omar choudary and markus g. kuhn paris, 15 april 2014osc22/docs/slides_cosade_2014.pdf · template...

Template Attacks on Different Devices

COSADE 2014

Omar Choudary and Markus G. Kuhn !!

Paris, 15 April 2014

Outline

● Template Attacks [Chari et al., CHES ’02]

Outline

● Template Attacks [Chari et al., CHES ’02] ● Problems when using different devices

Outline

● Template Attacks [Chari et al., CHES ’02] ● Problems when using different devices ● Extensive evaluation of TA on different devices

− 4 devices and 5 acquisition campaigns − several compression methods − several methods to improve attack

Outline

● Template Attacks [Chari et al., CHES ’02] ● Problems when using different devices ● Extensive evaluation of TA on different devices

− 4 devices and 5 acquisition campaigns − several compression methods − several methods to improve attack

● PCA and LDA − Guideline for PCA/LDA to make it efficient − Method for improving PCA


Template Attacks on DPA contest v4


Template Attacks – Setup

k


Template Attacks – Profiling

k = 0, 1, 2, …, 255

np = 1000 profiling traces per k

m = 2500 samples per trace


Data space – cloud of traces

��

� ��

For some k

= trace


Data space – mean vector

��

� ��

For some k

= trace vector

= mean vector


Data space – covariance matrix

��

� ��

For some k

S

= trace vector

= mean vector= covariance


Data space – individual covariancesk=2 k=77

k=207

k=81

k=47

��

� �� S

S

S

S

S


Data space – pooled covariancek=2 k=77

k=207

k=81

k=47

��

� ��

Spooled

Spooled

Spooled

Spooled

Spooled


Template Attacks – Compression

m = 2500 samples (points)


Select samples

m= 5


Principal Component Analysis (PCA)k=2 k=77

k=207

k=81

k=47

��

� ��


Principal Component Analysis (PCA)k=2 k=77

k=207

k=81

k=47

��

� ��

B


Principal Component Analysis (PCA)

.m= 3

U=SVD(B)


Linear Discriminant Analysis (LDA)k=2 k=77

k=207

k=81

k=47

��

� ��

B


Linear Discriminant Analysis (LDA)k=2 k=77

k=207

k=81

k=47

��

� ��

B

Spooled

Spooled

Spooled

Spooled

Spooled


Linear Discriminant Analysis (LDA)

.m= 3

U=SVD(B/S)


Template Attacks – Attack

k = ???

1⩽ na⩽ 1000



k = 0, 1, 2, …, 255 Option 1: Multivariate Gaussian Distribution [Chari et al., CHES '02]

X = {x1,x2, . . . ,xna}

k? = argmax

kd(k | X)

d(k | X) =

Y

x2X

1p(2⇡)m |S|

exp

✓�1

2

(x� ¯

xk)0S

�1(x� ¯

xk)

◆



k = 0, 1, 2, …, 255 Option 2: Mahalanobis Distance or Linear Discriminant [Choudary and Kuhn, CARDIS '13]

dMD(k | X) = � 12

X

x2X

(x� x̄k)0S

�1(x� x̄k)

X = {x1,x2, . . . ,xna}

dLinear(k | X) = x̄

0kS

�1

✓ X

x2Xk?

x

◆� na

2x̄

0kS

�1x̄k

k? = argmax

kd(k | X)


TA on same campaign [CARDIS '13]


TA on same campaign [CARDIS '13]

HW


Using different devices in template attack during profiling versus attack phase

● [Renauld et al., Eurocrypt ’11] − Bad results across different ASIC devices − Used 20 different devices − Sample selection with 1 to 3 samples

● [Elaabid et al., Journal Crypto Engineering ’12] − Bad results on same device but different

campaigns − PCA with 1 principal component


Our evaluation

● 4 different devices (Atmel XMEGA 8-bit µC)

BetaAlpha

Gamma Delta


Our evaluation

● 4 different devices (Atmel XMEGA 8-bit µC) ● Code same as our CARDIS ’13 scenario


Our evaluation

● 4 different devices (Atmel XMEGA 8-bit µC) ● Code same as our CARDIS ’13 scenario ● 5 acquisition campaigns

− 1 per device − 1 additional campaign on one device


Our evaluation



● Several compressions with different params


Our evaluation



● Several compressions with different params ● Several methods to improve TA


Standard TA (Meth. 1) same device


Standard TA (Meth. 1) different devices

LDA


Profiling on 3 devices (Meth. 2)

LDA

select many


Analysis of overall mean vectors

��

� ��


Major problem: low-frequency offsetVo

ltage

diff

eren

ce to

Bet

a

Overall mean vectors


Major problem: low-frequency offset

Alp ha

Beta

k = 0, 1, …, 9

Sample j = 884��

��

�

��

�

��

��

��

��

��

��

��

�

��

�

��

��

��

��

��

Voltage

0 500 1000 1500 2000 2500

⇧2

⇧1

0

1

2

x 104

Sample index

Volta

ge


Adapt for the offset (Meth. 3)

median

Overall mean trace (from profiling)

0 500 1000 1500 2000 2500⇧3

⇧2

⇧1

0

1

2

3x 104

Sample index

Volta

ge



median

Single trace (from attack)


Adapt for the offset (Meth. 3)Low-frequency offset

0 500 1000 1500 2000 2500

⇧2

⇧1

0

1

2

x 104

Sample index

Vo

ltag

e

median attack

median profile


Adapt for the offset (Meth. 3)Shift attack trace with offset

0 500 1000 1500 2000 2500⇧3

⇧2

⇧1

0

1

2

3x 104

Sample index

Vo

ltag

e

0 500 1000 1500 2000 2500

⇧2

⇧1

0

1

2

x 104

Sample index

Vo

ltag

e



select many

LDA

PCA


Profile on 3 devices & adapt offset (Meth. 4)

select manyLDA

PCA


Standard TA works well with LDA

LDA


Standard TA works well with LDA

● LDA uses common covariance matrix in computation of eigenvectors

● captures noise factors, such as temperature variations − Our acquisition campaigns took several hours to

complete ● If variation due to noise is similar across

campaigns then LDA can be useful

Spooled

Spooled


How to select LDA eigenvectors (1)

Eigenvector index (j)DC(u j)= u j

1+...+u jm



Eigenvector index (j)DC(u j)= u j

1+...+u jm

m= 4



Eigenvalue index (j)

Eige

nval

ues (

log

axis

)



Eigenvalue index (j)

Eige

nval

ues (

log

axis

)

m= 4


How to select LDA eigenvectors

LDA

Good selection of m was only by chance!We should look at DC component of eigenvectors

m= 4


Can we improve PCA?

PCA

m= 4


Can we improve PCA?

Eigenvector index (j)

DC

Com

pone

nt


Can we improve PCA?


DC

Com

pone

nt

m⩾ 5


Standard TA with PCA and LDA

LDA ,m= 4LDA ,m= 5,6

LDA ,m= 40


Standard TA with PCA and LDA

PCA ,m= 4

PCA ,m= 5,6,40


Method 5: improving PCAk=2 k=77

k=207

k=81

k=47

��

� ��

B


Method 5: improving PCA

● We add random offsets to mean vectors ● This forces DC offset in first eigenvector

● which should remove DC offset from other eigenvectors, due to orthogonality of eigenvectors



k=2k=77

k=207

k=81k=47

B

��

� ��


DC offset of PCA eigenvectors:before Method 5


DC

Com

pone

nt


DC offset of PCA eigenvectors:after Method 5

0 5 10 15 20 25 30 35 40−50

−40

−30

−20

−10

0

10


DC

Com

pone

nt



PCA ,m= 5

PCA ,m= 4



LDA ,m= 4

LDA ,m= 5


Conclusions● Extensive evaluation of TA on different devices

− 4 devices, 5 campaigns − Tested compression methods: LDA, PCA, 1/3/20/5%-ile sample selection − 5 methods to improve TA

● Inter-device differences similar to inter-campaign differences ● Mostly low frequency offset ● Profiling on multiple devices and manipulation of DC offset can help ● But PCA and LDA can work with standard TA

− Need to look at DC component ● Improved PCA by forcing in a DC eigenvector ● Take away message: compression method matters very much in this case

− Previous studies may have missed this fact


Questions

Speaker: Omar Choudary [email protected]

Co-author: Markus Kuhn [email protected]

Security Group Computer Laboratory, University of Cambridge

omar choudary and markus g. kuhn paris, 15 april 2014osc22/docs/slides_cosade_2014.pdf · template...

Documents