Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Similar documents
FPGA implementation of DWT for Audio Watermarking Application

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

SIDE-CHANNEL attacks exploit the leaked physical information

Electromagnetic-based Side Channel Attacks

Is Your Mobile Device Radiating Keys?

Finding the key in the haystack

Chapter 5. Signal Analysis. 5.1 Denoising fiber optic sensor signal

Towards Optimal Pre-processing in Leakage Detection

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Variety of scalable shuffling countermeasures against side channel attacks

Evoked Potentials (EPs)

ARM BASED WAVELET TRANSFORM IMPLEMENTATION FOR EMBEDDED SYSTEM APPLİCATİONS

Power Analysis Attacks on SASEBO January 6, 2010

CHAPTER 3 WAVELET TRANSFORM BASED CONTROLLER FOR INDUCTION MOTOR DRIVES

Synchronous Sampling and Clock Recovery of Internal Oscillators for Side Channel Analysis

Wavelet Transform Based Islanding Characterization Method for Distributed Generation

Wavelet Transform. From C. Valens article, A Really Friendly Guide to Wavelets, 1999

A Novel Approach for MRI Image De-noising and Resolution Enhancement

Recommendations for Secure IC s and ASIC s

Test Apparatus for Side-Channel Resistance Compliance Testing

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

Steganography & Steganalysis of Images. Mr C Rafferty Msc Comms Sys Theory 2005

Wavelet Denoising Technique for Improvement of the Low Cost MEMS-GPS Integrated System

A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies

Multimodal Face Recognition using Hybrid Correlation Filters

Introduction to Wavelet Transform. Chapter 7 Instructor: Hossein Pourghassem

Synchronization Method for SCA and Fault Attacks

Differential Power Analysis Attack on FPGA Implementation of AES

IMPROVING CPA ATTACK AGAINST DSA AND ECDSA

Optimization of DWT parameters for jamming excision in DSSS Systems

FPGA implementation of LSB Steganography method

AN ERROR LIMITED AREA EFFICIENT TRUNCATED MULTIPLIER FOR IMAGE COMPRESSION

THE APPLICATION WAVELET TRANSFORM ALGORITHM IN TESTING ADC EFFECTIVE NUMBER OF BITS

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

Wavelet Transform. From C. Valens article, A Really Friendly Guide to Wavelets, 1999

Keywords Decomposition; Reconstruction; SNR; Speech signal; Super soft Thresholding.

Application of Wavelet Transform to Process Electromagnetic Pulses from Explosion of Flexible Linear Shaped Charge

THE STATISTICAL ANALYSIS OF AUDIO WATERMARKING USING THE DISCRETE WAVELETS TRANSFORM AND SINGULAR VALUE DECOMPOSITION

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD

A DWT Approach for Detection and Classification of Transmission Line Faults

Information Leakage from Cryptographic Hardware via Common-Mode Current

Nonlinear Companding Transform Algorithm for Suppression of PAPR in OFDM Systems

Partial Discharge Signal Denoising by Discrete Wavelet Transformation

Number Theory and Public Key Cryptography Kathryn Sommers

[Panday* et al., 5(5): May, 2016] ISSN: IC Value: 3.00 Impact Factor: 3.785

ABSTRACT I. INTRODUCTION

High capacity robust audio watermarking scheme based on DWT transform

Comparison of Profiling Power Analysis Attacks Using Templates and Multi-Layer Perceptron Network

Digital Audio Watermarking With Discrete Wavelet Transform Using Fibonacci Numbers

An on-chip glitchy-clock generator and its application to safe-error attack

SUBTHRESHOLD DESIGN SPACE EXPLORATION FOR GAUSSIAN NORMAL BASIS MULTIPLIER

Linearization Method Using Variable Capacitance in Inter-Stage Matching Networks for CMOS Power Amplifier

Discrete Wavelet Transform For Image Compression And Quality Assessment Of Compressed Images

Power System Failure Analysis by Using The Discrete Wavelet Transform

Power Quality Monitoring of a Power System using Wavelet Transform

Characterization of Voltage Sag due to Faults and Induction Motor Starting

Enhancement of Speech Signal by Adaptation of Scales and Thresholds of Bionic Wavelet Transform Coefficients

When Electromagnetic Side Channels Meet Radio Transceivers

VU Signal and Image Processing. Torsten Möller + Hrvoje Bogunović + Raphael Sahann

Design and Implementation of Current-Mode Multiplier/Divider Circuits in Analog Processing

A Modified Image Coder using HVS Characteristics

An Implementation of LSB Steganography Using DWT Technique

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC.

