Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis

Ngo, Kalle ; Dubrova, Elena and Johansson, Thomas LU orcid (2021) 5th Workshop on Attacks and Solutions in Hardware Security, ASHES '21 p.51-61
Abstract
In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0... (More)
In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. "Spicing" the training set with traces from the device under attack helps minimize the negative effect of device variability.

(Less)
Please use this url to cite or link to this publication:
author
; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security
pages
51 - 61
publisher
Association for Computing Machinery (ACM)
conference name
5th Workshop on Attacks and Solutions in Hardware Security, ASHES '21
conference location
Virtual, Korea, Republic of
conference dates
2021-11-19 - 2021-11-19
ISBN
978-1-4503-8662-3
DOI
10.1145/3474376.3487277
language
English
LU publication?
yes
id
5b3f87ab-8421-45b7-89f3-15dbcc7a5982
date added to LUP
2021-12-15 14:42:31
date last changed
2021-12-17 14:12:47
@inproceedings{5b3f87ab-8421-45b7-89f3-15dbcc7a5982,
  abstract     = {{In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from 257xN and 24x257xN traces, respectively, where N is the number of repetitions of the same measurement. The value of N depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments N=10 is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. "Spicing" the training set with traces from the device under attack helps minimize the negative effect of device variability.<br/><br/>}},
  author       = {{Ngo, Kalle and Dubrova, Elena and Johansson, Thomas}},
  booktitle    = {{ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security}},
  isbn         = {{978-1-4503-8662-3}},
  language     = {{eng}},
  month        = {{11}},
  pages        = {{51--61}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis}},
  url          = {{http://dx.doi.org/10.1145/3474376.3487277}},
  doi          = {{10.1145/3474376.3487277}},
  year         = {{2021}},
}