Virtual Triggering: a Technique to Segment Cryptographic Processes in Side-Channel Traces

Side-Channel Attacks (SCAs) exploit data correlation in signals leaked from devices to jeopardize confidentiality. Locating and synchronizing segments of interest in traces from Cryptographic Processes (CPs) is a key step of the attack. The most common method consists in generating a trigger signal to indicate to the attacker the start of a CP. This paper proposes a method called Virtual Triggering (VT) that removes the need for the trigger signal and automates trace segmentation. When the time between repetitions is not constant, further trace alignment techniques are required. Building on VT, we propose a simple method to learn representative segment templates from a profiling device similar to the victim, and to automatically locate and pull out these segments from other victim devices using simple pattern recognition. We evaluate VT on screaming channel attacks [1], which initially used a Frequency Component (FC) known to appear at a single time in leaked signals, as a trigger to segment traces. We demonstrate that VT not only performs equivalently to FC on a standard attack scenario, but we also show how using VT with the automatic pullout technique improves the attack efficiency and enables more realistic attack scenarios. Thanks to VT, screaming channel attacks can now: (1) succeed with only half of the segments collected compared to the FC trigger from the original attack; and (2) absorb time variations between CPs.