Journal of Computer Science and Technology ›› 2020, Vol. 35 ›› Issue (5): 1175-1197.doi: 10.1007/s11390-020-9669-0

Special Issue: Computer Networks and Distributed Computing

• Regular Paper • Previous Articles     Next Articles

Evaluating and Improving Linear Regression Based Profiling: On the Selection of Its Regularization

Xiang-Jun Lu1, Chi Zhang1, Da-Wu Gu1,*, Distinguished Member, CCF, Member, ACM, Jun-Rong Liu1,2, Qian Peng3, and Hai-Feng Zhang1,4        

  1. 1 School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 ZhiXun Crypto Testing and Evaluation Technology Co. Ltd., Shanghai 200240, China;
    3 Department of Microelectronics and Nanoelectronics, Tsinghua University, Beijing 100084, China;
    4 Beijing Smartchip Microelectronics Technology Co., Ltd., Beijing 100082, China
  • Received:2019-04-24 Revised:2020-02-09 Online:2020-09-20 Published:2020-09-30
  • Contact: Da-Wu Gu
  • Supported by:
    This work was supported by the State Grid Science and Technology Project of China under Grant No. 546816190003.

Side-channel attacks (SCAs) play an important role in the security evaluation of cryptographic devices. As a form of SCAs, profiled differential power analysis (DPA) is among the most powerful and efficient by taking advantage of a profiling phase that learns features from a controlled device. Linear regression (LR) based profiling, a special profiling method proposed by Schindler et al., could be extended to generic-emulating DPA (differential power analysis) by on-the-fly profiling. The formal extension was proposed by Whitnall et al. named SLR-based method. Later, to improve SLR-based method, Wang et al. introduced a method based on ridge regression. However, the constant format of L-2 penalty still limits the performance of profiling. In this paper, we generalize the ridge-based method and propose a new strategy of using variable regularization. We then analyze from a theoretical point of view why we should not use constant penalty format for all cases. Roughly speaking, our work reveals the underlying mechanism of how different formats affect the profiling process in the context of side channel. Therefore, by selecting a proper regularization, we could push the limits of LR-based profiling. Finally, we conduct simulation-based and practical experiments to confirm our analysis. Specifically, the results of our practical experiments show that the proper formats of regularization are different among real devices.

Key words: side-channel attack (SCA); cryptography; linear regression based profiling; generic-emulating differential power analysis; regularization;

[1] Kocher P, Jaffe J, Jun B. Differential power analysis. In Proc. the 19th Annual International Cryptology Conference, August 1999, pp.388-397.
[2] Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In Proc. the 6th International Workshop on Cryptographic Hardware and Embedded Systems, August 2004, pp.16-29.
[3] Gierlichs B, Batina L, Tuyls P, Preneel B. Mutual information analysis. In Proc. the 10th International Workshop on Cryptographic Hardware and Embedded Systems, August 2008, pp.426-442.
[4] Chari S, Rao J, Rohatgi P. Template attacks. In Proc. the 4th International Workshop on Cryptographic Hardware and Embedded Systems, August 2002, pp.13-28.
[5] Schindler W, Lemke K, Paar C. A stochastic model for differential side channel cryptanalysis. In Proc. the 7th International Workshop on Cryptographic Hardware and Embedded Systems, August 2005, pp.30-46.
[6] Whitnall C, Oswald E. Profiling DPA:Efficacy and efficiency trade-offs. In Proc. the 15th International Workshop on Cryptographic Hardware and Embedded Systems, August 2013, pp.37-54.
[7] Standaert F X, Archambeau C. Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In Proc. the 10th International Workshop on Cryptographic Hardware and Embedded Systems, August 2008, pp.411-425.
[8] Bartkewitz T, Lemke-Rust K. Efficient template attacks based on probabilistic multi-class support vector machines. In Proc. the 11th International Conference on Smart Card Research and Advanced Applications, November 2012, pp.263-276.
[9] Heuser A, Zohner M. Intelligent machine homicide-Breaking cryptographic devices using support vector machines. In Proc. the 2012 Constructive Side-Channel Analysis and Secure Design, May 2012, pp.249-264.
[10] Cagli E, Dumas C, Prouff E. Convolutional neural networks with data augmentation against jitter-based countermeasures-Profiling attacks without pre-processing. In Proc. the 19th International Conference on Cryptographic Hardware and Embedded Systems, September 2017, pp.45-68.
[11] Han Y, Etigowni S, Liu H, Zonouz S, Petropulu A. Watch me, but don't touch me! Contactless control flow monitoring via electromagnetic emanations. In Proc. the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 2017, pp.1095-1108.
[12] Whitnall C, Oswald E, Standaert F X. The myth of generic DPA and the magic of learning. In Proc. the Cryptographer's Track at the 2014 RSA Conference, February 2014, pp.183-205.
[13] Wang W, Yu Y, Liu J, Guo Z, Standaert F X, Gu D, Xu S, Fu R. Evaluation and improvement of generic-emulating DPA attacks. In Proc. the 17th International Workshop on Cryptographic Hardware and Embedded Systems, September 2015, pp.416-432.
[14] Wang W, Yu Y, Standaert F X, Gu D, Xu S, Zhang C. Ridge-based profiled differential power analysis. In Proc. the Cryptographers' Track at the 2017 RSA Conference, February 2017, pp.347-362.
[15] Frank L, Friedman J. A statistical view of some chemometrics regression tools. Technometrics, 1993, 35(2):109-135.
[16] Hastie T, Tibshirani R, Friedman J. The Elements of Statistical Learning:Data Mining, Inference, and Prediction (2nd edition). Springer, 2009.
[17] Zou H, Hastie T. Regularization and variable selection via the elastic net. Journal of the Royal Statistical Society Series B:Statistical Methodology, 2005, 67(2):301-320.
[18] Roy V, Chakraborty S. Selection of tuning parameters, solution paths and standard errors for Bayesian lassos. Bayesian Analysis, 2017, 12(3):753-778.
[19] Nocedal J, Wright S. Numerical Optimization. Springer Science & Business Media, 2006.
[20] Lerman L, Bontempi G, Markowitch O. The bias-variance decomposition in profiled attacks. J. Cryptographic Engineering, 2015, 5(4):255-267.
[21] Bishop C. Pattern Recognition and Machine Learning (5th edition). Springer, 2007.
[22] Wang W, Yu Y, Standaert F X, Liu J, Guo Z, Gu D. Ridgebased DPA:Improvement of differential power analysis for nanoscale chips. IEEE Trans. Information Forensics and Security, 2018, 13(5):1301-1316.
[23] Standaert F X, Malkin T, Yung M. A unified framework for the analysis of side-channel key recovery attacks. In Proc. the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, April 2009, pp.443-461.
[24] Archambeau C, Peeters E, Standaert F X, Quisquater J J. Template attacks in principal subspaces. In Proc. the 8th International Workshop on Cryptographic Hardware and Embedded Systems, October 2006, pp.1-14.
[25] Batina L, Hogenboom J, Woudenberg J. Getting more from PCA:First results of using principal component analysis for extensive power analysis. In Proc. the Cryptographers' Track at the 2012 RSA Conference, February 2012, pp.383-397.
[26] Doget J, Prouff E, Rivain M, Standaert F X. Univariate side channel attacks and leakage modeling. J. Cryptographic Engineering, 2011, 1(2):123-144.
[27] Veyrat-Charvillon N, Standaert F X. Generic side-channel distinguishers:Improvements and limitations. In Proc. the 31st Annual Cryptology Conference, August 2011, pp.354-372.
[1] Geun Yong Kim, Joon-Young Paik, Yeongcheol Kim, and Eun-Sun Cho. Byte Frequency Based Indicators for Crypto-Ransomware Detection from Empirical Analysis [J]. Journal of Computer Science and Technology, 2022, 37(2): 423-442.
[2] Li-Gang Gao, Meng-Yun Yang, Jian-Xin Wang. Collaborative Matrix Factorization with Soft Regularization for Drug-Target Interaction Prediction [J]. Journal of Computer Science and Technology, 2021, 36(2): 310-322.
[3] Ge Wu, Jian-Chang Lai, Fu-Chun Guo, Willy Susilo, Fu-Tai Zhang. Tightly Secure Public-Key Cryptographic Schemes from One-More Assumptions [J]. Journal of Computer Science and Technology, 2019, 34(6): 1366-1379.
[4] Ting-Ting Lin, Xue-Jia Lai, Wei-Jia Xue, Yin Jia. A New Feistel-Type White-Box Encryption Scheme [J]. , 2017, 32(2): 386-395.
[5] Lan Yao, Feng Zeng, Dong-Hui Li, Zhi-Gang Chen. Sparse Support Vector Machine with Lp Penalty for Feature Selection [J]. , 2017, 32(1): 68-77.
[6] Zhe Liu, Hwajeong Seo, Howon Kim. A Synthesis of Multi-Precision Multiplication and Squaring Techniques for 8-Bit Sensor Nodes: State-of-the-Art Research and Future Challenges [J]. , 2016, 31(2): 284-299.
[7] Zhong-Gui Sun, Song-Can Chen, Li-Shan Qiao . A Two-Step Regularization Framework for Non-Local Means [J]. , 2014, 29(6): 1026-1037.
[8] Yan Zhu (朱岩), Member, CCF, Hong-Xin Hu (胡宏新), Gail-Joon Ahn, Senior Member, ACM, IEEE Huai-Xi Wang (王怀习), and Shan-Biao Wang (王善标). Provably Secure Role-Based Encryption with Revocation Mechanism [J]. , 2011, 26(4): 697-710.
[9] Huai-Xi Wang (王怀习), Yan Zhu (朱岩), Rong-Quan Feng (冯荣权) and Stephen S. Yau, Fellow, IEEE. Attribute-Based Signature with Policy-and-Endorsement Mechanism [J]. , 2010, 25(6): 1293-1304.
[10] Santi Marti nez, Magda Valls, Concepcio Roig, Josep M. Miret, and Francesc Gine. A Secure Elliptic Curve-Based RFID Protocol [J]. , 2009, 24(2): 309-318.
[11] Hai-Bo Tian, Willy Susilo, Yang Ming, and Yu-Min Wang. A Provable Secure ID-Based Explicit Authenticated Key Agreement Protocol Without Random Oracles [J]. , 2008, 23(5 ): 832-842 .
[12] Sheng-Li Liu, Xiao-Feng Chen, and Fang-Guo Zhang. Forgeability of Wang-Tang-Li s ID-Based Restrictive Partially Blind Signature Scheme [J]. , 2008, 23(2): 265-269 .
[13] Sheng-Qiang Li, Zhi-Xiong Chen, Xiao-Tong Fu, and Guo-Zhen Xiao. Autocorrelation Values of New Generalized Cyclotomic Sequences of Order Two and Length pq [J]. , 2007, 22(6): 830-834 .
[14] Chang-Ji Wang, Yong Tang, and Qing Li. ID-Based Fair Off-Line Electronic Cash System with Multiple Banks [J]. , 2007, 22(3): 487-493 .
[15] Xin-Yi Huang, Willy Susilo, Yi Mu, and Fu-Tai Zhang. Breaking and Repairing Trapdoor-Free Group Signature Schemes from Asiacrypt 2004 [J]. , 2007, 22(1): 71-74 .
Full text



[1] Li Wanxue;. Almost Optimal Dynamic 2-3 Trees[J]. , 1986, 1(2): 60 -71 .
[2] Liu Mingye; Hong Enyu;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[3] C.Y.Chung; H.R.Hwa;. A Chinese Information Processing System[J]. , 1986, 1(2): 15 -24 .
[4] Zhang Cui; Zhao Qinping; Xu Jiafu;. Kernel Language KLND[J]. , 1986, 1(3): 65 -79 .
[5] Wang Jianchao; Wei Daozheng;. An Effective Test Generation Algorithm for Combinational Circuits[J]. , 1986, 1(4): 1 -16 .
[6] Huang Heyan;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[7] Zheng Guoliang; Li Hui;. The Design and Implementation of the Syntax-Directed Editor Generator(SEG)[J]. , 1986, 1(4): 39 -48 .
[8] Min Yinghua; Han Zhide;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[9] Huang Xuedong; Cai Lianhong; Fang Ditang; Chi Bianjin; Zhou Li; Jiang Li;. A Computer System for Chinese Character Speech Input[J]. , 1986, 1(4): 75 -83 .
[10] Shi Zhongzhi;. Knowledge-Based Decision Support System[J]. , 1987, 2(1): 22 -29 .

ISSN 1000-9000(Print)

CN 11-2296/TP

Editorial Board
Author Guidelines
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
  Copyright ©2015 JCST, All Rights Reserved