计算机科学技术学报 ›› 2020,Vol. 35 ›› Issue (5): 1175-1197.doi: 10.1007/s11390-020-9669-0

所属专题: Computer Networks and Distributed Computing

• • 上一篇    下一篇

对基于线性回归建模方法的分析与改进:正则化选择

Xiang-Jun Lu1, Chi Zhang1, Da-Wu Gu1,*, Distinguished Member, CCF, Member, ACM, Jun-Rong Liu1,2, Qian Peng3, and Hai-Feng Zhang1,4   

  1. 1 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 ZhiXun Crypto Testing and Evaluation Technology Co. Ltd., Shanghai 200240, China;
    3 Department of Microelectronics and Nanoelectronics, Tsinghua University, Beijing 100084, China;
    4 Beijing Smartchip Microelectronics Technology Co., Ltd., Beijing 100082, China
  • 收稿日期:2019-04-24 修回日期:2020-02-09 出版日期:2020-09-20 发布日期:2020-09-30
  • 通讯作者: Da-Wu Gu E-mail:dwgu@sjtu.edu.cn
  • 作者简介:Xiang-Jun Lu received his B.S. degree in software engineering from Northwestern Polytechnical University, Xi'an, in 2015. He is currently a Ph.D. candidate at the School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai. His research interests include side-channel analysis, hardware security, machine learning, and neural networks.
  • 基金资助:
    This work was supported by the State Grid Science and Technology Project of China under Grant No. 546816190003.

Evaluating and Improving Linear Regression Based Profiling: On the Selection of Its Regularization

Xiang-Jun Lu1, Chi Zhang1, Da-Wu Gu1,*, Distinguished Member, CCF, Member, ACM, Jun-Rong Liu1,2, Qian Peng3, and Hai-Feng Zhang1,4        

  1. 1 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 ZhiXun Crypto Testing and Evaluation Technology Co. Ltd., Shanghai 200240, China;
    3 Department of Microelectronics and Nanoelectronics, Tsinghua University, Beijing 100084, China;
    4 Beijing Smartchip Microelectronics Technology Co., Ltd., Beijing 100082, China
  • Received:2019-04-24 Revised:2020-02-09 Online:2020-09-20 Published:2020-09-30
  • Contact: Da-Wu Gu E-mail:dwgu@sjtu.edu.cn
  • Supported by:
    This work was supported by the State Grid Science and Technology Project of China under Grant No. 546816190003.

侧信道攻击在密码设备的安全性分析中占有重要地位。作为SCA的一种形式,建模差分能量攻击的优势是结合了从可控设备中学习特征的建模过程,因而非常强力和有效。由Schindler等人(CHES 2005)提出的基于LR的建模方法,作为一种特殊的建模方法,可以通过即时建模来扩展成为一种近似通用DPA。这种扩展由Whitnall等人(CT-RSA 2014)正式提出,并被称为SLR建模方法。随后为了改进SLR方法,Wang等人(CHES 2015)进一步介绍了一种基于岭回归的建模。然而,固定形式的L-2惩罚项依然限制了这种建模方法的表现。在本文中,我们一般化了基于岭回归的建模方法并提出了新的使用变化形式惩罚项的正则化策略。我们随后从理论上分析为什么不应该在所有情况下都使用恒定形式的惩罚项。概略来说,我们的工作揭示了在侧信道背景下,不同形式的惩罚项如何影响建模过程的作用机制。因此,通过选择一种合适的正则化,我们可以更进一步改进基于LR的建模方法。最后我们通过仿真和实际实验来验证我们的分析。特别的,我们实际实验结果显示在不同的设备中,最适正则化形式是不同的。

关键词: 侧信道攻击, 密码学, 基于LR的建模, 近似通用DPA, 正则化

Abstract: Side-channel attacks (SCAs) play an important role in the security evaluation of cryptographic devices. As a form of SCAs, profiled differential power analysis (DPA) is among the most powerful and efficient by taking advantage of a profiling phase that learns features from a controlled device. Linear regression (LR) based profiling, a special profiling method proposed by Schindler et al., could be extended to generic-emulating DPA (differential power analysis) by on-the-fly profiling. The formal extension was proposed by Whitnall et al. named SLR-based method. Later, to improve SLR-based method, Wang et al. introduced a method based on ridge regression. However, the constant format of L-2 penalty still limits the performance of profiling. In this paper, we generalize the ridge-based method and propose a new strategy of using variable regularization. We then analyze from a theoretical point of view why we should not use constant penalty format for all cases. Roughly speaking, our work reveals the underlying mechanism of how different formats affect the profiling process in the context of side channel. Therefore, by selecting a proper regularization, we could push the limits of LR-based profiling. Finally, we conduct simulation-based and practical experiments to confirm our analysis. Specifically, the results of our practical experiments show that the proper formats of regularization are different among real devices.

Key words: side-channel attack (SCA), cryptography, linear regression based profiling, generic-emulating differential power analysis, regularization

[1] Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual International Cryptology Conference, August 1999, pp.388-397.
[2] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In Proc. the 6th International Workshop on Cryptographic Hardware and Embedded Systems, August 2004, pp.16-29.
[3] Gierlichs B, Batina L, Tuyls P, Preneel B. Mutual information analysis. In Proc. the 10th International Workshop on Cryptographic Hardware and Embedded Systems, August 2008, pp.426-442.
[4] Chari S, Rao J, Rohatgi P. Template attacks. In Proc. the 4th International Workshop on Cryptographic Hardware and Embedded Systems, August 2002, pp.13-28.
[5] Schindler W, Lemke K, Paar C. A stochastic model for differential side channel cryptanalysis. In Proc. the 7th International Workshop on Cryptographic Hardware and Embedded Systems, August 2005, pp.30-46.
[6] Whitnall C, Oswald E. Profiling DPA:Efficacy and efficiency trade-offs. In Proc. the 15th International Workshop on Cryptographic Hardware and Embedded Systems, August 2013, pp.37-54.
[7] Standaert F X, Archambeau C. Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In Proc. the 10th International Workshop on Cryptographic Hardware and Embedded Systems, August 2008, pp.411-425.
[8] Bartkewitz T, Lemke-Rust K. Efficient template attacks based on probabilistic multi-class support vector machines. In Proc. the 11th International Conference on Smart Card Research and Advanced Applications, November 2012, pp.263-276.
[9] Heuser A, Zohner M. Intelligent machine homicide-Breaking cryptographic devices using support vector machines. In Proc. the 2012 Constructive Side-Channel Analysis and Secure Design, May 2012, pp.249-264.
[10] Cagli E, Dumas C, Prouff E. Convolutional neural networks with data augmentation against jitter-based countermeasures-Profiling attacks without pre-processing. In Proc. the 19th International Conference on Cryptographic Hardware and Embedded Systems, September 2017, pp.45-68.
[11] Han Y, Etigowni S, Liu H, Zonouz S, Petropulu A. Watch me, but don't touch me! Contactless control flow monitoring via electromagnetic emanations. In Proc. the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 2017, pp.1095-1108.
[12] Whitnall C, Oswald E, Standaert F X. The myth of generic DPA and the magic of learning. In Proc. the Cryptographer's Track at the 2014 RSA Conference, February 2014, pp.183-205.
[13] Wang W, Yu Y, Liu J, Guo Z, Standaert F X, Gu D, Xu S, Fu R. Evaluation and improvement of generic-emulating DPA attacks. In Proc. the 17th International Workshop on Cryptographic Hardware and Embedded Systems, September 2015, pp.416-432.
[14] Wang W, Yu Y, Standaert F X, Gu D, Xu S, Zhang C. Ridge-based profiled differential power analysis. In Proc. the Cryptographers' Track at the 2017 RSA Conference, February 2017, pp.347-362.
[15] Frank L, Friedman J. A statistical view of some chemometrics regression tools. Technometrics, 1993, 35(2):109-135.
[16] Hastie T, Tibshirani R, Friedman J. The Elements of Statistical Learning:Data Mining, Inference, and Prediction (2nd edition). Springer, 2009.
[17] Zou H, Hastie T. Regularization and variable selection via the elastic net. Journal of the Royal Statistical Society Series B:Statistical Methodology, 2005, 67(2):301-320.
[18] Roy V, Chakraborty S. Selection of tuning parameters, solution paths and standard errors for Bayesian lassos. Bayesian Analysis, 2017, 12(3):753-778.
[19] Nocedal J, Wright S. Numerical Optimization. Springer Science & Business Media, 2006.
[20] Lerman L, Bontempi G, Markowitch O. The bias-variance decomposition in profiled attacks. J. Cryptographic Engineering, 2015, 5(4):255-267.
[21] Bishop C. Pattern Recognition and Machine Learning (5th edition). Springer, 2007.
[22] Wang W, Yu Y, Standaert F X, Liu J, Guo Z, Gu D. Ridgebased DPA:Improvement of differential power analysis for nanoscale chips. IEEE Trans. Information Forensics and Security, 2018, 13(5):1301-1316.
[23] Standaert F X, Malkin T, Yung M. A unified framework for the analysis of side-channel key recovery attacks. In Proc. the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, April 2009, pp.443-461.
[24] Archambeau C, Peeters E, Standaert F X, Quisquater J J. Template attacks in principal subspaces. In Proc. the 8th International Workshop on Cryptographic Hardware and Embedded Systems, October 2006, pp.1-14.
[25] Batina L, Hogenboom J, Woudenberg J. Getting more from PCA:First results of using principal component analysis for extensive power analysis. In Proc. the Cryptographers' Track at the 2012 RSA Conference, February 2012, pp.383-397.
[26] Doget J, Prouff E, Rivain M, Standaert F X. Univariate side channel attacks and leakage modeling. J. Cryptographic Engineering, 2011, 1(2):123-144.
[27] Veyrat-Charvillon N, Standaert F X. Generic side-channel distinguishers:Improvements and limitations. In Proc. the 31st Annual Cryptology Conference, August 2011, pp.354-372.
[1] Lu-Tan Zhao, Rui Hou, Kai Wang, Yu-Lan Su, Pei-Nan Li, Dan Meng. 一种用于安全分支预测器的新颖概率饱和计数器设计[J]. 计算机科学技术学报, 2021, 36(5): 1022-1036.
[2] Li-Gang Gao, Meng-Yun Yang, Jian-Xin Wang. 基于软正则化的协同矩阵分解在药物-靶标相互作用预测中的应用[J]. 计算机科学技术学报, 2021, 36(2): 310-322.
[3] Ting-Ting Lin, Xue-Jia Lai, Wei-Jia Xue, Yin Jia. 基于Feistel类型的白盒加密方案[J]. , 2017, 32(2): 386-395.
[4] Lan Yao, Feng Zeng, Dong-Hui Li, Zhi-Gang Chen. 基于Lp正则化的稀疏支持向量机特征选择算法[J]. , 2017, 32(1): 68-77.
[5] Zhe Liu, Hwajeong Seo, Howon Kim. 关于8位传感点上多精度乘法和平方的综述:目前的研究进展和未来的挑战[J]. , 2016, 31(2): 284-299.
[6] Zhong-Gui Sun, Song-Can Chen, Li-Shan Qiao . 一个关于非局部均值滤波器的两部正则化框架[J]. , 2014, 29(6): 1026-1037.
[7] Tapio Pahikkala, Antti Airola, Fabian Gieseke, and Oliver Kramer. 正则化最小二乘多分类机非监督训练研究[J]. , 2014, 29(1): 90-104.
[8] Ai-Jun Ge, Xin-Yi Huang, Cheng Chen, Chuan-Gui Ma, and Rui Zhang. 对“Wang-Zhu-Feng-Yau”基于属性签名方案的密码学分析[J]. , 2013, 28(4): 743-748.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 李万学;. Almost Optimal Dynamic 2-3 Trees[J]. , 1986, 1(2): 60 -71 .
[2] 刘明业; 洪恩宇;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[3] C.Y.Chung; 华宣仁;. A Chinese Information Processing System[J]. , 1986, 1(2): 15 -24 .
[4] 章萃; 赵沁平; 徐家福;. Kernel Language KLND[J]. , 1986, 1(3): 65 -79 .
[5] 王建潮; 魏道政;. An Effective Test Generation Algorithm for Combinational Circuits[J]. , 1986, 1(4): 1 -16 .
[6] 黄河燕;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[7] 郑国梁; 李辉;. The Design and Implementation of the Syntax-Directed Editor Generator(SEG)[J]. , 1986, 1(4): 39 -48 .
[8] 闵应骅; 韩智德;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[9] 黄学东; 蔡莲红; 方棣棠; 迟边进; 周立; 蒋力;. A Computer System for Chinese Character Speech Input[J]. , 1986, 1(4): 75 -83 .
[10] 史忠植;. Knowledge-Based Decision Support System[J]. , 1987, 2(1): 22 -29 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: