Template attacks remain a powerful side-channel technique to
eavesdrop on tamper-resistant hardware. They model the probability
distribution of leaking signals and noise to guide a
search for secret data values. In practice, several numerical
obstacles can arise when implementing such attacks
with multivariate normal distributions.
We propose
efficient methods to avoid these. We also demonstrate how to achieve
significant performance improvements, both in terms of information
extracted and computational cost, by pooling covariance estimates
across all data values. We provide a detailed and systematic
overview of many different options for implementing such
attacks. Our experimental evaluation of all these methods based on
measuring the supply current of a byte-load instruction executed in
an unprotected 8-bit microcontroller leads to practical guidance for
choosing an attack algorithm.
↧