Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi
|
|
- Michael Washington
- 5 years ago
- Views:
Transcription
1 Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th, 015
2 Motivation Security Evaluation
3 Motivation Security Evaluation 3
4 Motivation Security Evaluation 4
5 Motivation Security Evaluation Does the chip leak information? Problem: Evaluation is not trivial. 5
6 Motivation Security Evaluation Does the chip leak information? Problem: Evaluation is not trivial. Non-Invasive Attack Testing Workshop, 011 Goal: Establish testing methodology capable of robustly assessing the physical vulnerability of cryptographic devices. 6
7 Motivation Attack-based Testing Perform state-of-the-art attacks on the device under test (DUT) Attacks Types: DPA CPA MIA Intermediate Values: Sbox In Sbox Out Sbox In/Out Leakage Models: HW HD Bit 7
8 Motivation Attack-based Testing Perform state-of-the-art attacks on the device under test (DUT) Attacks Types: DPA CPA MIA Intermediate Values: Sbox In Sbox Out Sbox In/Out Leakage Models: HW HD Bit Problems: High computational complexity Requires lot of expertise Does not cover all possible attack vectors 8
9 Motivation Testing based on t-test Tries to detect any type of leakage at a certain order Proposed by CRI at NIST workshop Advantages: Independent of architecture Independent of attack model Fast & simple Versatile 9
10 Motivation Testing based on t-test Tries to detect any type of leakage at a certain order Proposed by CRI at NIST workshop Advantages: Independent of architecture Independent of attack model Fast & simple Versatile Problems: No information about hardness of attack Possible false positives if no care about evaluation setup 10
11 Contribution 1. Explain statistical background in a (hopefully) more understandable way. More detailed discussion of higher-order testing 3. Hints how to design fast & correct measurement setup 4. Optimization of analysis phase 11
12 Statistical Background t-test 1
13 Statistical Background t-test 13
14 Statistical Background t-test Sample Q 0 Sample Q 1 14
15 Statistical Background t-test Sample Q 0 Sample Q 1 Null Hypothesis: Two population means are equal. 15
16 Statistical Background t-test Sample Q 0 Sample Q 1 16
17 Statistical Background t-test Sample Q 0 Sample Q 1 Sample mean: Sample variance: Sample size: μ 0 s 0 n 0 μ 1 s 1 n 1 17
18 Statistical Background t-test Sample Q 0 Sample Q 1 Sample mean: Sample variance: Sample size: μ 0 s 0 n 0 μ 1 s 1 n 1 Degree of freedom v = s 0 n 0 s 0 n 0 + s 1 n 1 s 1 n 1 n n 1 1 t = μ 0 μ 1 s 0 n 0 + s 1 n 1 t-test statistic 18
19 Statistical Background t-test t v Estimate the probability to accept null hypothesis with Student s t distribution: f t, v = Γ v + 1 πv Γ v 1 + t v v+1 Compute: p = t f t, v dt 19
20 Statistical Background t-test t v Estimate the probability to accept null hypothesis with Student s t distribution: f t, v = Γ v + 1 πv Γ v 1 + t v v+1 Compute: p = t f t, v dt Small p values give evidence to reject the null hypothesis 0
21 Statistical Background t-test For testing usually only the t-value is estimated Compared to a threshold of t > 4.5 p = F 4.5, v > 1000 < Confidence of > to reject the null hypothesis 1
22 Testing Methodology Specific t-test Non-Specific t-test
23 Testing Methodology Specific t-test Measurements T i With Associated Data D i Specific t-test: Key is known to enable correct partitioning Test is conducted at each sample point separately (univariate) If corresponding t-test exceeds threshold DPA probable 3
24 Testing Methodology Specific t-test target bit D i = 0 Measurements T i With Associated Data D i Q 0 Specific t-test: Key is known to enable correct partitioning Test is conducted at each sample point separately (univariate) If corresponding t-test exceeds threshold DPA probable 4
25 Testing Methodology Specific t-test target bit D i = 0 Measurements T i With Associated Data D i target bit D i = 1 Q 0 Q 1 Specific t-test: Key is known to enable correct partitioning Test is conducted at each sample point separately (univariate) If corresponding t-test exceeds threshold DPA probable 5
26 Testing Methodology Non-Specific t-test Non-Specific t-test: fixed vs. random t-test Avoids being dependent on any intermediate value/model Detected leakage of single test is not always exploitable Semi-fixed vs. random t-test useful in certain cases 6
27 Testing Methodology Non-Specific t-test Non-Specific t-test: fixed vs. random t-test Avoids being dependent on any intermediate value/model Detected leakage of single test is not always exploitable Semi-fixed vs. random t-test useful in certain cases Measurements T j With Fixed Associated Data D Q 0 7
28 Testing Methodology Non-Specific t-test Non-Specific t-test: fixed vs. random t-test Avoids being dependent on any intermediate value/model Detected leakage of single test is not always exploitable Semi-fixed vs. random t-test useful in certain cases Measurements T j With Fixed Associated Data D Measurements T i With Random Associated Data D i Q 0 Q 1 8
