On some physical attacks of RSA

Transcription

1 attacks December 9, 2014

2 Plan attacks 1

3 Bugs? attacks N. Wirth has written a lot of books, one is: Programs = Algorithms + Data But a computation has to be done in the real world so, reality is: Programs = Algorithms + Data + Processor + Bug(s)

4 Bugs? attacks They can be in the source code or in the executable code (because of bug compilers) or in the processors: 1 They can be hidden 2... or injected but more interestingly: they can be created on the fly during the computation by physical agression.

5 Physics? Processors don t like coldness, heat, high voltage, lasers, and particles: they can induce faults First known example 1978: May and Woods have understood that particle with high energy could cause faults. Aviation and aerospace companies know the problems 1996 J.F. Ziegler [IBM]: IBM Journal of R&D - Vol 40, No 1, "Terrestrial cosmic rays and soft errors" 2006: ASTEP, Plateforme europeenne pour tester la vulnerabilite des composants microelectroniques aux neutrons atmospheriques,... determiner avec une grande precision la sensibilite de circuits microelectroniques de haute complexite, briques de base des objets communicants (... ), a l environnement radiatif naturel terrestre. attacks

6 Citations attacks... with these sort of schemes the devil is always in the details, and there are lots of details. R. Rivest Incident de Schaerbeek (B) en 2003: 4096 = voix d ecart entre le vote papier et le vote electronique pour une candidate

7 RSA in a few words September 17th 2000 (end of the patent): RSA on the gift by RSA Data Securiy! attacks

8 Plan attacks 2

9 ...? How to inject a fault at the right time? With any action that deliberately modify the usual physical context: Power glitch: non invasive attack Clock Glitch: non invasive attack Light Glitch: with light source or laser, semi invasive or invasive attack Temperature Glitch: semi invasive attack Attack with ion beams or X-rays or... : non invasive attack Example: Freeze the processor, or put in on a parabolic flight, or put it on a cube satellite Do it with what you have, with what you can found, with what you can pay... attacks

10 Fault Models attacks When and where inject a fault? (Ref [OT]) 1 Fault Model #1: One bit. Anytime. Anywhere. Precise Bit Errors. 2 Fault Model #2: One byte. Anytime. Not anywhere. Precise Byte Errors. 3 Fault Model #3: One byte. Not Anytime. Not anywhere. Unknown Byte Errors. 4 Fault Model #4: No Control at all. Random Errors.

11 Some known attacks attacks 1997: Boneh, DeMillo, et Lipton [BDL]: bit-flipping attack (presented) 2001: Boneh, DeMillo, et Lipton [BDL]: attack of RSA-CRT (presented) 2008: Biham, Carmeli, Shamir [BCS]: The Bug attack: they show how to use the (in)famous Intel Division Pentium Bug (or other similar bugs) in the hardware These three papers a show that we can attack the algorithm via the hardware! a And a lot of other papers: see [F04,F05,F06,F7].

12 The RSA exponentiation: the target A Fast Exponentiation Algorithm Algorithm 1 : Right-Left Exponentiation Input: N N, M Z N, e Z N, ; Output: Puiss-Mod(M, e, N) = M e mod N; Begin: Compute e = (b k 1, b k 2 b 1, b 0 ) 2 ; R 0 = 1; R 1 = M; For i = 0 To i = k 1 Do If (b i == 1) Then R 0 = R 0 R 1 mod N EndIf; R 1 = R 2 1 mod N ; EndFor Return R 1 End. attacks

13 RSA-CRT use the... Chinese Remainder Theorem: Let n 1, n k coprime integers (two by two) Then for all integers a 1, a k A unique integer X exists, mod N = k i=1 n i, such that: X a 1 mod n 1 X a 2 mod n 2... X a k mod n k We will write: attacks X = CRT(a 1, a 2, a k ).

