Channel Estimation to Improve the Scalability of Power Leakage based Side-Channel Attacks on Cryptographic Systems

Side channel attacks exploit physical information that leaks from a cryptographic device in order to extract secret information, such as secret keys, passwords, or instructions that may be stored inside the device. The physical information used in side-channels can be electromagnetic or acoustic emanations, timing, power consumption, or others. A widely used form of side channels relies on the analysis of power consumption. The exploited physical information in these forms of side channel attacks is the leakage traces of the power consumed during a computation. This dissertation focusses on studying power-analysis based side-channel attacks to better understand this threat to modern cryptographic devices and their implementations. The effectiveness of side-channel attacks is based on the fact that the physical leakages are dependent on the internal state of the device. This dependency is represented by a leakage model or leakage function. To better understand the leakage model in side-channel attacks, we propose to model the side channel as a communication channel in the traditional sense. This allows us to use a weighted leakage model and then to propose an L2-norm based re-weighted algorithm to further tune the leakage model. Compared to previous methods, our algorithm shows significant improvements in key recovery performance. Typically, secrets in cryptographic systems have a large number of bits, for example 128 bits in AES 128. Therefore, directly applying side-channel attacks that have proven effective for small secret with 8 or 16 bits, such as the Template Attack or the Stochastic Model, is computationally impossible. Most of the side-channel attacks typically apply a divide-and-conquer strategy to attempt to scale to larger number of bits. However, how to efficiently implement the Stochastic Model using divide-and-conquer is not obvious. This dissertation proposes two models to explore how to efficiently extend the Stochastic Model to non-linear cryptographic systems. The experimental results illustrate that our proposed methods show significant improvements in key recovery. Finally, how to efficiently exploit the samples in the leakage traces is always an important problem in side channel attacks. In the case of AES, side channel attacks are usually launched on either the first round or the last round of the AES encryption. We propose an algorithm that exploits the information during both rounds, which significantly improves the key recovery. Compared to previous methods that attempt to integrate information from multiple AES rounds, such as the Algebraic Side-Channel Attacks and the Soft Analytical Side-Channel Attacks, our method shows huge saving in computing cost and complexity due to our pragmatic implementation