29 Higher-Order Testing Multivariate Univariate 9
30 Higher-Order Testing Multivariate Multivariate: Sensitive variable is shared: S = S 1 S Shares are processed at different time instances (SW) Leakages at different time instances need to be combined first 30
31 Higher-Order Testing Multivariate Multivariate: S 1 Sensitive variable is shared: S = S 1 S Shares are processed at different time instances (SW) Leakages at different time instances need to be combined first 31
32 Higher-Order Testing Multivariate Multivariate: S 1 S Sensitive variable is shared: S = S 1 S Shares are processed at different time instances (SW) Leakages at different time instances need to be combined first 3
33 Higher-Order Testing Multivariate Multivariate: S 1 S Sensitive variable is shared: S = S 1 S Shares are processed at different time instances (SW) Leakages at different time instances need to be combined first Centered Product: x = x 1 μ 1 x μ 33
34 Higher-Order Testing Univariate Univariate: S 1 S Shares are processed in parallel (HW) Leakages at the same time instance need to be combined first 34
35 Higher-Order Testing Univariate Univariate: S 1 S Shares are processed in parallel (HW) Leakages at the same time instance need to be combined first Variance: x = x μ In some cases: x = x μ s d In general: x = x μ d 35
36 Correct Measurement Setup Case Study: Microcontroller Case Study: FPGA 36
37 Correct Measurement Setup PC Control Plaintext Ciphertext Target Pitfalls: Order of fixed and random inputs should be random as well Communication between Control and Target should be masked (if possible) Measure Oscilloscope Trigger 37
38 Correct Measurement Setup PC Control Plaintext Ciphertext Target Pitfalls: Order of fixed and random inputs should be random as well Communication between Control and Target should be masked (if possible) Measure Oscilloscope Trigger 38
39 Correct Measurement CS: Microcontroller AES with masking & shuffling (DPA contest v4.) No shared communication First-order test 39
40 Correct Measurement CS: Microcontroller AES with masking & shuffling (DPA contest v4.) No shared communication First-order test Leakage associated to unmasked plaintext 40
41 Correct Measurement CS: Microcontroller Detectable first order leakage 41
42 Correct Measurement CS: FPGA First Order Second Order A note on the security of Higher-Order Threshold Implementations Oscar Reparaz, eprint Report 015/001 4
43 Correct Measurement CS: FPGA First Order Second Order A note on the security of Higher-Order Threshold Implementations Oscar Reparaz, eprint Report 015/001 43
44 Correct Measurement CS: FPGA First Order Second Order Fifth Order Second Order (bivariate) A note on the security of Higher-Order Threshold Implementations Oscar Reparaz, eprint Report 015/001 44
45 Efficient Computation Classical Approach Incremental Multivariate Parallelization 45
46 Efficient Computation Classical Approach Time Measurement Phase T 0 46
47 Efficient Computation Classical Approach Time Measurement Phase T 0 T 1 47
48 Efficient Computation Classical Approach Time Measurement Phase T 0 T 1 T T n 1 48
49 Efficient Computation Classical Approach Time Measurement Phase Analysis Phase T 0 T 1 T t-test T n 1 49
50 Efficient Computation Classical Approach Time Measurement Phase Analysis Phase T 0 T 1 T t-test Result T n 1 50
51 Efficient Computation Classical Approach t-test t = μ 0 μ 1 s 0 n 0 + s 1 n 1 Reminder: μ = E T Requires estimation of: μ 0, s 0 μ 1, s 1 s = E T μ 51
52 Efficient Computation Classical Approach t-test t = μ 0 μ 1 s 0 n 0 + s 1 n 1 Reminder: μ = E T Requires estimation of: μ 0, s 0 μ 1, s 1 s = E T μ T 0 T 1 T n 1 5
53 Efficient Computation Classical Approach t-test t = μ 0 μ 1 s 0 n 0 + s 1 n 1 Reminder: μ = E T Requires estimation of: μ 0, s 0 μ 1, s 1 s = E T μ Pass 1 T 0 T 1 μ = E T T n 1 53
54 Efficient Computation Classical Approach t-test t = μ 0 μ 1 s 0 n 0 + s 1 n 1 Reminder: μ = E T Requires estimation of: μ 0, s 0 μ 1, s 1 s = E T μ Pass 1 Pass T 0 T 1 μ = E T s = E T μ T n 1 54
55 Efficient Computation Classical Approach t-test t = μ 0 μ 1 s 0 n 0 + s 1 n 1 Reminder: μ = E T Requires estimation of: μ 0, s 0 μ 1, s 1 s = E T μ Pass 1 Pass Pass 3 T 0 T 1 μ = E T s = E T μ Required for certain higher-order tests T n 1 55
56 Efficient Computation Classical Approach Problems: 1) Measurement phase need to be completed ) All measurements need to be stored 3) Traces need to be loaded multiple times Solution: Incremental Computation 56
57 Efficient Computation Incremental Idea: Update intermediate values for each new trace T 0 57
58 Efficient Computation Incremental Idea: Update intermediate values for each new trace T 0 μ, s 58
59 Efficient Computation Incremental Idea: Update intermediate values for each new trace T 0 T 1 μ, s μ, s 59
60 Efficient Computation Incremental Idea: Update intermediate values for each new trace T 0 T 1 T n 1 μ, s μ, s μ, s μ, s Higher-order tests require the computation of additional values 60
