An ASIC Implementation of the AES SBoxes
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A Highly Regular and Scalable AES Hardware Architecture
IEEE Transactions on Computers
Power analysis attacks and countermeasures for cryptographic algorithms
Power analysis attacks and countermeasures for cryptographic algorithms
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Templates vs. stochastic methods
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
WISA'04 Proceedings of the 5th international conference on Information Security Applications
A stochastic model for differential side channel cryptanalysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Template attacks on masking—resistance is futile
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Information Security and Cryptology --- ICISC 2008
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
How to characterize side-channel leakages more accurately?
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Analysis of nonparametric estimation methods for mutual information analysis
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
First principal components analysis: a new side channel distinguisher
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Efficient entropy estimation for mutual information analysis using b-splines
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Towards different flavors of combined side channel attacks
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
On the optimality of correlation power attack on embedded cryptographic systems
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
ECML PKDD'12 Proceedings of the 2012 European conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I
| Hi-index | 0.00 |
We propose a new class of distinguishers for differential side-channel analysis based on nonparametric statistics. As an example we use Spearman's rank correlation coefficient. We present a comparative study of several statistical methods applied to real power measurements from an AES prototype chip to demonstrate the effectiveness of the proposed method. Our study shows that Spearman's rank coefficient outperforms all other univariate tests under consideration. In particular we note that Pearson's correlation coefficient requires about three times more samples for reliable key recovery than the method we propose. Further, multivariate methods with a profiling step which are commonly assumed to be the most powerful attacks are not significantly more efficient at key extraction than the attack we propose. Our results indicate that power models which are linear in the transition count are not optimal for the attacked prototype chip.