Virtual Triggering: a Technique to Segment Cryptographic Processes in Side Channel Traces

TL;DR

This paper introduces Virtual Triggering, a method to automatically segment cryptographic process traces in side-channel attacks without needing explicit trigger signals, improving attack efficiency and robustness against timing variations.

Contribution

The paper presents Virtual Triggering, a novel automated trace segmentation technique that eliminates the need for trigger signals and enhances attack effectiveness against variable timing in side-channel scenarios.

Findings

VT performs comparably to frequency component triggers in standard scenarios.

Using VT with automatic pullout improves attack efficiency.

VT enables successful attacks with fewer segments and handles timing variations.

Abstract

Side-Channel Attacks (SCAs) exploit data correla-tion in signals leaked from devices to jeopardize confidentiality. Locating and synchronizing segments of interest in traces from Cryptographic Processes (CPs) is a key step of the attack. The most common method consists in generating a trigger signal to indicate to the attacker the start of a CP. This paper proposes a method called Virtual Triggering (VT) that removes the need for the trigger signal and automates trace segmentation. When the time between repetitions is not constant, further trace alignment techniques are required. Building on VT, we propose a simple method to learn representative segment templates from a profiling device similar to the victim, and to automatically locate and pull out these segments from other victim devices using simple pattern recognition. We evaluate VT on screaming channel attacks [1], which initially used a Frequency Component (FC) known to appear at a single time in leaked signals, as a trigger to segment traces. We demonstrate that VT not only performs equivalently to FC on a standard attack scenario, but we also show how using VT with the automatic pullout technique improves the attack efficiency and enables more realistic attack scenarios. Thanks to VT, screaming channel attacks can now: (1) succeed with only half of the segments collected compared to the FC trigger from the original attack; and (2) absorb time variations between CPs.