Clustering algorithms for non-profiled single-execution attacks on exponentiations

Johann Heyszl; Andreas Ibing; Stefan Mangard; Fabrizio De Santis; Georg Sigl

doi:10.1007/978-3-319-08302-5_6

Clustering algorithms for non-profiled single-execution attacks on exponentiations

Johann Heyszl
, Andreas Ibing
, Stefan Mangard
, Fabrizio De Santis
, Georg Sigl

Chair of Security in Information Technology

Fraunhofer AISEC
Technical University of Munich
Graz University of Technology (TU Graz)
Infineon Technologies AG

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

57 Scopus citations

Abstract

Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the k -means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.

Original language	English
Title of host publication	Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers
Publisher	Springer Verlag
Pages	79-93
Number of pages	15
ISBN (Print)	9783319083018
DOIs	https://doi.org/10.1007/978-3-319-08302-5_6
State	Published - 2014
Event	12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013 - Berlin, Germany Duration: 27 Nov 2013 → 29 Nov 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8419 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013
Country/Territory	Germany
City	Berlin
Period	27/11/13 → 29/11/13

Keywords

EM
Exponentiation
Non-profiled
Side-channel attack
Simultaneous measurements
Single-execution
Unsupervised clustering

Access to Document

10.1007/978-3-319-08302-5_6

Cite this

Heyszl, J., Ibing, A., Mangard, S., De Santis, F., & Sigl, G. (2014). Clustering algorithms for non-profiled single-execution attacks on exponentiations. In Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers (pp. 79-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8419 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-08302-5_6

Heyszl, Johann ; Ibing, Andreas ; Mangard, Stefan et al. / Clustering algorithms for non-profiled single-execution attacks on exponentiations. Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers. Springer Verlag, 2014. pp. 79-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f76b55ce2dcf41fc874f38ea4cc34a04,

title = "Clustering algorithms for non-profiled single-execution attacks on exponentiations",

abstract = "Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the k -means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.",

keywords = "EM, Exponentiation, Non-profiled, Side-channel attack, Simultaneous measurements, Single-execution, Unsupervised clustering",

author = "Johann Heyszl and Andreas Ibing and Stefan Mangard and \{De Santis\}, Fabrizio and Georg Sigl",

note = "Funding Information: This work was partly funded by the German Federal Ministry of Education and Research in the project SIBASE through grant number 01IS13020.; 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013 ; Conference date: 27-11-2013 Through 29-11-2013",

year = "2014",

doi = "10.1007/978-3-319-08302-5\_6",

language = "English",

isbn = "9783319083018",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "79--93",

booktitle = "Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers",

}

Heyszl, J, Ibing, A, Mangard, S, De Santis, F & Sigl, G 2014, Clustering algorithms for non-profiled single-execution attacks on exponentiations. in Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8419 LNCS, Springer Verlag, pp. 79-93, 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013, Berlin, Germany, 27/11/13. https://doi.org/10.1007/978-3-319-08302-5_6

Clustering algorithms for non-profiled single-execution attacks on exponentiations. / Heyszl, Johann; Ibing, Andreas; Mangard, Stefan et al.
Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers. Springer Verlag, 2014. p. 79-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8419 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Clustering algorithms for non-profiled single-execution attacks on exponentiations

AU - Heyszl, Johann

AU - Ibing, Andreas

AU - Mangard, Stefan

AU - De Santis, Fabrizio

AU - Sigl, Georg

N1 - Funding Information: This work was partly funded by the German Federal Ministry of Education and Research in the project SIBASE through grant number 01IS13020.

PY - 2014

Y1 - 2014

N2 - Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the k -means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.

AB - Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the k -means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.

KW - EM

KW - Exponentiation

KW - Non-profiled

KW - Side-channel attack

KW - Simultaneous measurements

KW - Single-execution

KW - Unsupervised clustering

UR - https://www.scopus.com/pages/publications/84904117588

U2 - 10.1007/978-3-319-08302-5_6

DO - 10.1007/978-3-319-08302-5_6

M3 - Conference contribution

AN - SCOPUS:84904117588

SN - 9783319083018

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 79

EP - 93

BT - Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers

PB - Springer Verlag

T2 - 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013

Y2 - 27 November 2013 through 29 November 2013

ER -

Heyszl J, Ibing A, Mangard S, De Santis F, Sigl G. Clustering algorithms for non-profiled single-execution attacks on exponentiations. In Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Revised Selected Papers. Springer Verlag. 2014. p. 79-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-08302-5_6

Clustering algorithms for non-profiled single-execution attacks on exponentiations

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this