Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SNOW-SCA: ML-assisted Side-Channel Attack on SNOW-V (2403.08267v1)

Published 13 Mar 2024 in cs.CR, cs.LG, and cs.NI

Abstract: This paper presents SNOW-SCA, the first power side-channel analysis (SCA) attack of a 5G mobile communication security standard candidate, SNOW-V, running on a 32-bit ARM Cortex-M4 microcontroller. First, we perform a generic known-key correlation (KKC) analysis to identify the leakage points. Next, a correlation power analysis (CPA) attack is performed, which reduces the attack complexity to two key guesses for each key byte. The correct secret key is then uniquely identified utilizing linear discriminant analysis (LDA). The profiled SCA attack with LDA achieves 100% accuracy after training with $<200$ traces, which means the attack succeeds with just a single trace. Overall, using the \textit{combined CPA and LDA attack} model, the correct secret key byte is recovered with <50 traces collected using the ChipWhisperer platform. The entire 256-bit secret key of SNOW-V can be recovered incrementally using the proposed SCA attack. Finally, we suggest low-overhead countermeasures that can be used to prevent these SCA attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (26)
  1. A. Caforio, F. Balli, and S. Banik, “Melting SNOW-V: improved lightweight architectures,” J Cryptogr Eng, vol. 12, no. 1, pp. 53–73, Apr. 2022.
  2. J. Yang and T. Johansson, “An overview of cryptographic primitives for possible use in 5G and beyond,” Sci. China Inf. Sci., vol. 63, no. 12, p. 220301, Nov. 2020.
  3. 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and Systems Aspects; Study on the support of 256-bit algorithms for 5G (Release 16). 3GPP TR 33.841 V0.7.0),” 33841-070clean.docx, Tech. Rep., 2018. [Online]. Available: https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3422
  4. P. Ekdahl, T. Johansson, A. Maximov, and J. Yang, “A new SNOW stream cipher called SNOW-V,” IACR Transactions on Symmetric Cryptology, pp. 1–42, Sep. 2019. [Online]. Available: https://tosc.iacr.org/index.php/ToSC/article/view/8356
  5. ETSI SAGE, “256-bit algorithms based on SNOW 3G or SNOW V (S3-211407),” S3-211407 SAGE-20-14 LS to SA3 on SNOW 3G and SNOW V.docx, Tech. Rep., 2021. [Online]. Available: https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_103e/Docs
  6. L. K. Grover, “A fast quantum mechanical algorithm for database search,” in Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, ser. STOC ’96.   New York, NY, USA: Association for Computing Machinery, 1996, p. 212–219. [Online]. Available: https://doi.org/10.1145/237814.237866
  7. S. Kumar, V. A. Dasu, A. Baksi, S. Sarkar, D. Jap, J. Breier, and S. Bhasin, “Side Channel Attack On Stream Ciphers: A Three-Step Approach To State/Key Recovery,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 166–191, Feb. 2022.
  8. D. Strobel, “Side Channel Analysis Attacks on Stream Ciphers,” Master’s thesis, Ruhr-Universität Bochum, 2009.
  9. C. Rechberger and E. Oswald, “Stream Ciphers and Side-Channel Analysis ?” 2004. [Online]. Available: https://www.semanticscholar.org/paper/Stream-Ciphers-and-Side-Channel-Analysis-Rechberger-Oswald/08eee01f04e1d02d53260d6655dfed5ff28e8eaf#extracted
  10. E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,” in Cryptographic Hardware and Embedded Systems - CHES 2004, ser. Lecture Notes in Computer Science, M. Joye and J.-J. Quisquater, Eds.   Berlin, Heidelberg: Springer, 2004, pp. 16–29.
  11. O. Choudary and M. G. Kuhn, “Efficient Template Attacks,” in Smart Card Research and Advanced Applications, ser. Lecture Notes in Computer Science, A. Francillon and P. Rohatgi, Eds.   Cham: Springer International Publishing, 2014, pp. 253–270.
  12. J. Danial, D. Das, A. Golder, S. Ghosh, A. Raychowdhury, and S. Sen, “Em-x-dl: Efficient cross-device deep learning side-channel attack with noisy em signatures,” J. Emerg. Technol. Comput. Syst., vol. 18, no. 1, sep 2021. [Online]. Available: https://doi.org/10.1145/3465380
  13. S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” in Advances in Cryptology — CRYPTO’ 99, M. Wiener, Ed.   Berlin, Heidelberg: Springer Berlin Heidelberg, 1999, pp. 398–412.
  14. M. Rivain and E. Prouff, “Provably secure higher-order masking of AES,” in Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings, ser. Lecture Notes in Computer Science, S. Mangard and F. Standaert, Eds., vol. 6225.   Springer, 2010, pp. 413–427.
  15. J. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” in Cryptographic Hardware and Embedded Systems - CHES 2000, Second International Workshop, Worcester, MA, USA, August 17-18, 2000, Proceedings, ser. Lecture Notes in Computer Science, Ç. K. Koç and C. Paar, Eds., vol. 1965.   Springer, 2000, pp. 231–237.
  16. C. Herbst, E. Oswald, and S. Mangard, “An AES smart card implementation resistant to power analysis attacks,” in Applied Cryptography and Network Security, 4th International Conference, ACNS 2006, Singapore, June 6-9, 2006, Proceedings, ser. Lecture Notes in Computer Science, J. Zhou, M. Yung, and F. Bao, Eds., vol. 3989, 2006, pp. 239–252.
  17. S. Bhasin, D. Jap, W. C. Ng, and S. M. Sim, “Survey on the Effectiveness of DAPA-Related Attacks against Shift Register Based AEAD Schemes,” Cryptology ePrint Archive, Paper 2022/561, 2022, https://eprint.iacr.org/2022/561. [Online]. Available: https://eprint.iacr.org/2022/561
  18. C. Tokunaga and D. Blaauw, “Secure AES engine with a local switched-capacitor current equalizer,” in 2009 IEEE International Solid-State Circuits Conference - Digest of Technical Papers, Feb. 2009, pp. 64–65,65a.
  19. A. Singh, M. Kar, S. Mathew, A. Rajan, V. De, and S. Mukhopadhyay, “25.3 A 128b AES Engine with Higher Resistance to Power and Electromagnetic Side-Channel Attacks Enabled by a Security-Aware Integrated All-Digital Low-Dropout Regulator,” in 2019 IEEE International Solid- State Circuits Conference - (ISSCC), Feb. 2019, pp. 404–406, iSSN: 2376-8606, 0193-6530.
  20. D. Das, M. Nath, B. Chatterjee, S. Ghosh, and S. Sen, “STELLAR: A Generic EM Side-Channel Attack Protection through Ground-Up Root-cause Analysis,” in 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), May 2019, pp. 11–20, iSSN: null.
  21. D. Das, S. Maity, S. B. Nasir, S. Ghosh, A. Raychowdhury, and S. Sen, “High efficiency power side-channel attack immunity using noise injection in attenuated signature domain,” in 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), May 2017, pp. 62–67.
  22. D. Das, J. Danial, A. Golder, N. Modak, S. Maity, B. Chatterjee, D. Seo, M. Chang, A. Varna, H. Krishnamurthy, S. Mathew, S. Ghosh, A. Raychowdhury, and S. Sen, “27.3 EM and Power SCA-Resilient AES-256 in 65nm CMOS Through >350× Current-Domain Signature Attenuation,” in 2020 IEEE International Solid-State Circuits Conference - (ISSCC), Feb. 2020, pp. 424–426, iSSN: 2376-8606. [Online]. Available: https://ieeexplore.ieee.org/document/9062997
  23. A. Ghosh, D. Das, J. Danial, V. De, S. Ghosh, and S. Sen, “SynSTELLAR: An EM/Power SCA-Resilient AES-256 With Synthesis-Friendly Signature Attenuation,” IEEE Journal of Solid-State Circuits, vol. 57, no. 1, pp. 167–181, Jan. 2022, conference Name: IEEE Journal of Solid-State Circuits.
  24. D. Das, S. Maity, S. B. Nasir, S. Ghosh, A. Raychowdhury, and S. Sen, “ASNI: Attenuated Signature Noise Injection for Low-Overhead Power Side-Channel Attack Immunity,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 65, no. 10, pp. 3300–3311, Oct. 2018.
  25. D. Das, J. Danial, A. Golder, N. Modak, S. Maity, B. Chatterjee, D.-H. Seo, M. Chang, A. L. Varna, H. K. Krishnamurthy, S. Mathew, S. Ghosh, A. Raychowdhury, and S. Sen, “EM and Power SCA-Resilient AES-256 Through >350x Current-Domain Signature Attenuation and Local Lower Metal Routing,” IEEE Journal of Solid-State Circuits, pp. 1–1, 2020, conference Name: IEEE Journal of Solid-State Circuits.
  26. A. Ghosh, D. Das, J. Danial, V. De, S. Ghosh, and S. Sen, “36.2 An EM/Power SCA-Resilient AES-256 with Synthesizable Signature Attenuation Using Digital-Friendly Current Source and RO-Bleed-Based Integrated Local Feedback and Global Switched-Mode Control,” in 2021 IEEE International Solid- State Circuits Conference (ISSCC), vol. 64, Feb. 2021, pp. 499–501, iSSN: 2376-8606.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now