Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis

Abstract

Side-channel analysis (SCA) attacks constantly improve and evolve. Implementations are therefore designed to withstand strong SCA adversaries. Different side channels exhibit varying statistical characteristics of the sensed or exfiltrated leakage, as well as the embedding of different countermeasures. This makes it crucial to improve and adapt pre-processing and denoising techniques, and abilities to evaluate the adversarial best-case scenario. We address two popular SCA scenarios: (1) a single-trace context, modeling an adversary that captures only one leakage trace, and (2) a multi-trace (or statistical) scenario, that models the classical SCA context. Given that horizontal attacks, localized electromagnetic attacks and remote-SCA attacks are becoming evermore powerful, both scenarios are of interest and importance. In the single-trace context, we improve on existing Singular Spectral Analysis (<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SSA</mi></semantics></math></inline-formula>) based techniques by utilizing spectral property variations over time that stem from the cryptographic implementation. By adapting overlapped-<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SSA</mi></semantics></math></inline-formula> and optimizing over the method parameters, we achieve a significantly shorter computation time, which is the main challenge of the <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SSA</mi></semantics></math></inline-formula>-based technique, and a higher information gain (in terms of the Signal-to-Noise Ratio (<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SNR</mi></semantics></math></inline-formula>)). In the multi-trace context, a profiling strategy is proposed to optimize a Band-Pass Filter (BPF) based on a low-computational cost criterion, which is shown to be efficient for unprotected and low protection level countermeasures. In addition, a slightly more computationally intensive optimized ‘shaped’ filter is presented that utilizes a frequency-domain <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SNR</mi></semantics></math></inline-formula>-based coefficient thresholding. Our experimental results exhibit significant improvements over a set of various implementations embedded with countermeasures in hardware and software platforms, corresponding to varying baseline <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mi mathvariant="sans-serif">SNR</mi></semantics></math></inline-formula> levels and statistical leakage characteristics.