Cryptography Reference
In-Depth Information
computations to exhibit the secret. Indeed, the leaked information can be sta-
tistically modeled by a continuous random variable following an unknown or
uncertain probability law
P
law
.
The main challenge of SCA is to make a sound estimation of
P
law
relevant
features without loss of information. The more accurate this estimation is, the
greater the eciency of SCA is. Basically, random variables are measured and
analyzed in term of their statistical and probabilistic features [7]. In the case of
SCA, calculations based on the first and second order statistics seem to be good
ways to quantify the secret information. For instance, Differential Power Analysis
(DPA) is mainly based on computations related to the first-order statistic, the
“mean”. Moreover, Variance Power Analysis (VPA) [30, 18] which is based on
the variance, has shown its eciency on masked implementations.
Recently, a new powerful variant of SCA so-called MIA [8] has been presented
to the cryptographic community. This attack is based on mutual information
theory which requires a reliable estimation of the probability density function of
P
law
. Basically, an accurate probabilistic measure, such as the entropy, describes
better one random variable than other statistics [24]. However, the optimal ac-
curacy is hardly achieved specially when the probability law is unknown. As a
matter of fact, the probability density of an unknown law is quite dicult to
properly estimate when the available data to be studied is limited [7]. Statisti-
cians are used to calculate quantities easier to estimate. These quantities are the
moments of a probability distribution like the mean, the variance or the kurtosis.
By analogy to the cryptographic domain, statisticians are identified to attackers
and the available data to power or EM consumption signals. Indeed, the attacker
is often required to conduct its attack under certain constraints. Actually, ac-
cording to the security levels as defined by Abraham et al. [2], secure devices
could be classified into seven levels of security. According to each level, the at-
tacker behaves in different manners. In the real life, the attacker has to perform
the attack by considering the external environment of the device under attack
which depends on the factory and the type of the circuit (FPGA, ASIC, . . . ).
For instance, some security measures could be employed to limit the acquisition
of power consumption signals (
traces
). Thus, the attacker would not be free to
acquire as much traces as he wants. In addition to that, we believe that any
cryptographic design could be attacked by exploiting its sensitivity against one
chosen statistic, denoted by
CS
, that could be the mean, the variance or any
other statistic describing one
P
law
. The higher the sensitivity is, the greater is
the vulnerability of the implementation against attacks based on the considered
CS
. This is true since an ideal cryptographic implementation could not really
exist, in accordance with the fact that real life application could not fit exactly
the theory.
In this paper, we outline the way how Principal Component Analysis (PCA [12])
couldbeusedtoextractthevalueofthe secret key. PCA is a multivariate data
analytic technique [24, 26] that has found application in fields such as computer
vision [28, 15], robotics [34], sociology and economics [27]. It is a way of identify-
ing patterns in multidimensional data set, and visualising these data into a lower
Search WWH ::
Custom Search