61 Efficient Computation Incremental Idea: Update intermediate values for each new trace T 0 T 1 T n 1 μ, s μ, s μ, s μ, s Higher-order tests require the computation of additional values Advantages: 1) Can be run in parallel to measurement phase ) Does not require that all measurements are stored 3) Loads each trace only once 61
62 Efficient Computation Incremental Problem: Computation of intermediate values 6
63 Efficient Computation Incremental Problem: Computation of intermediate values Approach 1: Use raw moments d th -order raw moment: M d = E T d Given: M 1 M Compute: μ = M 1 s = M M 1 63
64 Efficient Computation Incremental Problem: Computation of intermediate values Approach 1: Use raw moments d th -order raw moment: M d = E T d Given: M 1 M Compute: μ = M 1 s = M M 1 Higher-order test require additional moments Example: Univariate 1 st -5 th order tests require M 1 M 10 64
65 Efficient Computation Incremental T 0 T 1 T n 1 M 1 M 10 M 1 M 10 M 1 M 10 M 1 M 10 65
66 Efficient Computation Incremental T 0 T 1 T n 1 M 1 M 10 M 1 M 10 M 1 M 10 M 1 M 10 t-test Result 66
67 Efficient Computation Incremental T 0 T 1 T n 1 M 1 M 10 M 1 M 10 M 1 M 10 M 1 M 10 t-test t-test Result Result 67
68 Efficient Computation Incremental T 0 T 1 T n 1 M 1 M 10 M 1 M 10 M 1 M 10 M 1 M 10 Easy to find update formulas for: M d = n 1 i=0 Ti d n Problem: Numerical unstable for large number of traces t-test Result 68
69 Efficient Computation Incremental T 0 T 1 T n 1 M 1 M 10 M 1 M 10 M 1 M 10 M 1 M 10 Easy to find update formulas for: M d = n 1 i=0 Ti d n Problem: Numerical unstable for large number of traces Example: Computation of variance based on simulations (100M traces ) with N 100,5 t-test Result Method Order 1 Order Order 3 Order 4 Order 5 3-Pass Raw
70 Efficient Computation Incremental Approach : Use central moments (and M 1 ) d th -order central moment: CM d = E (T μ) d Given: M 1 CM Compute: μ = M 1 s = CM 70
71 Efficient Computation Incremental Approach : Use central moments (and M 1 ) d th -order central moment: CM d = E (T μ) d Given: M 1 CM Compute: μ = M 1 s = CM Not that easy to find update formulas for: CM d = n 1 i=0 Ti μ d n Multivariate tests require adjusted formulas 71
72 Efficient Computation Incremental Incremental formulas for tests at arbitrary orders can be found in the paper. Comparison to the raw moments approach: Slightly higher computational effort Less numerical problems, higher accuracy Method Order 1 Order Order 3 Order 4 Order 5 3-Pass Raw Ours
73 Efficient Computation Parallelization Trace n t n,0 t n,1 t n, t n,3 t n,4 Trace n+1 t n+1,0 t n+1,1 t n+1, t n+1,3 t n+1,4 73
74 Efficient Computation Parallelization Trace n t n,0 t n,1 t n, t n,3 t n,4 Trace n+1 t n+1,0 t n+1,1 t n+1, t n+1,3 t n+1,4 Thread 0 Thread 1 Thread Thread 3 Thread 4 74
75 Efficient Computation Parallelization Trace n t n,0 t n,1 t n, t n,3 t n,4 Trace n+1 t n+1,0 t n+1,1 t n+1, t n+1,3 t n+1,4 Thread 0 Thread 1 Thread Thread 3 Thread 4 Trace n t n,0 t n,1 t n, t n,3 t n,4 Thread 0 Trace n+1 t n+1,0 t n+1,1 t n+1, t n+1,3 t n+1,4 Thread 1 75
76 Efficient Computation Parallelization Trace n Thread 0 Thread t n,0 t n,1 t n, t n,3 t n,4 Trace n+1 t n+1,0 t n+1,1 t n+1, t n+1,3 t n+1,4 Thread 1 Thread 3 Example: 1 st -5 th order t-test 100,000,000 traces (each with 3,000 sample points) 9h on x Intel Xeon X5670 GHz (4 hyper-threading cores) 76
77 Conclusion Recommendations Summary Future Work 77
78 Conclusion Recommendations Fixed vs. random: DUT with masking countermeasure With masked communication Semi-fixed vs. random: DUT with hiding countermeasure Without masked communication Specific t-test: DUT with no countermeasures Failed in former non-specific tests Identify suitable intermediate values for key recovery 78
79 Conclusion Summary Testing based on the t-test is simple and fast Has become popular in recent years Things to consider: Correct measurement phase is critical Analysis phase can be strongly optimized Higher-order testing easily possible Additional important aspects: Alignment and signal processing is necessary Finding of points of interest 79
80 Conclusion Future Work Incremental computing for other attacks/evaluation techniques Robust and One-Pass Parallel Computation of Correlation-Based Attacks at Arbitrary Order Tobias Schneider, Amir Moradi, Tim Güneysu, eprint Report 015/571 CPA MCP-DPA MCC-DPA 80
81 Thanks for Listening! Any Questions? 81
How to Evaluate Side-Channel Leakages
How to Evaluate Side-Channel Leakages 7. June 2017 Ruhr-Universität Bochum Acknowledgment Tobias Schneider 2 Motivation Security Evaluation Attack based Testing Information theoretic Testing Testing based
More informationIntroduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part
More informationRandom Delay Insertion: Effective Countermeasure against DPA on FPGAs
Random Delay Insertion: Effective Countermeasure against DPA on FPGAs Lu, Yingxi Dr. Máire O Neill Prof. John McCanny Overview September 2004 PRESENTATION OUTLINE DPA and countermeasures Random Delay Insertion
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationDPA-Resistance without routing constraints?