Design and Testing of DWT based Image Fusion System using MATLAB Simulink

A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals

ICA & Wavelet as a Method for Speech Signal Denoising

A Novel Encryption System using Layered Cellular Automata

Fault Location Technique for UHV Lines Using Wavelet Transform

A DUAL TREE COMPLEX WAVELET TRANSFORM CONSTRUCTION AND ITS APPLICATION TO IMAGE DENOISING

Keywords Arnold transforms; chaotic logistic mapping; discrete wavelet transform; encryption; mean error.

GEARBOX FAULT DETECTION BY MOTOR CURRENT SIGNATURE ANALYSIS. A. R. Mohanty

Threshold Implementations. Svetla Nikova

Reversible data hiding based on histogram modification using S-type and Hilbert curve scanning

(i) Understanding of the characteristics of linear-phase finite impulse response (FIR) filters

International Journal of Digital Application & Contemporary research Website: (Volume 1, Issue 7, February 2013)

An Adaptive Wavelet and Level Dependent Thresholding Using Median Filter for Medical Image Compression

A multi-mode structural health monitoring system for wind turbine blades and components

Implementation of Block based Mean and Median Filter for Removal of Salt and Pepper Noise

A Weighted Least Squares Algorithm for Passive Localization in Multipath Scenarios

REAL-TIME DENOISING OF AE SIGNALS BY SHORT TIME FOURIER TRANSFORM AND WAVELET TRANSFORM

Ultra wideband pulse generator circuits using Multiband OFDM

Keywords: symlet wavelet, recoil acceleration, sensor, filtering

MC CDMA PAPR Reduction Using Discrete Logarithmic Method

DPA Leakage Models for CMOS Logic Circuits

4. Design Principles of Block Ciphers and Differential Attacks

Some Cryptanalysis of the Block Cipher BCMPQ

(i) Understanding of the characteristics of linear-phase finite impulse response (FIR) filters

Keywords: dynamic P-Box and S-box, modular calculations, prime numbers, key encryption, code breaking.

Introduction to Wavelets Michael Phipps Vallary Bhopatkar

Keywords Medical scans, PSNR, MSE, wavelet, image compression.

A NOVEL DESIGN OF CURRENT MODE MULTIPLIER/DIVIDER CIRCUITS FOR ANALOG SIGNAL PROCESSING

Nonlinear Filtering in ECG Signal Denoising

Orthonormal bases and tilings of the time-frequency plane for music processing Juan M. Vuletich *

Journal of mathematics and computer science 11 (2014),

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

HTTP Compression for 1-D signal based on Multiresolution Analysis and Run length Encoding

A Case Study of Side-Channel Analysis using Decoupling Capacitor Power Measurement with

Analysis of Secure Text Embedding using Steganography

AN EXTENDED VISUAL CRYPTOGRAPHY SCHEME WITHOUT PIXEL EXPANSION FOR HALFTONE IMAGES. N. Askari, H.M. Heys, and C.R. Moloney

LabVIEW Based Condition Monitoring Of Induction Motor

Transcription:

978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han Department of Mathematics Kookmin University Seoul, Korea Rep. christa@kookmin.ac.kr Abstract Correlation Power Analysis (CPA) is a very effective attack method for finding secret keys using the statistical features of power consumption signals from cryptosystems. However, the power consumption signal of the encryption device is greatly affected or distorted by noise arising from peripheral devices. When a side channel attack is carried out, this distorted signal, which is affected by noise and time inconsistency, is the major factor that reduces the attack performance. A signal processing method based on the Wavelet Transform (WT) has been proposed to enhance the attack performance. Selecting the decomposition level and the wavelet basis is very important because the CPA performance based on the WT depends on these two factors. In this paper, the CPA performance, in terms of noise reduction and the transform domain, is compared and analyzed from the viewpoint of attack time and the minimum number of signals required to find the secret key. In addition, methods for selecting the decomposition level and the wavelet basis using the features of power consumption are proposed, and validated through experiments. Keywords-Wavelet Transform, Side Channel Attack, Multi Resolution Analysis, Correlation Power Analysis I. INTRODUCTION Side Channel Analysis (SCA) is an attack method for finding the secret key of a cryptosystem based on the cryptographic operation time, power consumption, and electromagnetic waves the same information as is derived from the physical implementation [1]. The most well known power analysis methods are Simple Power Analysis (SPA), Differential Power Analysis (DPA), Correlation Power Analysis (CPA), Template Analysis (TA), and Mutual Information Analysis(MIA) and etc. Among them, DPA is one of the most powerful analysis methods within SCA, which has been developed and studied in various ways such as CPA. CPA is an effective method for finding the secret key based on the correlation between the input information and the power Jeongchoon Ryoo Faculty Boards Korea National Defense University Seoul, Korea Rep. jcwillow@naver.com consumption signal that leaks from security devices [2,3]. However, the power consumption signal of the encryption device is greatly affected or distorted by noise arising from peripheral devices. When SCA is applied, this distorted signal, which is affected by noise and time inconsistency, is the major factor that reduces attack performance. To overcome the degradation of the side channel attack performance, various signal processing methods such as frequency analysis, higherorder statistical analysis, and wavelet analysis have been proposed [4,5]. To obtain the signal used in side channel attack, previously proposed methods that use the wavelet transform are based on the following process. First, based on the selected wavelet basis, Multi-Resolution Analysis (MRA) is applied to the collected power consumption signals. Second, the various noise reduction processes are applied to the MRA-processed signal. To enhance the SCA performance, most previous research has focused on noise reduction methods, which include filtering and denoising algorithms. Different from the noise reduction methods, Y. Souissi et al. proposed signal processing methods based on the wavelet coefficients in the wavelet domain to enhance the CPA performance using a DES algorithm [6,7]. Both noise reduction and transform domainbased methods resulted in significant side channel attack performance enhancement. However, no comparative study on the CPA performance for the above two proposed signal processing methods has been performed. Moreover, the decomposition level and the wavelet basis are critical factors, because the performance of CPA based on the wavelet transform depends mainly on the selection of the decomposition level and wavelet basis. All experiments were carried out on the MSP430 board used in low-power embedded systems and the CEB card board used to drive and control the IC card. A comparative study of the collected signal from the first round of the AES algorithm with 16 S- boxes was conducted. Through experimental results, this paper confirms the importance of selecting the appropriate

202 decomposition level and wavelet basis through the performance analysis of CPA based on the wavelet transform. The composition of this paper is as follows. Chapter 2 introduces CPA and the wavelet transform. Chapter 3 describes signal preprocessing with the existing wavelet transform. Chapter 4 proposes a method for selecting the decomposition level and wavelet basis. Chapter 5 describes our experiments and their assessment. Finally, Chapter 6 presents our conclusions. II.CORRELATION POWER ANALYSIS AND WAVELET TRANSFORM A. Correlation Power Analysis CPA is an analysis method that can be applied to any cipher device, regardless of the manner of correspondence considered. This method assumes that the amount of power consumed depends on the intermediate-operation value of the device. Thus, after several messages are input into a cryptographic algorithm on-board the device, this method collects electrical information based on the power consumption while the algorithm is being carried out. The CPA calculation first sets a position for the attack of the algorithm that it will apply, and then, it calculates the intermediate-data value of the attack position through plaintext or cryptogram by inferring several secret keys. Next, using a power consumption model of the device, it calculates the value of power consumption of intermediate-data. Then, a correlation between the information collected from the actual device and the values in the power consumption model will be available. To derive the correlation, a correlation coefficient calculation is repeated, corresponding to the number of cases of the secret key used for the operation. Among the values from the repeated calculation, the guessing key that has a high correlation is considered the secret key. The correlation coefficient is the criterion for making a judgment of the correlation between two distributions, X and Y, which are constructed with intermediate-data from the cipher calculation and power consumption signal. The correlation coefficient is calculated via the following process. The correlation coefficient refers to the linearity between the two distributions: if they have a positive correlation similar in form to, the correlation coefficient has a value close to 1; if they have a negative correlation, the value is close to -1. If there is only a slight correlation between the two distributions, that is, the distributions are more independent, the value is closer to 0. Equation (1) is the formula for the correlation coefficient. In CPA, X is a subset of intermediate-data values from several plaintexts used in the power consumption model, and Y is a subset of the actual power consumption information when several plaintexts are input into the algorithm in devices. (1) B. Wavelet Trasform Signals acquired experimentally are not continuous in time, but are sampled at discrete time intervals. The discrete wave transform (DWT) is the sum over the entire duration of the scaled and shifted versions of the wavelet function. The DWT, when applied to the original signal, is expressed as (2) The calculation of the DWT over the duration of a signal results in many coefficients, which are functions of the translation parameter and the scale parameter. These parameters allow one to perform MRA, which is the advantage of using WT. MRA is shown in Figure 1; an incoming signal X starts by passing through and, which are a low-pass filter and a high-pass filter, respectively. Next, the signal undergoes down sampling and is divided into approximation A and detail D. The approximation, which is the component from the lowpass filter, mainly becomes code-relevant information. The component from the high-pass filter becomes noise, which is called detail. This process can be repeated until a particular frequency band is found. Figure 1 indicates that if one obtains approximations in the first wavelet decomposition process, the next decomposition Level can expect an approximation and detail. This decomposition level selection in the wavelet decomposition varies in the features of code-relevant information included in the applicable signals. Figure 1. Multi resolution Analysis III. PREVIOUS WORK Figure 2 shows a general flow diagram of the CPA technique with signal preprocessing. This study will consider a preprocessing method that uses a wavelet transform of the collected power consumption signals. Transforming the wavelet facilitates signal analysis, both in the frequency domain and in the time domain; furthermore, the results are available to be analyzed at different resolutions in each domain. Because of this feature, wavelets are widely

203 used in various applications such as those in medical science, the visual industry, and resources exploration. Existing signal processing methods can be generally divided into two types. The first type is a signal noise reduction technique using DWT and inverse-dwt (IDWT), in which analysis is based on the time domain. The second method is based on the wavelet domain, which is a transform technique that approximates the discrete wavelet. Figure 2. Flowchart of SCA A. Noise Reduction Noise reduction methods generally consist of three parts, as described below. The first part is MRA, which is a process in which the collected power consumption signals to be examined are divided into various scales in the selected wavelet. The second part is the filtering process, which reduces noise from in the applied MRA signals. The third part is a stage in which the side channel signal is recovered from the reduced signals, side channel signals that are going to be used for the CPA attack. The diagram in Figure 3 indicates the interaction between the preprocessing process for the power consumption signals and the noise-reduction technique. Using discrete wavelets, the signals consisting of noise and cipher calculation signal are decomposed, and the detailed coefficients are all substituted with 0. Next, the signals are reconstructed via the IDWT. Using the above process, the MRA-applied method of noise reduction for the measured power signals was proposed; this has greatly enhanced the efficiency of DPA attacks [6,7]. Figure 3. Noise-reduction Technique B. Wavelet Transform Method In 2011, a method of SCA in the wavelet transform domain was suggested by Y. Souissi, a method that focused on the direct use of the conversion factor in the wavelet domain from the wavelet transform of the DES algorithm signal.[8] Figure 4 shows the preprocessing of the power consumption signal in the wavelet transform method, which is divided into two stages, as described below. First, MRA is applied; this gives an indication of the various scales in the collected power consumption information. The second stage involves the application of the CPA attack with an approximation that was selected from among the analyzed signals using MRA. Figure 4. Method of Wavelet Transform Diagram As shown in the diagram below, the difference between the two methods of wavelet transform and noise reduction is that there is no reconstruction process of signals by the IDWT in the wavelet transform method. That is, the approximation produced by the DWT is used for the CPA attack. The benefit of this method is increased time efficiency resulting from a reduction in signal preprocessing time, because no signal reconstruction stage is needed. Moreover, the length of the signal is decreased by almost, where indicates the required decomposition level when MRA is applied. This time benefit also means that the time required for an attack is significantly shorter, even if there is a need for a similar number of plaintexts compared to the method of noise reduction. IV. METHOD OF SELECTION FOR SUGGESTED DECOMPOSITION LEVEL AND WAVELET BASIS Wavelet-based CPA performance is heavily dependent on not only the necessary attack time and the minimum number of signals for attack success, but also on the selection of the decomposition level and wavelet basis. Thus, appropriate selection of these factors is important if the encrypted calculation signals of the collected power consumption are to be correctly determined without distortions. Till date, there have been few studies regarding methods of decomposition level and wavelet basis selection for maximizing the performance of wavelet-based CPA. Therefore, this chapter will consider a method for selecting for these two factors for enhancing wavelet-based CPA performance. The enhancement will also be proven through experiments.

