Security and Communication Networks

Volume 2017 (2017), Article ID 5098626, 8 pages

https://doi.org/10.1155/2017/5098626

## RFA: -Squared Fitting Analysis Model for Power Attack

^{1}The School of Computer Science, Beijing Institute of Technology, Beijing 100081, China^{2}State Key Laboratory of Cryptology, P.O. Box 5159, Beijing 100878, China^{3}The College of Bioengineering, Beijing Polytechnic, Beijing 100176, China^{4}The Science and Technology on Information Assurance Laboratory, Beijing 100072, China

Correspondence should be addressed to Liehuang Zhu

Received 4 January 2017; Accepted 27 February 2017; Published 18 April 2017

Academic Editor: Xiaojiang Du

Copyright © 2017 An Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Correlation Power Analysis (CPA) introduced by Brier et al. in 2004 is an important method in the side-channel attack and it enables the attacker to use less cost to derive secret or private keys with efficiency over the last decade. In this paper, we propose -squared fitting model analysis (RFA) which is more appropriate for nonlinear correlation analysis. This model can also be applied to other side-channel methods such as second-order CPA and collision-correlation power attack. Our experiments show that the RFA-based attacks bring significant advantages in both time complexity and success rate.

#### 1. Introduction

With the development of information technology, information security plays an important role in medical system [1, 2], communications [3], finance [4], and other fields. Side-channel analysis [5, 6] which focuses on exploiting the implementation or some measurable nonmathematical property of a cryptographic system, was introduced by Kocher et al. in 1996. It marks the outbreak of this new research field in the applied cryptography area, so it has advanced quickly such as power analysis [7, 8] and electromagnetic analysis [9–11] in recent two decades. At the same time, many relational techniques have been published which can easily get the secret key by the information leakage.

When using statistical methods to analyze encryption devices, there are several common methods which can be observed. The first one is differential power analysis [5] which was introduced by Kocher. Another is Correlation Power Analysis (CPA) which is introduced by Brier et al. in 2004 [12]. CPA is more efficient than others as it significantly reduces the quantities of the power traces needed for recovering the secret key. Therefore, there are lots of researches in this field.

CPA uses two main models for relating the instantaneous power consumption and the data being manipulated. One is Hamming weight model and the other is Hamming distance model [12]. Then the correct key will be got by calculating the relationship between the changes of the specific register and the power consumption with Pearson’s Correlation Coefficient (PCC). Because of the efficiency and operability of CPA, it has been widely studied and applied on various cryptographic algorithms, such as DES and AES.

In 2008, Gierlichs et al. proposed mutual information analysis which used information theory to develop a powerful attack without any device characterization [13]. With the development of artificial intelligence technology, differential cluster analysis was introduced in 2009 [14]. This technique could use cluster analysis to detect internal collisions and it combines features from previously known collision attacks and differential power analysis. In 2013, a new second-order side-channel attack based on linear regression was proposed by Dabosville et al. [15]. The authors introduced a linear regression model and analyzed the second-order attacks by this technique. In 2016, Bos et al. presented differential computation analysis to assess the security of white-box implementations which required neither knowledge about the look-up tables used nor any reverse engineering effort [16].

At the same time, several countermeasures have been proposed to secure those algorithms from first- and high-order attacks. The first practical evaluation was performed on one additive and one multiplicative masking scheme of AES [4]. An enhancement of this method was proposed [17] which improved the CPA by restricting normalization factor. In 2011, Clavier et al. proposed collision-correlation power analysis on first-order protected AES.

However, to implement the power attack, each collection contains random noise in the process of power consumption. Overall, the noise is normally distributed for the whole traces. But it is also discrete distribution for each power trace. And the PCC cannot describe the correlation better because it is a statistical measure of the strength of a linear relationship between two variables. Therefore, the efficiency and accuracy may be affected.

In this paper, we propose a new method to operate the side-channel attack. The main contributions are as follows:(1)A concept of -squared fitting analysis (RFA) model for power analysis is proposed. This method can describe the correlation of the data better than CPA. In suitable experimental environment, the success rate of RFA is the same as CPA. But, in the poor environment, the result of RFA is better than CPA.(2)RFA can improve the efficiency compared with the classic CPA which is used PCC. A model of the power traces with different Hamming weight from 0 to 8 is set up. In the case of more key points, it can effectively remove the interference of extra random noise so as to improve the success rate and shorten the operation time.(3)RFA method has wide applicability, which is verified by simulation experiments in the different test scenarios. Its efficiency is similar to or better than that of the CPA.

In this paper, the organization is as follows. The Hamming weight model, -squared model, and the classic CPA are given in Section 2. In Section 3, we introduce the basic idea and the -squared fitting model analysis. Then, in Section 4, we introduce the application on the traditional CPA and comparison between the RFA and CPA on AES. In Section 5, we apply the RFA to the other attack methods. Finally, we conclude the paper in Section 6.

#### 2. The Preliminaries

In this section, we first discuss the Hamming weight model. Second, the CPA steps are shown. And, finally, the basic principle of -squared is introduced.

##### 2.1. The Hamming Weight Model

In many ways, Hamming weight model is the simplest method which is proposed in [5, 18] to analyze the correlation between power consumption and the register switching from one state to the other. In CPA, it is generally assumed that the leakage from the power side-channel depends on the number of bits switching to or to at a given time. And the register is modeled as a state transition which is triggered by some events such as the edge of a clock signal. In an -bit register, binary data is coded as , with the bit values or . And its Hamming weight is the number of 1, .

The Hamming weight model neglects some factors which have an influence on the power consumption, for example, parasitic capacities, glitches, and transition events. When using the Hamming weight model for analysis, we assume that the power consumption is proportional to the number of bits set to logic of the processed sensitive variable. In reality, we need to use the Hamming weight model only if the previous state is all .

The linear relationship between the power consumption and is limited. But considering a chip as a large set of elementary electrical components, the linear relationship does not represent the entire consumption of a chip but only the data-dependent part. In addition to the previously mentioned state changes, the power consumption of a chip also contains other variable consumption. It would be assigned to a term denoted by which is assumed independent from the other variables: encloses offsets, time dependent components, and noise. Therefore, the basic model for the data dependency can be written as follows:where is a scalar gain between the value of Hamming weight of and the power consumption .

##### 2.2. The Correlation Power Analysis

When processing sensitive intermediate values, side-channel leakage brings data-dependent power consumption or other physical behaviors. In [7], we can see the power consumption is related to the status of the register. In this paper, we use the Hamming weight model to analyze the correlation between the power consumption and intermediate values.

The connection of the devices is shown in Figure 1. The computer sends the ciphertexts to the cryptographic device, for example, chips, smart cards, and microcontrollers. The attacker connects the resistor with the power line of the cryptographic device and acquires the traces of the power consumption by the oscilloscope, which are transmitted to the computer.