Towards Automatic and Portable Data Loading Template Attacks on Microcontrollers

摘要

Although the original idea of profiling attacks is to recover the secret key of one cryptographic device with a leakage model generated from an “identical copy”, this concept (usually called portability) cannot always be upheld. Many previous works create the model and perform the attack on the same device, assuming that the generated model would work for another copy as well. However, intrinsic differences among different devices, trace sets, or experimental setups cause behavioral changes that deemed portability challenging and eventually leading to the attack failure. Besides, another critical issue for the success of template attacks (which is also sometimes overlooked) is the search for points in power traces where leakage depends on data. To address both issues at the same time, in this paper we show an automatic way to tune the selected points of interest in order to improve the performance of portable data loading template attacks. Our approach is able to find common points of leakage across devices in a completely automated manner, which we support with experimental results.