Projet de recherche doctoral numero :3478


Date depot: 1 janvier 1900
Titre: Distinguishing Distinguishers: A Theoretical Approach to Side-Channel Analysis.
Directeur de thèse: Olivier RIOUL (LTCI (EDMH))
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini

Resumé: {{Introduction to the subject}} To be trustworthy, secure devices must ensure they kept secrets inaccessible from attackers. Now, side-channel analysis has emerged as a new threat, that must be carefully understood to better counter it. Side-channel analysis is a breakthrough technique that allows any pirate to extract cryptographic keys from secure devices. It consists in recording 'weak signals', such as the power or the electromagnetic radiations, and analysing them to derive hypotheses on the secret key using a divide-and-conquer approach (e.g., keys are retrieved byte by byte). In this context, side-channel distinguishers are statistical tools that quantify the link between a leakage and a model. They are used advantageously when the model is unknown, but can depend on a subkey that can be enumerated exhaustively. In this condition, the distinguisher is used as a 'side-channel attack' to extract secrets: the key that maximizes the metric on the link is considered the actual one. The scenario is as follows: A cryptographic device (RfiD tag, smar tcard, smartphone, network appliance, etc.) contains a secret key, which cannot be read out via the regular application programming interface. However, it leaks via some side-channels, for instance the emitted magnetic field. This analog quantity can be captured with an adequate antenna, and measured by an acquisition apparatus, such as an oscilloscope. Since in practice, the measurements are noisy, the first step consists in preprocessing the signals to clean them. The signal is then abstracted, usually into statistical moments or its probability density function. The distinguisher consists in computing statistical quantities for all key hypotheses. The correct key is (hopefully) the one that maximizes the distinguisher's value after analysing many side-channel traces. {{Problem statements}} Despite the huge progress made in the last decade of security analysis of embedded systems, current evaluations are still done in ad hoc ways, either by experiments or with incomplete simulation benches. On the one hand, this methodology is 'dynamic' and requires (sometimes prohibitive) time/memory space to carry out the required meaningful estimations of distinguishers. On the other hand, the por tability of the results from one device/test platform to another is arguable because it is hard to quantify the obtained confidence level in the accuracy of the estimations. Negative side-effects are the difficulty of unambiguous comparison of evaluation methodologies and countermeasures, and the lack of foundations for reasoned methodologies: Many side-channel distinguishers have been proposed, and they are clearly of unequal efficiency. However, there exists no definite theoretical method to just compare them. {{Background and literature review}} Side-channel distinguishers have been analyzed standalone, but seldom compared. We can cite: DoM (Difference of Means), correlation analysis (linear : Pearson, rank-based: Spearman, Kendall, mixed: Gini, non-linear, etc.), distribution-based distinguishers (maximum likelihood - so-called template attacks; information theoretic: MIA (mutual information analysis), IIA (interclass information analysis), or those based on cumulative probability distributions [23]). Those distinguishers extract simultaneously the most leaking date and the most probable key. The first level of analysis consists in proving their soundness. This is customarily done based on experiments or simulations. Another issue is to compare them. It has been initially done using empirical tests, such as the number of measurements to unambiguously break the key. As this is subject to 'opportunistic effects' (see for instance the discussion in [20]), the notion of success rate has been introduced [21]. A representative number of attacks are conducted and the probability of success is estimated for each number of traces. We have improved this method's confidence using the error variance. However, this method still remains empirical, being based on simulations. Some works have already attempted to theorize better the efficiency of distinguishers: The correlation power analysis (CPA) is modeled so as to link the asymptotic distinguisher value with the number of queries to overcome 90% success rate (N 90%) in [12]. Different leakage models are compared in front of the same attack, using a notion of attack signal to noise ratio (SNR) in [7] or nearest rival in [22]. In [16], the success rate is expressed formally in terms of Gaussian integrations. Results are obtained about information theoretic distinguishers when they are approximated normally in [15]. In [13], a notion of asymptotic equivalence is introduced: two distinguishers are said equivalent if the number of traces to overcome a given success rate decreases when the noise variance tends towards the infinity. The soundness for MIA and IIA is proved in our joint work [11]. However,

Doctorant.e: Heuser Annelie