Paper 2018/317

Sliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock

Dor Fledel and Avishai Wool

Abstract

Power analysis side channel attacks rely on aligned traces. As a counter-measure, devices can use a jittered clock to misalign the power traces. In this paper we suggest a way to overcome this counter-measure, using an old method of integrating samples over time followed by a correlation attack (Sliding Window CPA). We theoretically re-analyze this general method with characteristics of jittered clocks and show that it is stronger than previously believed. We show that integration of samples over a suitably chosen window size actually amplifies the correlation both with and without jitter - as long as multiple leakage points are present within the window. We then validate our analysis on a new data-set of traces measured on a board implementing a jittered clock. Our experiments show that the SW-CPA attack with a well-chosen window size is very successful against a jittered clock counter-measure and significantly outperforms previous suggestions, requiring a much smaller set of traces to correctly identify the correct key.

Note: Asked by eprint

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Major revision. Proceedings of SAC'18, LNCS 11349, pages 193-215
Keywords
Power analysisSW-CPAJittered clocks
Contact author(s)
dorfledel @ gmail com
History
2019-02-05: revised
2018-04-04: received
See all versions
Short URL
https://ia.cr/2018/317
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/317,
      author = {Dor Fledel and Avishai Wool},
      title = {Sliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock},
      howpublished = {Cryptology ePrint Archive, Paper 2018/317},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/317}},
      url = {https://eprint.iacr.org/2018/317}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.