Introduction Attack strategy Experimental results Conclusion Introduction Attack strategy Experimental results Conclusion Outline DPA-Resistance without routing constraints? A cautionary note about MDPL
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer 1 Power Analysis Simple Power Analysis Correlation Power
More informationCorrelation Power Analysis. Chujiao Ma
Correlation Power Analysis Chujiao Ma Power Analysis Simple Power Analysis (SPA) different operations consume different power Differential Power Analysis (DPA) different data consume different power Correlation
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationOn the Use of Masking to Defeat Power-Analysis Attacks
1/32 On the Use of Masking to Defeat Power-Analysis Attacks ENS Paris Crypto Day February 16, 2016 Presented by Sonia Belaïd Outline Power-Analysis Attacks Masking Countermeasure Leakage Models Security
More informationYet another side-channel attack: Multi-linear Power Analysis attack (MLPA)
Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche, Cédric Tavernier Laboratoire LIG, Grenoble, France. Communications and Systems, Le Plessis Robinson, France. Cryptopuces
More informationChannel Equalization for Side Channel Attacks
Channel Equalization for Side Channel Attacks Colin O Flynn and Zhizhang (David) Chen Dalhousie University, Halifax, Canada {coflynn, z.chen}@dal.ca Revised: July 10, 2014 Abstract. This paper introduces
More informationComparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
International Conference on Manufacturing Science and Engineering (ICMSE 2015) Comparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
More informationDifferential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b, Jiachao Chen2,c, Junrong Liu3,d
4th International Conference on Sensors, Measurement and Intelligent Materials (ICSMIM 2015) Differential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b,
More informationMasking and Dual-rail Logic Don't Add Up
Masking and Dual-rail Logic Don't Add Up Patrick Schaumont schaum@vt.edu Secure Embedded Systems Group ECE Department Kris Tiri kris.tiri@intel.com Digital Enterprise Group Intel Corporation Our Contributions
More informationSeveral Masked Implementations of the Boyar-Peralta AES S-Box
Several Masked Implementations of the Boyar-Peralta AES S-Box Ashrujit Ghoshal 1[0000 0003 2436 0230] and Thomas De Cnudde 2[0000 0002 2711 8645] 1 Indian Institute of Technology Kharagpur, India ashrujitg@iitkgp.ac.in
More informationStart Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling
IEEE TRANSACTIONS ON COMPUTERS, VOL.?, NO.?,?? 1 Start Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling Liran Lerman, Nikita Veshchikov, Olivier Markowitch,
More informationTowards Sound and Optimal Leakage Detection Procedure
Towards Sound and Optimal Leakage Detection Procedure Liwei Zhang 1, A. Adam Ding 1, Francois Durvaux 2, Francois-Xavier Standaert 2, and Yunsi Fei 3 1 Department of Mathematics, Northeastern University,
More informationA Theoretical Study of Kolmogorov-Smirnov Distinguishers Side-Channel Analysis vs Differential Cryptanalysis
A Theoretical Study of Kolmogorov-Smirnov Distinguishers Side-Channel Analysis vs Differential Cryptanalysis COSADE 2014 Annelie Heuser, Olivier Rioul, Sylvain Guilley 1 Problem statement The distinguishing
More informationHorizontal and Vertical Side-Channel Attacks against Secure RSA Implementations
Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID:
More informationComprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure
Comprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi,mischke}@crypto.rub.de
More informationA Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks François-Xavier Standaert 1, Tal G. Malkin 2, Moti Yung 2,3 1 UCL Crypto Group, Université Catholique de Louvain. 2 Dept. of Computer
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationLightweight Cryptography Meets Threshold Implementation: A Case Study for Simon
Lightweight Cryptography Meets Threshold Implementation: A Case Study for Simon by Aria Shahverdi A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationIntro to Physical Side Channel Attacks
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy Šibenik, Croatia Outline Why physical attacks matter Implementation attacks and power analysis
More informationHigh-Resolution EM Attacks Against Leakage-Resilient PRFs Explained
