Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis
(2021) 5th Workshop on Attacks and Solutions in Hardware Security, ASHES '21 p.51-61- Abstract
- In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0... (More)
- In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. "Spicing" the training set with traces from the device under attack helps minimize the negative effect of device variability.
(Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/5b3f87ab-8421-45b7-89f3-15dbcc7a5982
- author
- Ngo, Kalle ; Dubrova, Elena and Johansson, Thomas LU
- organization
- publishing date
- 2021-11-15
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security
- pages
- 51 - 61
- publisher
- Association for Computing Machinery (ACM)
- conference name
- 5th Workshop on Attacks and Solutions in Hardware Security, ASHES '21
- conference location
- Virtual, Korea, Republic of
- conference dates
- 2021-11-19 - 2021-11-19
- ISBN
- 978-1-4503-8662-3
- DOI
- 10.1145/3474376.3487277
- language
- English
- LU publication?
- yes
- id
- 5b3f87ab-8421-45b7-89f3-15dbcc7a5982
- date added to LUP
- 2021-12-15 14:42:31
- date last changed
- 2021-12-17 14:12:47
@inproceedings{5b3f87ab-8421-45b7-89f3-15dbcc7a5982, abstract = {{In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. "Spicing" the training set with traces from the device under attack helps minimize the negative effect of device variability.<br/><br/>}}, author = {{Ngo, Kalle and Dubrova, Elena and Johansson, Thomas}}, booktitle = {{ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security}}, isbn = {{978-1-4503-8662-3}}, language = {{eng}}, month = {{11}}, pages = {{51--61}}, publisher = {{Association for Computing Machinery (ACM)}}, title = {{Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis}}, url = {{http://dx.doi.org/10.1145/3474376.3487277}}, doi = {{10.1145/3474376.3487277}}, year = {{2021}}, }