I. J. Computer Network and Information Security, 2013, 3, 25-31 Published Online March 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.03.03 Copyright © 2013 MECS I.J. Computer Network and Information Security, 2013, 3, 25-31 A Comparative Study of Power Consumption Models for CPA Attack Hassen Mestiri, Noura Benhadjyoussef, Mohsen Machhout and Rached Tourki Electronics and Micro-Electronics Laboratory (E. μ. E. L) Faculty of Sciences of Monastir, Tunisia hassen.mestiri@yahoo.fr Abstract —Power analysis attacks are types of side channel attacks that are based on analyzing the power consumption of the cryptographic devices. Correlation power analysis is a powerful and efficient cryptanalytic technique. It exploits the linear relation between the predicted power consumption and the real power consumption of cryptographic devices in order to recover the correct key. The predicted power consumption is determined by using the appropriate consumption model. Until now, only a few models have been proposed and used. In this paper, we describe the process to conduct the CPA attack against AES on SASEBO-GII board. We present a comparison between the Hamming Distance model and the Switching Distance model, in terms of number of power traces needed to recover the correct key using these models. The global successful rate achieves 100% at 11100 power traces. The power traces needed to recover the correct key have been decreased by 12.6% using a CPA attack with Switching Distance model. Index Terms — Correlation Power Analysis (CPA), Switching Distance model, Hamming Distance model, power consumption, Advanced Encryption Standard (AES). I. I NTRODUCTION Electronic cryptographic devices are widely used in embedded systems to secure secret information. Such devices store the secret key that is used in conjunction with the cryptographic algorithm. The algorithms are designed and analyzed to ensure a protection against mathematical attacks. But when the algorithm is implemented on hardware systems, the latter may cause side channel leakages used to reveal more information about the processed secret. Side channel attacks are an attacks based on information extracted from the physical implementation of a cryptosystem. For example, time execution [1], electromagnetic emanation [2] and power consumption [3]. Power analysis attacks exploit the correlation between the internal information and the power consumption of cryptographic devices. The Simple Power Analysis (SPA) attack [4] is based on detailed knowledge of the cryptographic algorithm and the visual inspection of the power consumption to guess the secret cryptographic keys. The Differential Power Analysis (DPA) attacks [3] is more powerful attack than SPA and requires less detailed knowledge of the implementation of cryptographic algorithm. It uses statistical analysis to extract information correlated to secret keys. In 2004, the correlation power analysis (CPA) attack was proposed by Brier et al [5]. The CPA attack exploits the correlation between the real power consumption of cryptographic devices and the Hamming Distance model, in order to recover the correct key. The Hamming Distance model was successfully applied on FPGA and ASIC implementation of cryptographic algorithms [5-12]. A new consumption model, so called Switching Distance, was proposed by Peeters et al in 2007 [13]. They applied the Switching Distance model in CPA attack against Sbox output on an 8-bit PIC-16F877. The same model was used with CPA attack against unprotected AES implementation on ASIC [14]. In this paper, in order to evaluate the security of the AES, we study the power analysis attack and specifically CPA attack. We also conduct a successful CPA attack against AES implementation on SASEBO-GII [15] board using Hamming Distance and Switching Distance models. The organization of this paper is as follows. Section II describes the related background knowledge. The different power consumption models are presented in section III. Section IV presents the CPA attack methodology against AES. Section V presents the result of CPA attack and a comparison between the consumption models. Finally, we conclude in section VI. II. BACKGROUNDS A. Advanced Encryption Standard The Advanced Encryption Standard is a symmetric block cipher that process data blocks using cipher keys with lengths of 128, 192 and 256 bits [16]. Each data block consists of 4×4 array of bytes called the state. The AES is a round-based encryption algorithm. The number of rounds, Nr, is 10, 12, or 14, when the key length is 128, 192 or 256 bits, respectively. In the encryption of the AES algorithm, each round, except the final round, performs four transformations: AddRoundKey, SubBytes, ShiftRows and MixColumns, while the final round does not have the MixColumns transformation. The key used