Virtual Triggering a Technique to Segment Cryptographic Processes in Side-Channel Traces 1stJeremy Guillaume

2025-05-06 0 0 3.11MB 6 页 10玖币
侵权投诉
Virtual Triggering: a Technique to Segment
Cryptographic Processes in Side-Channel Traces
1st Jeremy Guillaume
IETR UMR CNRS 6164
CentraleSup´
elec Rennes Campus
35576 Cesson-Sevign´
e, France
jeremy.guillaume@centralesupelec.fr
2nd Maxime Pelcat
IETR UMR CNRS 6164
INSA Rennes
35700 Rennes, France
maxime.pelcat@insa-rennes.fr
3rd Amor Nafkha
IETR UMR CNRS 6164
CentraleSup´
elec Rennes Campus
35576 Cesson-Sevign´
e, France
amor.nafkha@centralesupelec.fr
4th Rub´
en Salvador
IETR UMR CNRS 6164
CentraleSup´
elec Rennes Campus
35576 Cesson-Sevign´
e, France
ruben.salvador@centralesupelec.fr
Abstract—Side-Channel Attacks (SCAs) exploit data correla-
tion in signals leaked from devices to jeopardize confidentiality.
Locating and synchronizing segments of interest in traces from
Cryptographic Processes (CPs) is a key step of the attack. The
most common method consists in generating a trigger signal
to indicate to the attacker the start of a CP. This paper
proposes a method called Virtual Triggering (VT) that removes
the need for the trigger signal and automates trace segmentation.
When the time between repetitions is not constant, further trace
alignment techniques are required. Building on VT, we propose
a simple method to learn representative segment templates from
a profiling device similar to the victim, and to automatically
locate and pull out these segments from other victim devices
using simple pattern recognition. We evaluate VT on screaming
channel attacks [1], which initially used a Frequency Component
(FC) known to appear at a single time in leaked signals, as a
trigger to segment traces. We demonstrate that VT not only
performs equivalently to FC on a standard attack scenario, but
we also show how using VT with the automatic pullout technique
improves the attack efficiency and enables more realistic attack
scenarios. Thanks to VT, screaming channel attacks can now:
(1) succeed with only half of the segments collected compared
to the FC trigger from the original attack; and (2) absorb time
variations between CPs.
Index Terms—Cybersecurity, side-channel attacks, screaming
channels, electromagnetic side-channels, trace collection.
I. INTRODUCTION
Side-Channel Attacks (SCAs) [2] exploit data-correlated
leakages that arise when a device operates on data. The
term side-channel is used to denote physical leakage signals
carrying confidential information. Side-channels are inherent
to CMOS computing devices and can take many forms,
from timing to power consumption to Electromagnetic (EM)
emanations. We call traces to the sampled measurements of a
side-channel during the execution of one or multiple targeted
operations. The most common scenario in SCAs targets a
cryptographic key manipulated by Cryptographic Processes
(CPs), as eavesdropping such a key can jeopardize system
confidentiality. We refer to these attacks as Side-Channel
Cryptographic Attacks (SCCAs) [3]. A trace can contain
leakage from multiple CPs. Trace segmentation separates the
different segments from the leakage, each corresponding to
the side-channel measurement of one CP execution. During
the attacking phase, a hypothesis ˆyYon the data yis made
(Y= all possible data values). Techniques like Differential
Power Analysis (DPA) [4], Correlation Power Analysis (CPA)
[5], Mutual Information Analysis (MIA) [6], template attacks
[7] and more recently Deep Learning (DL) [8], evaluate the
relationship between ˆyand the segment leakage values. Each
hypothesis Yis tested, and a probability is returned for all
of them. The ˆyhaving the highest probability is expected
to correspond to the data y. For these attacks to work, it
is important to know, for each segment point, to which CP
operations they belong. It makes it possible to find a relation
between yand leak values of the same CP data-correlated
operations present in all segments. To respect this requirement,
segment synchronization is done during the collecting and pre-
processing phases of the attack.
Focused on screaming channel attacks, we look into its
collecting and pre-preprocessing phases, which aim at obtain-
ing synchronized and denoised segments from the victim’s
leakage traces using techniques like time diversity (average
multiple CPs computing the same data to reduce the noise).
To relax the triggering requirements for trace capturing and
synchronization, our contributions include:
Virtual Triggering (VT), a method to segment traces from
side-channels of an embedded device executing a cryp-
tographic software implementation. VT requires neither
external synchronization nor tampered victim software.
an experimental evaluation of the proposal on a realistic
screaming channel attack to Advanced Encryption Stan-978-1-6654-8524-1/22/$31.00 ©2022 IEEE
arXiv:2210.12059v1 [cs.CR] 21 Oct 2022
Analogue
Substrate
Legitimate signal + Noise
Substrate Coupling
DAC Amp
Digital Noise Fclock FRadio Fclock
Fclock
Digital
Fig. 1. Screaming channel attacks: Conventional side-channels leak to the
RF module in the analog part, present on the same die. This one transmits
side-channels at a larger distance (until some meters).
dard (AES) on an embedded device.
a discussion on the method limitations and solutions.
experimental results demonstrating the gains obtained
with these solutions.
VT does not require any specific setup on the victim side,
like a trigger signal to indicate the start of a CP. It consists in
finding a precise enough time duration of the targeted process
executed periodically. This makes it possible to act as if a
trigger would indicate a common location in all the process
