Disclaimer: This page refers to an external person. It only lists all the interactions between this person and the Crypto Group. Validity or accuracy of the following information is thus not guaranteed in any way.
Seminars given
November 17, 2003 - Optimal Exploitation of Side-Channel Information
by Werner Schindler
Abstract: | Many papers on side-channel attacks present remarkable ideas but lack of sound mathematical methods. In particular, only parts of the overall side-channel information are used which lowers the efficiency of the attack. However, in `real life'
side-channel measurements may not be available in unlimited numbers, at least they may be costly.
Minimizing the error probabilities for the guesses of the particular key parts (for a given number of measurements) or
vice versa, minimizing the number of necessary measurements (for fixed error probability) is clearly desirable for a
potential attacker. On the other side, however, this enables the system designer to rate the risk potential and the efficiency of the proposed countermeasures.
Side-channel information can be interpreted as values assumed by random variables where the relevant information is covered by noise. Often this can be modelled as a stochastic process, and the attack can be viewed as a sequence of statistical decision problems. Roughly speaking, an optimal decision strategy minimizes the expected loss of a decision problem which primarily depends on the probabilities for wrong guesses
but also on the consequences of errors. Depending on the concrete situation certain types of errors may be easier to detect and correct than others.
In this way the efficiency of a particular timing attack presented at Cardis '98 could be improved by factor 50, for instance. Some side-channel attacks were not detected without stochastical methods. The talk introduces into the subject matter at some examples where the belonging mathematical models, the applied stochastical methods and the main results are sketched. |
May 07, 2008 - A New Approach in Side-Channel Analysis: Combining Engineer's Intuition with Advanced Stochastic Methods
by Werner Schindler
Abstract: | The 'classical' approach in power analysis is DPA. DPA attacks require only little set-up work but on the negative side their attacking efficiency is low. Template attacks interpret measurements as values that are assumed by random variables whose (unknown) distributions depend on the subkey, a part of the plaintext and possibly on a masking value. In the profiling phase (aka characterization phase) measurement series are gained at a training device to estimate the unknown probability densities for each parameter set. The attacking efficiency of 'classical' template attacks(avoiding any model assumptions) is maximal but especially strong masked implementations profiling require gigantic workload.
This talk considers a stochastic approach (introduced at CHES 2005) that
combines the engineer's qualitative intuition with quantitative statistical methods. This approach does not aim at the exact probability densities but on (sufficiently close) approximators. The profiling workload is order(s) of magnitude smaller than for (classical) template attacks while its attacking efficiency is lower but still comparable. The attacking efficiency of this approach is much stronger than DPA. Moreover, the stochastic approach does not only provide the information whether a design can successfully be attacked but also exhibits the underlying reasons for the side-channel leakage, which allows the aimed re-design of cryptographic implementations. This stochastic approach works for power attacks on non-masked and masked implementations. It can be generalized in a natural way to electromagnetic radiation attacks and, more generally, to multi-channel attacks. |
Publications
François-Xavier Standaert, François Koeune, and Werner Schindler. How to Compare Profiled Side-Channel Attacks, proceedings of ACNS 2009, Volume 5536 of Lecture Notes in Computer Science, pages 485-498, Spinger, June 2009 BibTeX
Werner Schindler, François Koeune, and Jean-Jacques Quisquater. Improving Divide and Conquer Attacks Against Cryptosystems by Better Error Detection Correction Strategies, Cryptography and Coding - 8th IMA International Conference on Cryptography and Coding, Volume 2260 of Lecture Notes in Computer Science, pages 245-267, Springer-Verlag, December 2001 PDF BibTeX
Copyright Notice
(
click here to expand/retract)
Some material that is available from this page is copyrighted.
IACR Copyright Notice: Permission is granted for a user to display all
material at this site, to copy the material onto a single computer, and to make
print copies of the material for personal use only. All other rights are
retained by the International Association for Cryptologic Research. In
particular, any other copying, other redistribution, or any commercial use of
the material requires the permission of the publisher, which may be requested
by contacting the International Association for Cryptologic Research.
IEEE Copyright Notice: This material is presented to ensure timely
dissemination of scholarly and technical work. Copyright and all rights therein
are retained by authors or by other copyright holders. All persons copying this
information are expected to adhere to the terms and constraints invoked by each
author's copyright. In most cases, these works may not be reposted without the
explicit permission of the copyright holder.
ACM Copyright Notice: Copyright © 1999 by the Association for
Computing Machinery, Inc. Permission to make digital or hard copies of part of
this work for personal or classroom use is granted without fee provided that
copies are not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page or intial
screen of the document. Copyrights for components of this work owned by others
than ACM must be honored. Abstracting with credit is permitted. To copy
otherwise, to republish, to post on servers, or to redistribute to lists,
requires prior specific permission and/or a fee. Request permissions from
Publications Dept., ACM Inc., fax +1 (212) 869-0481, or
permissions@acm.org.
Springer-Verlag LNCS Copyright Notice: The copyright of these
contributions has been transferred to Springer-Verlag Berlin Heidelberg New
York. The copyright transfer covers the exclusive right to reproduce and
distribute the contribution, including reprints, translations, photographic
reproductions, microform, electronic form (offline, online), or any other
reproductions of similar nature. Online available from Springer-Verlag LNCS
series.