Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

作     者：Yiwen Gao Yongbin Zhou Wei Cheng 

作者机构：State Key Laboratory of Information SecurityInstitute of Information EngineeringChinese Academy of SciencesBeijingChina School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina 

出 版 物：《Cybersecurity》 (网络空间安全科学与技术（英文）)

年 卷 期：2018年第1卷第1期

页      面：680-696页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported in part by National Natural Science Foundation of China(No.61632020,UI936209) Beijing National Science Foundation(No.4192067) 

主　　题：GPU-based cryptographic implementations Side-channel analysis(SCA) Electro-magnetic attacks(EMA) Micro-architectural vulnerabilities Combinational analysis 

摘      要：The advent of CUDA-enabled GPU makes it possible to provide cloud applications with high-performance data security ***,recent studies have shown that GPU-based applications are also susceptible to side-channel *** published work studied the side-channel vulnerabilities of GPU-based AES implementations by taking the advantage of the cache sharing among multiple threads or high parallelism of ***,for GPU-based bitsliced cryptographic implementations,which are immune to the cache-based attacks referred to above,only a power analysis method based on the high-parallelism of GPUs may be ***,the leakage model used in the power analysis is not efficient at all in *** light of this,we investigate electro-magnetic(EM)side-channel vulnerabilities of a GPU-based bitsliced AES implementation from the perspective of bit-level parallelism and thread-level parallelism in order to make the best of the localization effect of EM leakage with ***,we propose efficient multi-bit and multi-thread combinational analysis techniques based on the intrinsic properties of bitsliced ciphers and the effect of multi-thread parallelism of GPUs,*** experimental result shows that the proposed combinational analysis methods perform better than non-combinational and intuitive *** research suggests that multi-thread leakages can be used to improve attacks if the multi-thread leakages are not synchronous in the time domain.