High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained And An Improved Construction Florian Unterstein 1, Johann Heyszl 1, Fabrizio De Santis 2, Robert Specht 1, and Georg Sigl 3 1 Fraunhofer
More informationStatistical Analysis for Access-Driven Cache Attacks Against AES
Statistical Analysis for Access-Driven Cache Attacks Against AES Liwei Zhang, A. Adam Ding, Yunsi Fei, and Zhen Hang Jiang 1 Department of Mathematics, Northeastern University, Boston, MA 02115 2 Department
More informationAlgebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection
Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection Andrey Bogdanov 1, Ilya Kizhvatov 2, and Andrey Pyshkin 3 1 Horst Görtz Institute for Information Security Ruhr-University
More informationSystematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers
Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers Hui Zhao, Yongbin Zhou,,François-Xavier Standaert 2, and Hailong Zhang State Key Laboratory
More informationSliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock
Sliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock Dor Fledel 1 and Avishai Wool 1 School of Electrical Engineering, Tel-Aviv University, Tel-Aviv 69978, Israel dorfledel@tau.ac.il,
More informationMaking Masking Security Proofs Concrete
Making Masking Security Proofs Concrete Or How to Evaluate the Security of any Leaking Device Extended Version Alexandre Duc 1, Sebastian Faust 1,2, François-Xavier Standaert 3 1 HEIG-VD, Lausanne, Switzerland
More informationPartition vs. Comparison Side-Channel Distinguishers
Partition vs. Comparison Side-Channel Distinguishers An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices François-Xavier Standaert, Benedikt
More informationImpact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers
Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Goutam Paul and Shashwat Raizada Jadavpur University, Kolkata and Indian Statistical Institute,
More informationA DPA attack on RSA in CRT mode
A DPA attack on RSA in CRT mode Marc Witteman Riscure, The Netherlands 1 Introduction RSA is the dominant public key cryptographic algorithm, and used in an increasing number of smart card applications.
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationPractical CCA2-Secure and Masked Ring-LWE Implementation
Practical CCA2-Secure and Masked Ring-LWE Implementation Tobias Oder 1, Tobias Schneider 2, Thomas Pöppelmann 3, Tim Güneysu 1,4 1 Ruhr-University Bochum, 2 Université Catholique de Louvain, 3 Infineon
More informationAmortizing Randomness Complexity in Private Circuits
Amortizing Randomness Complexity in Private Circuits Sebastian Faust 1,2, Clara Paglialonga 1,2, Tobias Schneider 1,3 1 Ruhr-Universität Bochum, Germany 2 Technische Universität Darmstadt, Germany 3 Université
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationSuccess through confidence: Evaluating the effectiveness of a side-channel attack.
Success through confidence: Evaluating the effectiveness of a side-channel attack. Adrian Thillard, Emmanuel Prouff, and Thomas Roche ANSSI, 51, Bd de la Tour-Maubourg, 757 Paris 7 SP, France firstname.name@ssi.gouv.fr
More informationMutual Information Analysis: a Comprehensive Study
Mutual Information Analysis: a Comprehensive Study Lejla Batina 1,2, Benedikt Gierlichs 1, Emmanuel Prouff 3, Matthieu Rivain 4, François-Xavier Standaert 5 and Nicolas Veyrat-Charvillon 5 1 K.U.Leuven,
More informationMasking the GLP Lattice-Based Signature Scheme at Any Order
Masking the GLP Lattice-Based Signature Scheme at Any Order Sonia Belaïd Joint Work with Gilles Barthe, Thomas Espitau, Pierre-Alain Fouque, Benjamin Grégoire, Mélissa Rossi, and Mehdi Tibouchi 1 / 31
More informationSymbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS Inès Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz Sorbonne Universités, UPMC Univ Paris
More informationMy traces learn what you did in the dark: recovering secret signals without key guesses
My traces learn what you did in the dark: recovering secret signals without key guesses Si Gao 1,2, Hua Chen 1, Wenling Wu 1, Limin Fan 1, Weiqiong Cao 1,2, and Xiangliang Ma 1,2 1 Trusted Computing and
More informationCS293 Report Side Channel Attack with Machine Learning
000 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050
More informationSNR to Success Rate: Reaching the Limit of Non-Profiling DPA
SNR to Success Rate: Reaching the Limit of Non-Profiling DPA Suvadeep Hajra Dept. of Computer Science & Engg. Indian Institute of Technology, Kharagpur, India suvadeep.hajra@gmail.com Debdeep Mukhopadhyay
More informationFull Collision Attack: Pushing the Limits of Exhaustible Key Spaces
Full Collision Attack: Pushing the Limits of Exhaustible Key Spaces Changhai Ou and Siew-Kei Lam Hardware & Embedded Systems Lab, School of Computer Science and Engineering, Nanyang Technological University,
More informationThe Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek 1, Annelie Heuser 2, Alan Jovic 3, Shivam Bhasin 4, and Francesco Regazzoni 5 1 Delft
More informationGeneric Side-Channel Distinguishers: Improvements and Limitations
Generic Side-Channel Distinguishers: Improvements and Limitations Nicolas Veyrat-Charvillon, François-Xavier Standaert UCL Crypto Group, Université catholique de Louvain. Place du Levant 3, B-1348, Louvain-la-Neuve,
More informationMasking AES with d + 1 Shares in Hardware
Masking AES with d + 1 Shares in Hardware Thomas De Cnudde 1, Oscar Reparaz 1, Begül Bilgin 1, Svetla Nikova 1, Ventzislav Nikov 2 and Vincent Rijmen 1 1 KU Leuven, ESAT-COSIC and iminds, Belgium {name.surname}@esat.kuleuven.be
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationMutual Information Analysis: a Comprehensive Study
J. Cryptol. (2011) 24: 269 291 DOI: 10.1007/s00145-010-9084-8 Mutual Information Analysis: a Comprehensive Study Lejla Batina ESAT/SCD-COSIC and IBBT, K.U.Leuven, Kasteelpark Arenberg 10, 3001 Leuven-Heverlee,
More informationBlock Ciphers and Side Channel Protection
Block Ciphers and Side Channel Protection Gregor Leander ECRYPT-CSA@CHANIA-2017 Main Idea Side-Channel Resistance Without protection having a strong cipher is useless Therefore: Masking necessary Usual
More informationAnalysis of cryptographic hash functions
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share
More informationConsolidating Masking Schemes
Consolidating Masking Schemes Oscar Reparaz, Begül Bilgin, Svetla Nikova, Benedikt Gierlichs, and Ingrid Verbauwhede firstname.lastname@esat.kuleuven.be KU Leuven ESAT/COSIC and iminds, Belgium Abstract.
More informationCollision-Correlation Attack against some 1 st -order Boolean Masking Schemes in the Context of Secure Devices
Collision-Correlation Attack against some 1 st -order Boolean Masking Schemes in the Context of Secure Devices Thomas Roche and Victor Lomné ANSSI 51 boulevard de la Tour-Maubourg, 75700 Paris 07 SP, France
More informationRejection regions for the bivariate case
Rejection regions for the bivariate case The rejection region for the T 2 test (and similarly for Z 2 when Σ is known) is the region outside of an ellipse, for which there is a (1-α)% chance that the test
More informationInvestigations of Power Analysis Attacks on Smartcards *
Investigations of Power Analysis Attacks on Smartcards * Thomas S. Messerges Ezzy A. Dabbish Robert H. Sloan 1 Dept. of EE and Computer Science Motorola Motorola University of Illinois at Chicago tomas@ccrl.mot.com
More informationSide-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects
Side-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects Zhimin Chen, Syed Haider, and Patrick Schaumont Virginia Tech, Blacksburg, VA 24061, USA {chenzm,syedh,schaum}@vt.edu Abstract.
More informationExponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security
Exponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security Werner Schindler (Bundesamt für Sicherheit in der Informationstechnik (BSI)) and Kouichi Itoh (Fujitsu Laboratories
More informationFormal Verification of Side-Channel Countermeasures
Formal Verification of Side-Channel Countermeasures Sonia Belaïd June 5th 2018 1 / 35 1 Side-Channel Attacks 2 Masking 3 Formal Tools Verification of Masked Implementations at Fixed Order Verification
More informationMutual Information Coefficient Analysis
Mutual Information Coefficient Analysis Yanis Linge 1,2, Cécile Dumas 1, and Sophie Lambert-Lacroix 2 1 CEA-LETI/MINATEC, 17 rue des Martyrs, 38054 Grenoble Cedex 9, France yanis.linge@emse.fr,cecile.dumas@cea.fr
More informationCryptanalysis of SP Networks with Partial Non-Linear Layers
Cryptanalysis of SP Networks with Partial Non-Linear Layers Achiya Bar-On 1, Itai Dinur 2, Orr Dunkelman 3, Nathan Keller 1, Virginie Lallemand 4, and Boaz Tsaban 1 1 Bar-Ilan University, Israel 2 École
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationAffine Masking against Higher-Order Side Channel Analysis
Affine Masking against Higher-Order Side Channel Analysis Guillaume Fumaroli 1, Ange Martinelli 1, Emmanuel Prouff 2, and Matthieu Rivain 3 1 Thales Communications {guillaume.fumaroli, jean.martinelli}@fr.thalesgroup.com