segments. This virtual trigger can then be used to segment
CPs from a trace. The method aims at helping researchers to
reduce the effort in target preparation and in the collecting
phase of the attack, while also giving a small step toward a
more realistic attack scenario.
The paper is organized as follows. Section II provides the
context of this work and Section III discusses related works.
Then, Section V details the proposed virtual trigger segmenta-
tion method, and Section VI evaluates it experimentally on a
screaming channel setup. Section VII discusses the limitation
of the method and proposes a solution to overcome it. Finally,
Section VIII concludes the paper.
II. SCREAMING CHANNEL ATTACKS
Experimental results build on the attack scenario called
screaming channels introduced by Camurati, et al. [1]. As
illustrated in Fig. 1, screaming channels occur on mixed-signal
devices where digital processing is collocated with analog
Radio Frequency (RF) electronics over a single die. Side-
channels originated from digital processing mix with RF signal
and get amplified, modulated, and broadcast. The primary
threat posed by screaming channels is the risk of transmitting
secrets over long distances, i.e., scream them.
The screaming channel signals are very noisy. Plus, to
collect them, it is necessary that the RF module transmits a
legitimate signal. In the context of this paper, it is a Bluetooth
signal. Between two Bluetooth transmissions, the collected
signal contains holes. As in regular screaming channel analy-
sis, to counterbalance these constraints, time diversity is used
during the collection phase. The principle is to force the device
to compute multiple encryptions with the same plaintext and
key. Since the same data has been computed, their segment
values should be the same, except for the noise. Averaging
the segments returns a CP segment with reduced noise.
III. RELATED WORKS ON SEGMENT SYNCHRONIZATION
Synchronization is used to know to which CP operations
each segment point belongs to. Otherwise, segment points
corresponding to operations whose leakage values are data-
correlated would be compared with other unrelated points.
Therefore, it would be harder to distinguish a relationship be-
tween leakage values and data. We name these data-correlated
points as Points of Interest (POIs). To synchronize segments,
an alignment between them can be done using techniques like
static alignment [9], longest common sequence [10], elastic
alignment [11] and synchronous real-time sampling [12].
Before aligning segments, it is first necessary to locate these
segments of interest in the traces. The most common technique
in SCA research consists of inserting a trigger signal to start
the trace measurement synchronized with the beginning of
the CP. Attack setups are prepared to either have (1) the
victim to create the trigger signal to inform the attacker when
encryption starts, or (2) the attacker sending a trigger signal
to the victim to make it start at a precise moment. This is an
accepted scenario in the community to enable SCA research.
But it assumes attackers have access to the victim to generate
or listen to a trigger synchronization signal. SAKURA and
NewAE’s Chipwhisperer are widely used platforms in the
community that follow this approach.
However, in many cases, using a trigger signal is impossible.
For example, when a given firmware cannot be modified to
add instructions that control the trigger signal. Or simply
because the device used to collect traces is not capable of
capturing two signals, the side-channel signal and the trigger
signal, concurrently. Locating CPs in traces without using
trigger signals can be done with pattern recognition techniques.
For this purpose, Beckers, et al. [13] compare methods that
calculate the correspondence between trace and pattern values.
When this match score is over a pre-defined threshold, the
corresponding part of the leakage is considered as being
the location in the trace of a targeted segment. IcWaves1
implements such pattern recognition methods.
Nevertheless, to use these methods, the attacker is supposed
to already have a pattern or characterized segments having
the same statistical properties as the researched segments,
representative of the triggering moment. Therefore, the ques-
tion of how to find this pattern remains open. To that end,
Trautmann et al. [14] proposed a technique to locate AES
CPs in leakage signals by searching for parts of the leakage
having consecutive similar patterns corresponding to the 10
AES rounds. This method can find AES CPs in long traces
also containing other CP operation leakages. Souissi et al. [15]
used wavelet transforms to detect the limit of AES segments in
traces and then used these segments to do pattern recognition.
In the screaming channels context, in order to locate CPs
from leakage signals, the only technique reported so far in
the literature, by Camurati et al. [1] and Wang et al. [16],
used a frequency component trigger mechanism2. The method
1https://www.riscure.com/security-tools/hardware/icwaves.
2https://github.com/bolek42/rsa-sdr.
摘要:

VirtualTriggering:aTechniquetoSegmentCryptographicProcessesinSide-ChannelTraces1stJeremyGuillaumeIETRUMRCNRS6164CentraleSup´elecRennesCampus35576Cesson-Sevign´e,Francejeremy.guillaume@centralesupelec.fr2ndMaximePelcatIETRUMRCNRS6164INSARennes35700Rennes,Francemaxime.pelcat@insa-rennes.fr3rdAmorNafkh...

展开>> 收起<<
Virtual Triggering a Technique to Segment Cryptographic Processes in Side-Channel Traces 1stJeremy Guillaume.pdf

共6页,预览2页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:6 页 大小:3.11MB 格式:PDF 时间:2025-05-06

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 配电装置 动力学连接体 力的合成 高考理综 全宋诗作者索引 公务员考试
/ 6
评分 收藏
分享
立即下载
客服
关注