Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.

Evaluating and Improving Linear Regression Based Profiling:On the Selection of Its Regularization

Side-channel attacks(SCAs)play an important role in the security evaluation of cryptographic devices.As a form of SCAs,profiled differential power analysis(DPA)is among the most powerful and efficient by taking advantage of a profiling phase that learns features from a controlled device.Linear regression(LR)based profiling,a special profiling method proposed by Schindler et al.,could be extended to generic-emulating DPA(differential power analysis)by on-the-fly profiling.The formal extension was proposed by Whitnall et al.named SLR-based method.Later,to improve SLR-based method,Wang et al.introduced a method based on ridge regression.However,the constant format of L-2 penalty still limits the performance of profiling.In this paper,we generalize the ridge-based method and propose a new strategy of using variable regularization.We then analyze from a theoretical point of view why we should not use constant penalty format for all cases.Roughly speaking,our work reveals the underlying mechanism of how different formats affect the profiling process in the context of side channel.Therefore,by selecting a proper regularization,we could push the limits of LR-based profiling.Finally,we conduct simulation-based and practical experiments to confirm our analysis.Specifically,the results of our practical experiments show that the proper formats of regularization are different among real devices.