Profiled attacks employing machine learning techniques for secret information extraction are currently one of the main interests of the research community working on side channel attacks. In this work, we tackle the use of machine learning methods to perform a power consumption based side channel attack against asymmetric cryptosystems. In particular, we analyze different machine-learning based strategies to retrieve the secret exponent from a square-and-multiply-always modular exponentiation in RSA cryptosystem software implementations. We validate our proposals conducting effective attacks against the modular exponentiation contained in the BearSSL software library, a timing side-channel hardened public library. The experimental validation shows that our attack strategy improves the state-of-art solution and is able to retrieve the correct exponent value with a single trace from the attacked device, and, in the worst case, with an exhaustive search in a set of candidates containing a few hundred possible values for the sought secret.

Profiled side channel attacks against the RSA cryptosystem using neural networks

Barenghi A.;Pelosi G.;
2022

Abstract

Profiled attacks employing machine learning techniques for secret information extraction are currently one of the main interests of the research community working on side channel attacks. In this work, we tackle the use of machine learning methods to perform a power consumption based side channel attack against asymmetric cryptosystems. In particular, we analyze different machine-learning based strategies to retrieve the secret exponent from a square-and-multiply-always modular exponentiation in RSA cryptosystem software implementations. We validate our proposals conducting effective attacks against the modular exponentiation contained in the BearSSL software library, a timing side-channel hardened public library. The experimental validation shows that our attack strategy improves the state-of-art solution and is able to retrieve the correct exponent value with a single trace from the attacked device, and, in the worst case, with an exhaustive search in a set of candidates containing a few hundred possible values for the sought secret.
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S221421262200014X-main.pdf

Accesso riservato

Descrizione: main article
: Publisher’s version
Dimensione 1.98 MB
Formato Adobe PDF
1.98 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/1203208
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact