Smartcards are omnipresent in our daily lives: as bankcards, mobile phone SIMs, public transport cards,
passports, car keys, access cards etc. The chips in these devices or more precisely, secure micro-
controllers (possibly extended with cryptographic co-processors) implement the cryptography that is a key
building block for securing many ICT systems.
These chips do not provide perfect security. Side-channel attacks have been the main threat to their
security, ever since their discovery just over a decade ago. In such attacks a side-channel, often power
consumption, is closely monitored and statistically analyzed to retrieve secret cryptographic keys used by
the chip. Smartcards have to be designed to resist these attacks and are subjected to rigorous tests by
specialized security evaluation labs (such as Riscure) before they are used in security-critical applications.
There is still a huge gap between academic research on side-channel attacks (which concentrates on
theoretical mathematical results and models) and the industrial practice of carrying them out as part of
security evaluations (which involves a lot of trial and error on actual hardware). This research project
seeks to address this gap.
The main goal of this proposal is to gain deeper knowledge on side-channel attacks and countermeasures. For the attacks, one first has to perform the pre-processing phase, when side-channel data, e.g.
power consumption time signals, have to be prepared for the actual analysis phase. Examples are data
alignment and parameter search for fault injection, which are major factors in the trial-and-error nature of
security evaluations. After suitable pre-processing, the key recovery by means of side-channels is
performed. To this aim, we plan to extend the existing theoretical framework for the key recovery to the
whole analysis in order to have a systematic evaluation of side-channel security of the device.
An innovative approach in this project is in applying existing techniques for pattern recognition and
signal/image processing developed for other applications, to study some of the practical aspects of
carrying out security evaluations, such as alignment. Initial experiments with this approach already
delivered promising results as the partners involved (the DS group from RU Nijmegen and Riscure) have a