204 A. Selection of Decomposition Level To select the best decomposition level, the first step is to assume that all relevant code information from power consumption signals leaks from security systems primarily at a certain resolution. Figure 5 shows the features of the signal distribution (per frequency division) of the collected power consumption signals, to which the Fourier transform is applied. In wavelet-based CPA, the process of selecting the decomposition level of the leaked power signal is as follows: when transforming frequencies, there is a certain basis set that shows a significantly larger signal, and all other transformed signals that are higher than the basis are eliminated, which comes to be the selected level. Figure 5. Method of Decomposition Level The selection of the decomposition level is made using the following formula. (3) Where : decomposition level of conjecture, : sampling rate, : frequency with supreme signal Figure 5 shows the method of the decomposition level selection based on signals obtained by the MSP430 board. As shown in the figure, the frequency of the highest signal is 8.37 MHz, and by eliminating frequency components higher than this value, the level is selected. Thus, on the MSP430 board, the CPA performance is expected to be enhanced when the decomposition level is set at level 3 or level 4. B. Selection of Wavelet Basis CPA is a method for finding a secret key using the correlation between power consumption signals collected from actual devices and leakage model. Therefore, it is very important to select a wavelet basis that is similar to the obtained signals. Table 1 shows the power consumption signals and the correlation coefficient for a given basis. Table 1 shows the correlation coefficients of the power consumption signals of the MSP430 board and the IC-chip board, which shows the correlations for the Daubechies(DB) family 1 4 and Coiflets(Coif) family 1 3. The results of the correlation coefficient calculation indicate that both boards expect to have the best results with Coiflets family 3. In this chapter, we will carry out an experiment to verify the benefits of selecting the correct resolution and a high-correlation wavelet basis to have the best CPA performance. Table 1. Correlation Coefficient per basis MSP430 Board IC-Chip Board DB1 0.078948 0.285760 DB2 0.135245 0.375877 DB3 0.178645 0.305616 DB4 0.210743 0.462845 Coif1 0.172402 0.282690 Coif2 0.327821 0.461872 Coif3 0.379725 0.474607 V. EXPERIMENTAL RESULTS A. Experimental Environment To analyze the CPA performance in the time domain and the wavelet transform domain, we used power consumption measurements from two devices. One device is the MSP430 board, which is normally used for low-energy embedded systems such as mobile devices. The other device is that the IC-chip board, which is able to operate and control real-world security systems or development IC cards. The experiment was carried out during the first round of AES encryption algorithm operated on both devices. (Figure 6) shows pictures of the MSP3430 board and IC-chip board used in the experiment. Figure 6. MSP 430 & IC-chip Board The MSP430 board (on the left) is a Telos Module from US Berkeley, which is widely used as a center network node; it is equipped with a MSP430 series microcontroller from Texas Instruments (TI). A total of 4000 power consumption signals were measured at a sampling rate of 200 MHz. The IC-chip board (on the right) is a device operated when a codealgorithm-implemented IC chip is on-board, which is an

