当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Finding the Needle in the Haystack: Metrics for Best Trace Selection in Unsupervised Side-Channel Attacks on Blinded RSA
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2021-04-22 , DOI: 10.1109/tifs.2021.3074884 Alexander Kulow 1 , Thomas Schamberger 1 , Lars Tebelmann 1 , Georg Sigl 1
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2021-04-22 , DOI: 10.1109/tifs.2021.3074884 Alexander Kulow 1 , Thomas Schamberger 1 , Lars Tebelmann 1 , Georg Sigl 1
Affiliation
For asymmetric ciphers, such as RSA and ECC, side-channel attacks on the underlying exponentiation are mitigated by countermeasures like constant-time implementation and blinding. This restricts an attacker to a single side-channel trace for an attack as a different representation of the private key is used for each exponentiation. In this work, we propose an unsupervised machine learning framework for side-channel attacks on asymmetric cryptography that analyzes leakage in multiple side-channel traces, identifying the best trace for key retrieval. We apply Principal Component Analysis (PCA) preprocessing followed by a classification step that assigns segments of traces to elementary operations of the Square and Multiply exponentiation of RSA. In order to estimate the attack complexity for each trace in terms of key enumeration effort, we introduce two new metrics: The Entropy-based Cost Function (EBCF) is used to select a trace for the attack as well as bits which have to be brute-forced if not all bits can be determined correctly from this single trace. To reduce brute-force complexity further, we introduce Illegal Sequence Detection (ISD) to remove brute-force candidates which do not fit to the Square-and-Multiply scheme. We first provide a proof of concept for 320-bit key length traces and, moving towards a more realistic scenario, retrieve the key from a 1024-bit RSA implementation protected by message and exponent blinding. We are able to select the trace with the least remaining brute-force complexity from 1000 power measurements of the signature generation with randomized inputs and blinding values on a 32-bit ARM Cortex-M4 microcontroller.
中文翻译:
大海捞针:盲 RSA 无监督侧通道攻击中最佳跟踪选择的指标
对于非对称密码,例如 RSA 和 ECC,通过恒定时间实施和致盲等对策可以减轻对底层幂运算的旁道攻击。这将攻击者限制为攻击的单个侧通道跟踪,因为每次求幂使用不同的私钥表示。在这项工作中,我们提出了一种针对非对称加密的侧通道攻击的无监督机器学习框架,该框架分析多个侧通道轨迹中的泄漏,识别密钥检索的最佳轨迹。我们应用主成分分析 (PCA) 预处理,然后进行分类步骤,将迹线段分配给 RSA 的平方和乘幂运算的基本运算。为了根据关键枚举工作来估计每个踪迹的攻击复杂性,我们引入了两个新指标:基于熵的成本函数(EBCF)用于选择攻击的踪迹以及必须进行暴力破解的位-如果不能从该单个跟踪中正确确定所有位,则强制。为了进一步降低暴力破解的复杂性,我们引入了非法序列检测(ISD)来删除不适合平方乘法方案的暴力破解候选。我们首先提供 320 位密钥长度跟踪的概念证明,然后转向更现实的场景,从受消息和指数盲法保护的 1024 位 RSA 实现中检索密钥。我们能够从 32 位 ARM Cortex-M4 微控制器上具有随机输入和致盲值的签名生成的 1000 个功率测量中选择剩余暴力复杂度最低的迹线。
更新日期:2021-04-22
中文翻译:
大海捞针:盲 RSA 无监督侧通道攻击中最佳跟踪选择的指标
对于非对称密码,例如 RSA 和 ECC,通过恒定时间实施和致盲等对策可以减轻对底层幂运算的旁道攻击。这将攻击者限制为攻击的单个侧通道跟踪,因为每次求幂使用不同的私钥表示。在这项工作中,我们提出了一种针对非对称加密的侧通道攻击的无监督机器学习框架,该框架分析多个侧通道轨迹中的泄漏,识别密钥检索的最佳轨迹。我们应用主成分分析 (PCA) 预处理,然后进行分类步骤,将迹线段分配给 RSA 的平方和乘幂运算的基本运算。为了根据关键枚举工作来估计每个踪迹的攻击复杂性,我们引入了两个新指标:基于熵的成本函数(EBCF)用于选择攻击的踪迹以及必须进行暴力破解的位-如果不能从该单个跟踪中正确确定所有位,则强制。为了进一步降低暴力破解的复杂性,我们引入了非法序列检测(ISD)来删除不适合平方乘法方案的暴力破解候选。我们首先提供 320 位密钥长度跟踪的概念证明,然后转向更现实的场景,从受消息和指数盲法保护的 1024 位 RSA 实现中检索密钥。我们能够从 32 位 ARM Cortex-M4 微控制器上具有随机输入和致盲值的签名生成的 1000 个功率测量中选择剩余暴力复杂度最低的迹线。
京公网安备 11010802027423号