Finding the Needle in the Haystack: Metrics for Best Trace Selection in Unsupervised Side-Channel Attacks on Blinded RSA

Kulow, Alexander and Schamberger, Thomas and Tebelmann, Lars and Sigl, Georg

doi:10.1109/TIFS.2021.3074884

Benutzer: Gast

9410592

Titel:: Finding the Needle in the Haystack: Metrics for Best Trace Selection in Unsupervised Side-Channel Attacks on Blinded RSA
Dokumenttyp:: Zeitschriftenaufsatz
Autor(en):: Kulow, Alexander and Schamberger, Thomas and Tebelmann, Lars and Sigl, Georg
Abstract:: For asymmetric ciphers, such as RSA and ECC, side-channel attacks on the underlying exponentiation are mitigated by countermeasures like constant-time implementation and blinding. This restricts an attacker to a single side-channel trace for an attack as a different representation of the private key is used for each exponentiation. In this work, we propose an unsupervised machine learning framework for side-channel attacks on asymmetric cryptography that analyzes leakage in multiple side-channel traces, identifying the best trace for key retrieval. We apply Principal Component Analysis (PCA) preprocessing followed by a classification step that assigns segments of traces to elementary operations of the Square and Multiply exponentiation of RSA. In order to estimate the attack complexity for each trace in terms of key enumeration effort, we introduce two new metrics: The Entropy-based Cost Function (EBCF) is used to select a trace for the attack as well as bits which have to be brute-forced if not all bits can be determined correctly from this single trace. To reduce brute-force complexity further, we introduce Illegal Sequence Detection (ISD) to remove brute-force candidates which do not fit to the Square-and-Multiply scheme. We first provide a proof of concept for 320-bit key length traces and, moving towards a more realistic scenario, retrieve the key from a 1024- bit RSA implementation protected by message and exponent blinding. We are able to select the trace with the least remaining brute-force complexity from 1000 power measurements of the signature generation with randomized inputs and blinding values on a 32-bit ARM Cortex-M4 microcontroller. «
For asymmetric ciphers, such as RSA and ECC, side-channel attacks on the underlying exponentiation are mitigated by countermeasures like constant-time implementation and blinding. This restricts an attacker to a single side-channel trace for an attack as a different representation of the private key is used for each exponentiation. In this work, we propose an unsupervised machine learning framework for side-channel attacks on asymmetric cryptography that analyzes leakage in multiple side... »
Stichworte:: Side-channel analysis, RSA, exponentiation, unsupervised machine learning, PCA, best trace selection
Dewey Dezimalklassifikation:: 620 Ingenieurwissenschaften
Zeitschriftentitel:: IEEE Transactions on Information Forensics and Security
Jahr:: 2021
Band / Volume:: 16
Jahr / Monat:: 2021-05
Quartal:: 2. Quartal
Monat:: May
Seitenangaben Beitrag:: 3254-3268
Volltext / DOI:: doi:10.1109/TIFS.2021.3074884
BibTeX

Vorkommen:

mediaTUM Gesamtbestand Hochschulbibliographie 2021 Fakultäten Elektrotechnik und Informationstechnik Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2021