture of different boards and chips, the location of the collection probe becomes important when attempting to extract the secret key within a reasonable timeframe and with a level of certainty in the result. Our contribution is a framework to determine the best location to assess localized EM leakage against a given chip platform. We use a raster scan to collect localized leakage results at 25 points in a 5x5 grid pattern on a ChipWhisperer Lite XMEGA board running an open-source implementation of the AES-128 encryption algorithm. We demonstrate the use of our framework to locate the best points for an attacker to execute a profiling attack by identifying the grid point with the most detectable leakage for a chip platform. We further execute a smaller localized 25-point raster scan in a grid over the identified location to further refine our estimate of the optimal collection location. We then demonstrate that this location can be used to execute a side-channel profiling attack against the same chip architecture and will result in a lower number of traces required to retrieve the key byte.

Locating the Oil Leakage on Power Equipment via Ultraviolet-Induced Hyperspectral Imaging Technology

Oil leakage will cause abnormal temperature rise and discharge of oil-filled power equipment, which seriously threatens insulation reliability. In this paper, based on the synchronous fluorescence spectra (SFS) and excitation emission matrix (EEM) of mineral and vegetable oils, the ultraviolet-induced hyperspectral imaging (UV-induced HSI) measurement system is developed. Then, the fluorescence-reflectance spectra of oil traces and non-oil areas are determined via the proposed measurement system. Next, the influence factors of fluorescence-reflectance intensity, including UV source light power, detection angle degree and detection distance are discussed. By analyzing the fluorescence-reflectance intensity differences in fluorescence bands, principal component analysis (PCA) is applied for date dimension reduction and anomaly detection to realize oil leakage trace visualization. Finally, the validation test results prove that this method exhibits a general applicability for tracing mineral and vegetable oil leakage traces on different surface materials in indoor and outdoor conditions. This approach will improve the detection rate of oil leakage defects, and promote the intelligent level of operation and maintenance of power equipment.

Label Correlation in Deep Learning-Based Side-Channel Analysis

The efficiency of the profiling side-channel analysis can be significantly improved with machine learning techniques. Although powerful, a fundamental machine learning limitation of being data-hungry received little attention in the side-channel community. In practice, the maximum number of leakage traces that evaluators/attackers can obtain is constrained by the scheme requirements or the limited accessibility of the target. Even worse, various countermeasures in modern devices increase the conditions on the profiling size to break the target. This work demonstrates a practical approach to dealing with the lack of profiling traces. Instead of learning from a one-hot encoded label, transferring the labels to their distribution can significantly speed up the convergence of guessing entropy. By studying the relationship between all possible key candidates, we propose a new metric, denoted Label Correlation (LC), to evaluate the generalization ability of the profiling model. We validate LC with two common use cases: early stopping and network architecture search, and the results indicate its superior performance.

High Order Side-Channel Security for Elliptic-Curve Implementations

Elliptic-curve implementations protected with state-of-the-art countermeasures against side-channel attacks might still be vulnerable to advanced attacks that recover secret information from a single leakage trace. The effectiveness of these attacks is boosted by the emergence of deep learning techniques for side-channel analysis which relax the control or knowledge an adversary must have on the target implementation. In this paper, we provide generic countermeasures to withstand these attacks for a wide range of regular elliptic-curve implementations. We first introduce a framework to formally model a regular algebraic program which consists of a sequence of algebraic operations indexed by key-dependent values. We then introduce a generic countermeasure to protect these types of programs against advanced single-trace side-channel attacks. Our scheme achieves provable security in the noisy leakage model under a formal assumption on the leakage of randomized variables. To demonstrate the applicability of our solution, we provide concrete examples on several widely deployed scalar multiplication algorithms and report some benchmarks for a protected implementation on a smart card.

Information Leakage in Code-Based Masking: A Systematic Evaluation by Higher-Order Attacks

Code-based masking is a recent line of research on masking schemes aiming at provably counteracting side-channel attacks. It generalizes and unifies many masking schemes within a coding-theoretic formalization. In code-based masking schemes, the tuning parameters are the underlying linear codes, whose choice significantly affects the side-channel resilience. In this paper, we investigate the exploitability of the information leakage in code-based masking and present attack-based evaluation results of higher-order optimal distinguisher (HOOD). Particularly, we consider two representative instances of code-based masking, namely inner product masking (IPM) and Shamir’s secret sharing (SSS) based masking. Our results do confirm the state-of-the-art theoretical derivatives in an empirical manner with numerically simulated measurements. Specifically, theoretical results are based on quantifying information leakage; we further complete the panorama with attack-based evaluations by investigating the exploitability of the leakage. Moreover, we classify all possible candidates of linear codes in IPM with 2 and 3 shares and (3, 1)-SSS based masking, and highlight both optimal and worst codes for them. Relying on our empirical evaluations, we therefore recommend investigating the coding-theoretic properties to find the best linear codes in strengthening instances of code-based masking. As for applications, our attack-based evaluation directly empowers designers, by employing optimal linear codes, to enhance the protection of code-based masking. Our framework leverages simulated leakage traces, hence allowing for source code validation or patching in case it is found to be attackable.

Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis

Side-channel analysis (SCA) attacks constantly improve and evolve. Implementations are therefore designed to withstand strong SCA adversaries. Different side channels exhibit varying statistical characteristics of the sensed or exfiltrated leakage, as well as the embedding of different countermeasures. This makes it crucial to improve and adapt pre-processing and denoising techniques, and abilities to evaluate the adversarial best-case scenario. We address two popular SCA scenarios: (1) a single-trace context, modeling an adversary that captures only one leakage trace, and (2) a multi-trace (or statistical) scenario, that models the classical SCA context. Given that horizontal attacks, localized electromagnetic attacks and remote-SCA attacks are becoming evermore powerful, both scenarios are of interest and importance. In the single-trace context, we improve on existing Singular Spectral Analysis (SSA) based techniques by utilizing spectral property variations over time that stem from the cryptographic implementation. By adapting overlapped-SSA and optimizing over the method parameters, we achieve a significantly shorter computation time, which is the main challenge of the SSA-based technique, and a higher information gain (in terms of the Signal-to-Noise Ratio (SNR)). In the multi-trace context, a profiling strategy is proposed to optimize a Band-Pass Filter (BPF) based on a low-computational cost criterion, which is shown to be efficient for unprotected and low protection level countermeasures. In addition, a slightly more computationally intensive optimized ‘shaped’ filter is presented that utilizes a frequency-domain SNR-based coefficient thresholding. Our experimental results exhibit significant improvements over a set of various implementations embedded with countermeasures in hardware and software platforms, corresponding to varying baseline SNR levels and statistical leakage characteristics.

Machine Learning Attacks and Countermeasures on Hardware Binary Edwards Curve Scalar Multipliers

Machine Learning techniques have proven effective in Side Channel Analysis (SCA), enabling multiple improvements over the already-established profiling process of Template Attacks. Focusing on the need to mitigate their impact on embedded devices, a design model and strategy is proposed that can effectively be used as a backbone for introducing SCA countermeasures on Elliptic Curve Cryptography (ECC) scalar multipliers. The proposed design strategy is based on the decomposition of the round calculations of the Montgomery Power Ladder (MPL) algorithm and the Scalar Multiplication (SM) algorithm into the underlined finite field operations, and their restructuring into parallel-processed operation sets. Having as a basis the proposed design strategy, we showcase how advanced SCA countermeasures can be easily introduced, focusing on randomizing the projective coordinates of the MPL round’s ECC point results. To evaluate the design approach and its SCA countermeasures, several simple ML-based SCAs are performed, and an attack roadmap is provided. The proposed roadmap assumes attackers that do not have access to a huge number of leakage traces, and that have limited resources with which to mount Deep Learning attacks. The trained models’ performance reveals a high level of resistance against ML-based SCAs when including SCA countermeasures in the proposed design strategy.

Low-temperature preparation of solid-solid phase change polymer for thermal management modules

The high initiating temperature of polymerization up to 80–100 °C during the preparation of solid–solid phase change polymer (SSPCP) leads to the limitation of the embedding procedure during the construction of the battery modules. Herein, we develop a low-temperature preparation strategy for SSPCPs by introducing a redox initiation system to reduce the decomposition activation energy, thus realizing the procedure for embedding the SSPCP into a battery module. In addition to the intrinsic ~100% anti-leakage performance and ultrahigh heat tolerance up to 250 °C, the SSPCP/expanded graphite composite demonstrates a suitable phase change temperature of 47.8 °C, high thermal conductivity of 2.33 W m−1 K−1, and latent heat of 99.6 J g−1 for battery thermal management, thus delivering a lower maximum temperature (47.4 °C vs. 45.2 °C) for the battery module than traditional composite phase change material during 15 charge–discharge cycles. No leakage traces are detected in the SSPCP module.

Efficiency through Diversity in Ensemble Models applied to Side-Channel Attacks

Deep Learning based Side-Channel Attacks (DL-SCA) are considered as fundamental threats against secure cryptographic implementations. Side-channel attacks aim to recover a secret key using the least number of leakage traces. In DL-SCA, this often translates in having a model with the highest possible accuracy. Increasing an attack’s accuracy is particularly important when an attacker targets public-key cryptographic implementations where the recovery of each secret key bits is directly related to the model’s accuracy. Commonly used in the deep learning field, ensemble models are a well suited method that combine the predictions of multiple models to increase the ensemble accuracy by reducing the correlation between their errors. Linked to this correlation, the diversity is considered as an indicator of the ensemble model performance. In this paper, we propose a new loss, namely Ensembling Loss (EL), that generates an ensemble model which increases the diversity between the members. Based on the mutual information between the ensemble model and its related label, we theoretically demonstrate how the ensemble members interact during the training process. We also study how an attack’s accuracy gain translates to a drastic reduction of the remaining time complexity of a side-channel attacks through multiple scenarios on public-key implementations. Finally, we experimentally evaluate the benefits of our new learning metric on RSA and ECC secure implementations. The Ensembling Loss increases by up to 6.8% the performance of the ensemble model while the remaining brute-force is reduced by up to 222 operations depending on the attack scenario.

Toward practical autoencoder-based side-channel analysis evaluations

In the field of side-channel analysis, profiled attacks are one of the most powerful types of attacks. Nevertheless, major issues with profiled attacks are in sensitivity to noise and the high-dimensional nature of the signals used for training, generating a less efficient classifier to conduct the attack phase. Consequently, evaluating the security of cryptographic implementation in hardware devices like IoT becomes more complex as side-channel analysis evaluation easily falls into false-positive results. This paper assesses the efficacy of applying a feature reduction process to deal with high-dimensional signals. We propose a practical procedure to conduct feature reduction using autoencoders for profiled side-channel leakage evaluations. Two autoencoder architectures are compared while performing feature reduction showing that our proposed architecture keeps most of the relevant information. Our proposal is tested on the ASCAD random key database with a high desynchronization value and produced results that outperform other state-of-the-art techniques. The guessing entropy value converges to 1 after around 500 leakage traces.

Defect-Detection Model for Underground Parking Lots Using Image Object-Detection Method

The demand for defect diagnoses is gradually gaining ground owing to the growing necessity to implement safe inspection methods to ensure the durability and quality of structures. However, conventional manpower-based inspection methods not only incur considerable cost and time, but also cause frequent disputes regarding defects owing to poor inspections. Therefore, the demand for an effective and efficient defect-diagnosis model for concrete structures is imminent, as the reduction in maintenance costs is significant from a long-term perspective. Thus, this paper proposes a deep learning-based image object-identification method to detect the defects of paint peeling, leakage peeling, and leakage traces that mostly occur in underground parking lots made of concrete structures. The deep learning-based object-detection method can replace conventional visual inspection methods. A faster region-based convolutional neural network (R-CNN) model was used with a training dataset of 6,281 images that utilized a region proposal network to objectively localize the regions of interest and detect the surface defects. The defects were classified according to their type, and the learning of each exclusive model was ensured through test sets obtained from real underground parking lots. As a result, average precision scores of 37.76%, 36.42%, and 61.29% were obtained for paint peeling, leakage peeling, and leakage trace defects, respectively. Thus, this study verified the performance of the faster RCNN-based defect-detection algorithm along with its applicability to underground parking lots.

Back to the Basics: Seamless Integration of Side-Channel Pre-Processing in Deep Neural Networks

Deep learning approaches have become popular for Side-Channel Analysis (SCA) in the recent years. Especially Convolutional Neural Networks (CNN) due to their natural ability to overcome jitter-based as well as masking countermeasures. Most of the recent works have been focusing on optimising the performance on given dataset, for example finding optimal architecture and using ensemble, and bypass the need for trace pre-processing. However, trace pre-processing is a long studied topic and several proven techniques exist in the literature. There is no straightforward manner to integrate those techniques into deep learning based SCA. In this paper, we propose a generic framework which allows seamless integration of multiple, user defined pre-processing techniques into the neural network architecture. The framework is based on Multi-scale Convolutional Neural Networks ( MCNN) that were originally proposed for time series analysis. MCNN are composed of multiple branches that can apply independent transformation to input data in each branch to extract the relevant features and allowing a better generalization of the model. In terms of SCA, these transformations can be used for integration of pre-processing techniques, such as phase-only correlation, principal component analysis, alignment methods, etc. We present successful results on generic network which generalizes to different publicly available datasets. Our findings show that it is possible to design a network that can be used in a more general way to analyze side-channel leakage traces and perform well across datasets.

Multilabel Deep Learning-Based Side-Channel Attack

In recent years, deep learning methods make a big difference in side-channel attack (SCA) community especially in the profiled scenario. Multiclass classification method is the common way to complete such classification task. In this article, we propose a novel SCA method utilizing multilabel classification from bit-to-byte view. Accordingly, each leakage trace has eight labels when considering a byte. The experimental results on several datasets show that our multilabel classification method is efficient and even performs better in some situations compared with the original multiclass classification model while model complexity is much reduced. Besides, our multilabel model can be seen as ensemble of monobit models and we verify the ensemble effect experimentally.

Preparation, characterization and thermal properties of surface-modified expanded perlite/paraffin as a form-stable phase change composite in concrete

Energy storage plays an important role in improving the applicability of a wide range of energy systems. Buildings could be considered as a desirable place for this purpose. Incorporating phase change materials (PCMs) as form-stable composites into the building materials has been widely taken into consideration in recent years. However, there are still some shortcomings in applying this technique. In this study, we focused on a surface modification method to prevent leakage of PCM from porous aggregates during heating/cooling cycles. Paraffin (PA) as phase change material was impregnated into the expanded perlite (EP) particles by vacuum impregnation method, and prepared EP/PA composite was coated by a layer of polystyrene. Thermal characterization of obtained composite samples was conducted by DSC and TG analysis. Also, a simple apparatus was prepared to evaluate thermal behavior of a concrete block made by these modified form-stable PCMs during the heating process. Oozing circle method and visual observation for leakage were conducted for surface-modified EP/PA particles and final concrete blocks, respectively. Finally, compressive strength test was applied to evaluate the feasibility of using concretes made by EP/PA composites as structural concrete. The results showed that using polystyrene as a coating material for EP/PA particles was a promising method for PCM leakage prevention. Latent heat value decreased about 18% for surface-modified EP/PA but no leakage trace was observed; also in spite of decreasing in compressive strength up to 40%, it is still in acceptable range for structural purposes.

Moving Target Defense Mechanism for Side-Channel Attacks

In this paper, we present a side-channel resilient moving target defense mechanism against power-/electromagnetic-based side-channel attacks. Recent countermeasures use fresh rekeying after every encryption/decryption process; this causes major overhead in synchronizing the communicating parties. In contrast to previous work, our mechanism integrates fresh rekeying and masking techniques at an interval, where these techniques are driven by the maximum number of side-channel leakage traces required toward a successful embedded attack. Hence, the mechanism tracks the effect of attacks on the number of traces, and consequently applies rekeying at suitable intervals to reduce the computational/communication overhead, while increasing the attack cost. The mechanism scalability was evaluated against an advanced attack model based on machine learning methods that reduces significantly the number of traces required for a successful attack under masking implementation.

Static Power SCA of Sub-100 nm CMOS ASICs and the Insecurity of Masking Schemes in Low-Noise Environments

Semiconductor technology scaling faced tough engineering challenges while moving towards and beyond the deep sub-micron range. One of the most demanding issues, limiting the shrinkage process until the present day, is the difficulty to control the leakage currents in nanometer-scaled field-effect transistors. Previous articles have shown that this source of energy dissipation, at least in case of digital CMOS logic, can successfully be exploited as a side-channel to recover the secrets of cryptographic implementations. In this work, we present the first fair technology comparison with respect to static power side-channel measurements on real silicon and demonstrate that the effect of down-scaling on the potency of this security threat is huge. To this end, we designed two ASICs in sub-100nm CMOS nodes (90 nm, 65 nm) and got them fabricated by one of the leading foundries. Our experiments, which we performed at different operating conditions, show consistently that the ASIC technology with the smaller minimum feature size (65 nm) indeed exhibits substantially more informative leakages (factor of ~10) than the 90nm one, even though all targeted instances have been derived from identical RTL code. However, the contribution of this work extends well beyond a mere technology comparison. With respect to the real-world impact of static power attacks, we present the first realistic scenarios that allow to perform a static power side-channel analysis (including noise reduction) without requiring control over the clock signal of the target. Furthermore, as a follow-up to some proof-of-concept work indicating the vulnerability of masking schemes to static powerattacks, we perform a detailed study on how the reduction of the noise level in static leakage measurements affects the security provided by masked implementations. As a result of this study, we do not only find out that the threat for masking schemes is indeed real, but also that common leakage assessment techniques, such as the Welch’s t-test, together with essentially any moment-based analysis of the leakage traces, is simply not sufficient in low-noise contexts. In fact, we are able to show that either a conversion (resp. compression) of the leakage order or the recently proposed X2 test need to be considered in assessment and attack to avoid false negatives.