205 experiment board available for the SCA of smart cards. A total of 10,000 power consumption signals were measured at a sampling rate of 250 MHz. B. Performance Analysis The SCA of wavelet-based signal processing was carried out individually on 16 S-boxes in the first round. The wavelet bases used are DB1 to DB4 of the Daubechies family and Coif1 to Coif3 of the Coiflets family. To present more details on the analysis conditions, the performance of the two methods of noise reduction and wavelet transform were assessed in terms of decomposition level and wavelet basis based on the minimum number of plaintexts and minimum attack time required for a secret key to be found when a CPA attack is carried out. Table 2 and Table 3 present the CPA results of signals from each device when both the noise reduction method and the wavelet transform method were applied. Table 2. Noise Reduction (MSP430/IC-Chip) basis level Org DB1 DB2 DB3 DB4 Coif1 Coif2 Coif3 1 17/72 18/70 20/68 20/67 17/67 20/67 20/68 2 10/74 17/74 17/69 20/69 9/70 18/70 18/69 3 10/74 4/72 5/74 5/74 4/69 4/74 10/69 4 12/69 5/74 5/74 4/74 5/74 8/74 3/74 5 18/67 13/71 16/67 23/70 8/74 22/64 22/70 21/70 6 -/97 -/30 -/51 -/57 -/15 -/54 -/57 7 -/26 -/8 -/8 -/5 -/8 -/5 -/7 8 -/59 -/4 -/8 -/5 -/8 -/7 -/3 9 -/64 -/13 -/14 -/14 -/15 -/10 -/11 Table 3. Wavelet Transform (MSP430/IC-Chip) basis level Org DB1 DB2 DB3 DB4 Coif1 Coif2 Coif3 1 17/72 18/70 20/68 20/67 17/67 20/70 20/70 2 10/74 17/74 17/70 20/0 16/71 17/71 17/70 3 10/74 18/74 21/74 18/74 18/74 14/74 20/74 4 12/69 14/80 15/77 11/74 15/74 8/74 3/74 5 18/67 13/71 12/71 -/79 11/97 23/82 23/97 19/92 6 -/97 -/68 -/73 -/98 -/79 -/96 -/100 7 -/26 -/16 -/15 -/17 -/29 -/13 -/12 8 -/59 -/20 -/11 -/11 -/23 -/10 -/5 9 -/64 -/17 -/11 -/20 -/25 -/11 -/12 For references in the figures, the basic unit of the trace is 100; in the case in which no key is found, even when the maximized signals are used in the experiment, the result is marked with -. As is evident in the above results, the MSP430 board has outstanding performance on level 4, regardless of the method used; the IC-chip board shows good performance in level 7 and level 8. The best performance for the wavelet basis occurred when the Coif3 wavelet basis function was used; this combination had the highest correlation coefficient, regardless of the method applied, and used the smallest number of plaintexts to find all the keys. Each of these factors was decided by the methods of selection suggested in this paper. Thus, the methods of selections for the decomposition level and wavelet basis are proven reasonable. Comparing the noise reduction method to the wavelet transform method from each result of the experiments, the following conclusion can be drawn. Compared to the minimum number of necessary plaintexts, noise reduction methods have a slightly better performance than wavelet transform methods; however, the performances were generally similar to each other. Although, in terms of time efficiency, the wavelet transform method has the benefit that it shortens the time necessary for signal processing and attack by approximately. Therefore, the noise reduction method is preferred for attacks in which wavelet-based CPA is applied to a limited number of plaintexts, and the wavelet transform method is preferred for attacks in which wavelet-based CPA is applied in a limited amount of time. VI. CONCLUSION In this paper, based on wavelet signal processing, CPA performances with methods of noise reduction and wavelet transformation were compared and analyzed in terms of the minimum number of necessary signals and the necessary attack time. Additionally, we proposed a method for selecting the correct decomposition levels and wavelet basis using the features of power consumption; these results were proven by experiment. Therefore, the proposed methods in this paper are recommended for wavelet basis and decomposition level selection when wavelet-based CPA attacks are carried out, which will lead to the most efficient SCA. ACKNOWLEDGEMENTS This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(2011-0026354) REFERENCES [1] P,Kocher, J.Jaffe, and B. Jun, Introduction to differential power analysis and related attacks, 1998, White paper, Cryptography Research, http://www.cryptography.com/dpa/

206 technical, 1998. [2] P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, Advances In Cryptology - CRYPTO' 99, LNCS 1666 Springer- Verlag, pp. 388-397, Santa Barbara, USA, August 1999. [3] E. Brier, C. Clavier, and F. Olivier, Correlation power analysis with a leakage model, Cryptographic Hardware and Embedded Systems 2004. LNCS 3156 Springer-Verlag, pp. 16-29, 2004. [4] C. Gebotys, S. Ho, and A. Tiu, EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA, CHES 2005, LNCS 3659, pp. 250-264, 2005. [5] T.H. Le, J. Clediere, C. Serviere, and J.L. Lacoume, Noise Reduction in Side channel Attack Using Fourth-Order Cumulant, IEEE Transactions on Information Forensics and Security, vol. 2, no. 4, pp. 710-720, Dec. 2007. [6] N. Debande, Y. Souissi, A.E. Aabid, S. Guilley, J-L.Danger, A Multiresolution Time-Frequency Analysis Based Side Channel Attacks, Poster Session of WIFS2011, Dec., 2011. [7] Y. Souissi, M. Abdelaziz, N. Debande, S. Guilley, J.L. Danger Novel Application of Wavelet Transforms based Side-Channel Analysis Nara, Japan, September 2011. http://csrc.nist.gov/news_events/non-invasive-attack-testingworkshop/papers/01_souissi.pdf

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback