Secure Implementation on Smart Cards

Emmanuel Prouff
Lundi 08 Juil 2013

Since the preliminary works of Kocher et al. in the nineties, studying and enforcing the resistance of cryptographic implementations against Side Channel Analysis (SCA) is became a dynamic and prolific area of embedded security. Stochastic attacks, introduced by Schindler et al. at CHES 2005, form one of the main families of SCA and they offer a valuable alternative to template attacks which are known to be among the most efficient ones. However, stochastic attacks, as long as template  attacks, have been initially designed for adversaries with a perfect copy of the target device in hand. Such a prerequisite makes them a pertinent tool when studying the implementations resistance against the most powerful adversaries, but it limits their pertinence as a cryptanalytic technique. Indeed, getting open access to a copy of the device under attack is difficult in practice and, even when possible, it remains difficult to exploit templates acquired on one device to attack another one. In light of this observation, several papers have been published to adapt stochastic attacks for contexts where the above prerequisite is no longer needed. They succeeded in defining practical attacks against unprotected implementations but no work was published until now to explain how stochastic attacks can be applied against secure implementations. The proposed presentation aims at dealing  with this issue. I will first show haw to extend the previous analyses of stochastic attacks to highlight their core foundations. Then, I will explain how they can be generalized to defeat first-order masking techniques, which are the main SCA countermeasures. Eventually, I will illustrate the interest of the new attack by a series of experiments on simulated and real electro-magnetic measurement traces.