Template attack vs. stochastic model: An empirical study on the performances of profiling attacks in real scenarios

Template Attack (TA) and Stochastic Model (SM) are two classical profiling attacks. Even if both TA and SM use the maximum likelihood principle (MLP) as the statistical tool to recover the secret key used by the target crypto device, their leakage characterization styles are different, which results in different working efficiencies of TA and SM in different scenarios. Considering that both TA and SM are important tools to evaluate the physical security of crypto devices, the right one should be used to achieve the goal of accurate evaluation. In order to do this, merits and shortcomings of TA and SM in different scenarios should be empirically learned. In fact, previous works have compared working efficiencies of TA and SM in either simulated scenarios or unprotected software scenarios. However, working efficiencies of TA and SM are not systematically evaluated and compared in either unprotected hardware scenarios or protected software scenarios yet. Therefore, evaluators do not have an empirical knowledge on merits and shortcomings of TA and SM in these scenarios, and they do not know which one should be used as the evaluation tool in these scenarios. In light of this, leakage traces provided by DPA Contest v2 and v4 are used to systematically evaluate and compare working efficiencies of TA and SM in either unprotected hardware scenarios or protected software scenarios. Then, merits and shortcomings of TA and SM in these two scenarios can be empirically learned. Therefore, evaluators can choose the right tool to accurately evaluate the physical security of a crypto device in these scenarios.

The Effects of Using Aluminum Oxide Nanoparticles as Heat Transfer Fillers on Morphology and Thermal Performances of Form-Stable Phase Change Fibrous Membranes Based on Capric⁻Palmitic⁻Stearic Acid Ternary Eutectic/Polyacrylonitrile Composite.

In this paper, innovative capric–palmitic–stearic acid ternary eutectic/polyacrylonitrile/aluminum oxide (CA–PA–SA/PAN/Al2O3) form-stable phase change composite fibrous membranes (PCCFMs) with different mass ratios of Al2O3 nanoparticles were prepared for thermal energy storage. The influences of Al2O3 nanoparticles on morphology and thermal performances of the form-stable PCCFMs were investigated by scanning electron microscopy (SEM), differential scanning calorimetry (DSC), and measurement of melting and freezing times, respectively. The results showed that there was no apparent leakage trace from the SEM observation. The DSC analysis indicated that the addition of Al2O3 nanoparticles had no significant effect on phase transition temperatures and enthalpies of the CA–PA–SA/PAN/Al2O3 form-stable PCCFMs. The melting peak temperatures and melting enthalpies of form-stable PCCFMs were about 25 °C and 131–139 kJ/kg, respectively. The melting and freezing times of the CA–PA–SA/PAN/Al2O310 form-stable PCCFMs were shortened by approximately 21% and 23%, respectively, compared with those of the CA–PA–SA/PAN form-stable PCCFMs due to the addition of Al2O3 nanoparticles acting as heat transfer fillers.

Assessing the feasibility of integrating form-stable phase change material composites with cementitious composites and prevention of PCM leakage

In this study, the feasibility of integrating form-stable phase change material (FS-PCM) composites into cementitious composites was investigated. Two different FS-PCM composites were fabricated by using paraffin as functional PCM and hydrophilic and hydrophobic expanded perlite as supporting materials. Because of different surface treatment properties of expanded perlite (EP), their behavior in the cementitious composites were found to be different. Paraffin/hydrophilic EP showed a significant amount of PCM leakage during the integration into cementitious composites. However, no trace of PCM leakage was observed when paraffin/hydrophobic EP integrated into cementitious composites. The instability of FS-PCM in cementitious composite was correlated with surface characteristics of composite PCMs such as contact angle and wetting tension properties. It has been found that the composite PCM having contact angle higher than 90° and negative wetting tension properties successfully prevents the PCM leakage in cementitious composites due to counter-water affinity properties.