More informationConsolidating Security Notions in Hardware Masking
Consolidating Security Notions in Hardware Masking Lauren De Meyer 1, Begül Bilgin 1,2 and Oscar Reparaz 1,3 1 KU Leuven, imec - COSIC, Leuven, Belgium firstname.lastname@esat.kuleuven.be 2 Rambus, Cryptography
More informationLAB 2. HYPOTHESIS TESTING IN THE BIOLOGICAL SCIENCES- Part 2
LAB 2. HYPOTHESIS TESTING IN THE BIOLOGICAL SCIENCES- Part 2 Data Analysis: The mean egg masses (g) of the two different types of eggs may be exactly the same, in which case you may be tempted to accept
More informationConsolidating Inner Product Masking
Consolidating Inner Product Masking Josep Balasch 1, Sebastian Faust 2,3, Benedikt Gierlichs 1, Clara Paglialonga 2,3, François-Xavier Standaert 4 1 imec-cosic KU euven, Belgium 2 Ruhr-Universität Bochum,
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. In
More informationNICV: Normalized Inter-Class Variance for Detection of Side-Channel Leakage
NICV: Normalized Inter-Class Variance for Detection of Side-Channel Leakage Shivam Bhasin 1 Jean-Luc Danger 1,2 Sylvain Guilley 1,2 Zakaria Najm 1 1 Institut MINES-TELECOM, TELECOM ParisTech, Department
More informationA Statistics-based Fundamental Model for Side-channel Attack Analysis
A Statistics-based Fundamental Model for Side-channel Attack Analysis Yunsi Fei, A. Adam Ding, Jian Lao, and Liwei Zhang 1 Yunsi Fei Department of Electrical and Computer Engineering Northeastern University,
More informationDIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS
DIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS Sylvain Guilley, Philippe Hoogvorst and Renaud Pacalet GET / Télécom Paris, CNRS LTCI Département communication et électronique 46 rue Barrault, 75634
More informationLecture 13: Sequential Circuits, FSM
Lecture 13: Sequential Circuits, FSM Today s topics: Sequential circuits Finite state machines 1 Clocks A microprocessor is composed of many different circuits that are operating simultaneously if each
More informationLinear Cryptanalysis of Reduced-Round Speck
Linear Cryptanalysis of Reduced-Round Speck Tomer Ashur Daniël Bodden KU Leuven and iminds Dept. ESAT, Group COSIC Address Kasteelpark Arenberg 10 bus 45, B-3001 Leuven-Heverlee, Belgium tomer.ashur-@-esat.kuleuven.be
More informationSide-Channel Analysis on Blinded Regular Scalar Multiplications
Side-Channel Analysis on Blinded Regular Scalar Multiplications Extended Version Benoit Feix 1 and Mylène Roussellet 2 and Alexandre Venelli 3 1 UL Security Transactions, UK Security Lab benoit.feix@ul.com
More informationDifferential Power Analysis of a McEliece Cryptosystem
Differential Power Analysis of a McEliece Cryptosystem Cong Chen 1, Thomas Eisenbarth 1, Ingo von Maurich 2, and Rainer Steinwandt 3 1 Worcester Polytechnic Institute, Worcester, MA, USA {cchen3,teisenbarth}@wpi.edu
More informationPractical Free-Start Collision Attacks on 76-step SHA-1
Practical Free-Start Collision Attacks on 76-step SHA-1 Inria and École polytechnique, France Nanyang Technological University, Singapore Joint work with Thomas Peyrin and Marc Stevens CWI, Amsterdam 2015
More informationComputers and Mathematics with Applications
Computers and Mathematics with Applications 61 (2011) 1261 1265 Contents lists available at ScienceDirect Computers and Mathematics with Applications journal homepage: wwwelseviercom/locate/camwa Cryptanalysis
More informationHardware Security Side channel attacks
Hardware Security Side channel attacks R. Pacalet renaud.pacalet@telecom-paristech.fr May 24, 2018 Introduction Outline Timing attacks P. Kocher Optimizations Conclusion Power attacks Introduction Simple
More informationGarbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs
Ruhr-University Bochum Bochum Chair for System Security Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs Kimmo Järvinen Aalto University, Finland Vladimir
More information* Tuesday 17 January :30-16:30 (2 hours) Recored on ESSE3 General introduction to the course.
Name of the course Statistical methods and data analysis Audience The course is intended for students of the first or second year of the Graduate School in Materials Engineering. The aim of the course
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationReview: General Approach to Hypothesis Testing. 1. Define the research question and formulate the appropriate null and alternative hypotheses.
1 Review: Let X 1, X,..., X n denote n independent random variables sampled from some distribution might not be normal!) with mean µ) and standard deviation σ). Then X µ σ n In other words, X is approximately
More informationA Stochastic Model for Differential Side Channel Cryptanalysis
A Stochastic Model for Differential Side Channel Cryptanalysis Werner Schindler 1, Kerstin Lemke 2, Christof Paar 2 1 Bundesamt für Sicherheit in der Informationstechnik (BSI) 53175 Bonn, Germany 2 Horst
More informationHow to Estimate the Success Rate of Higher-Order Side-Channel Attacks
How to Estimate the Success Rate of Higher-Order Side-Channel Attacks Victor Lomné 1, Emmanuel Prouff 1, Matthieu Rivain 2, Thomas Roche 1, and Adrian Thillard 1,3 1 ANSSI firstname.name@ssi.gouv.fr 2
More informationAlgebraic Side-Channel Attacks
Algebraic Side-Channel Attacks Mathieu Renauld, François-Xavier Standaert UCL Crypto Group, Université catholique de Louvain, B-1348 Louvain-la-Neuve. e-mails: mathieu.renauld,fstandae@uclouvain.be Abstract.
More informationOn the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking
On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun Goudarzi and Matthieu Rivain CHES 2016, Santa-Barbara Higher-Order Masking x = x 1 + x 2 + + x d 2/28 Higher-Order
More informationMulti-target DPA attacks: Pushing DPA beyond the limits of a desktop computer
Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer Luke Mather, Elisabeth Oswald, and Carolyn Whitnall Department of Computer Science, University of Bristol, Merchant Venturers
More informationLinear Regression Side Channel Attack Applied on Constant XOR
Linear Regression Side Channel Attack Applied on Constant XOR Shan Fu ab, Zongyue Wang c, Fanxing Wei b, Guoai Xu a, An Wang d a National Engineering Laboratory of Mobile Internet Security, Beijing University
More informationMasking the GLP Lattice-Based Signature Scheme at any Order
Masking the GLP Lattice-Based Signature Scheme at any Order Gilles Barthe (IMDEA Software Institute) Sonia Belaïd (CryptoExperts) Thomas Espitau (UPMC) Pierre-Alain Fouque (Univ. Rennes I and IUF) Benjamin
More informationEC2001 Econometrics 1 Dr. Jose Olmo Room D309
EC2001 Econometrics 1 Dr. Jose Olmo Room D309 J.Olmo@City.ac.uk 1 Revision of Statistical Inference 1.1 Sample, observations, population A sample is a number of observations drawn from a population. Population:
More informationLecture 7: CPA Security, MACs, OWFs
CS 7810 Graduate Cryptography September 27, 2017 Lecturer: Daniel Wichs Lecture 7: CPA Security, MACs, OWFs Scribe: Eysa Lee 1 Topic Covered Chosen Plaintext Attack (CPA) MACs One Way Functions (OWFs)
More informationA semi-device-independent framework based on natural physical assumptions
AQIS 2017 4-8 September 2017 A semi-device-independent framework based on natural physical assumptions and its application to random number generation T. Van Himbeeck, E. Woodhead, N. Cerf, R. García-Patrón,
More informationCRYPTOGRAPHIC COMPUTING
CRYPTOGRAPHIC COMPUTING ON GPU Chen Mou Cheng Dept. Electrical Engineering g National Taiwan University January 16, 2009 COLLABORATORS Daniel Bernstein, UIC, USA Tien Ren Chen, Army Tanja Lange, TU Eindhoven,
More informationAchilles Heel: the Unbalanced Mask Sets May Destroy a Masking Countermeasure
Achilles Heel: the Unbalanced Mask Sets May Destroy a Masking Countermeasure Jingdian Ming 1,2, Wei Cheng 1, Huizhong Li 1,2, Guang Yang 1,2, Yongbin Zhou 1,2, and Qian Zhang 1,2 1 State Key Laboratory
More informationDecomposed S-Boxes and DPA Attacks: A Quantitative Case Study using PRINCE
Decomposed S-Boxes and DPA Attacks: A Quantitative Case Study using PRINCE Ravikumar Selvam, Dillibabu Shanmugam, Suganya Annadurai, Jothi Rangasamy Society for Electronic Transactions and Security, India.
More informationHYPOTHESIS TESTING. Hypothesis Testing
MBA 605 Business Analytics Don Conant, PhD. HYPOTHESIS TESTING Hypothesis testing involves making inferences about the nature of the population on the basis of observations of a sample drawn from the population.
More informationTemplate Attacks with Partial Profiles and Dirichlet Priors: Application to Timing Attacks June 18, 2016
Template Attacks with Partial Profiles and Dirichlet Priors: Application to Timing Attacks June 18, 2016 Eloi de Chérisey, Sylvain Guilley, Darshana Jayasinghe and Olivier Rioul Contents Introduction Motivations
More informationA New Framework for Constraint-Based Probabilistic Template Side Channel Attacks
A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks Yossef Oren 1, Ofir Weisse 2, Avishai Wool 3 yos@cs.columbia.edu, ofirweisse@gmail.com, yash@eng.tau.ac.il 1 Network Security
More informationMutual Information Analysis
Mutual Information Analysis A Universal Differential Side-Channel Attack Benedikt Gierlichs 1, Lejla Batina 1, and Pim Tuyls 1,2 1 K.U. Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee,
More informationWhite-Box Cryptography
White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to protect a cryptographic key? Well, put it in a smartcard of course!... or any piece of secure hardware But...
More information