14 RSA Signature by CRT: faster than M d mod N attacks Algorithm 2 : RSA-CRT Signature ) Input: N N, M Z N, d Z N ; Remind: The RSA equation e d k (p 1)(q 1) = 1 ; Output: Power-Mod(M, d, N) = M d mod N; Begin: Compute d p = d mod p; Compute d q = d mod q; Compute S p = M d p mod p; Compute S q = M d q mod q; Compute S = M d mod N; Return S = CRT(S p, S q ); // Recombination End.

15 Plan attacks 3

16 Bit-flipping Attack: see [BDL] attacks Algorithm 3 : The naive BellCore Attack of a RSA Signature Input: N N, M Z N ; Output: d = (b t 1 b 0 ) ; Begin: Compute S = M d mod N ; For i = 0 To t 1 Do ˆb i = 0 ; ˆd = (b t 1 ˆb i b 0 ) ; Compute Ŝ i = Mˆd mod N ; If (Ŝ i == S) Then b i == 0 Else b i == 1 EndIf; EndFor Return d; End.

17 Bellcore Attack by Chinese Remainder attacks Algorithm 4 : Bellcore Attack -CRT Input: N N, M Z N ; Output: p et q tels que N = p q; Begin: Compute S = M d mod N ; Compute S p = M d p mod p ; Compute dˆ q = d q + ɛ ; // Example of a fault injection Compute Sˆ d q = M ˆ q mod q ; // S q has been replaced by faulty Sˆ q Compute Ŝ = CRT(S p, Sˆ q ) ; // S == S p mod p et S Sˆ q mod q ; p = GCD(S Ŝ mod N, N) ; Return (p, q); End.

18 Plan attacks 4

19 See [SH] Algorithm 5 : RSA-CRT with Input: N N, p, q, d, M Z N ; Output: S = M d mod N; Begin: Choose a small random number with r < min(p, q) ; Compute p = p r ; Compute q = q r ; Compute S p = M d mod ϕ(p ) mod p ; Compute S q = M d mod ϕ(q ) mod q ; If S p! = S q mod r Return Error ; Compute S p = S p mod r ; Compute S q = S q mod r ; Compute S = CRT(S p, S q ) ; Return S; End. attacks

20 Plan attacks 5

21 : Countermeasures attacks How to protect? Use s is an example: S p! = S q mod r But we can of course bit-flip the result of this test so... unfortunately this can also be defeated! We need more sophisticated s!

22 Plan attacks 6

23 ANa R. Anderson, Security Engineering, Wiley, ANb R. Anderson, M. Khun, Tamper resistance - a Cautionary Note. ANc R. Anderson, M. Khun, Low cost on tamper resistant Devices, Security Protocols 5th Inter. Workshop, 1997, LNCS 1361, Springer-Verlag. BDL D. Boneh, R. A. DeMillo, et R. J. Lipton, On the Importance of Eliminating Errors in Cryptographic Computations, Journal of Cryptology, vol. 14, pp , BCS BO J. Blomer, M. Otto, Wagner s attack on a secure CRT-RSA algorithm reconsidered, disponible sur [OT]. attacks

24 attacks BOS J. Blomer, M. Otto, et J.-P. Seifert, A new CRT-RSA algorithm secure against Bellcore attacks, CCS 03, octobre DU P. Dusart, Les cartes a puce. Securite et Attaques, ER R. Erra, Attaques de protocoles RSA, MISC numero 10. F04 F05 F06 F07

25 KOa P. C. Kocher, Timing on Implementations of Diffie-Hellman RSA DSS and Other Systems. Proceedings of CRYPTO 96, Disponible sur [KOd]. KOb P. C. Kocher, J. Jaffe, B. Jun, Differential Power Analysis, Proceedings of CRYPTO 99, KOc KOd US Patent N. 6,298,442. OT M. Otto, These et articles disponibles sur SH A. Shamir, Methods and apparatus for protecting public key schemes from timing and faults attacks, US Patent N. 5,991,415. attacks

26 SK S. Skorogobarov, R. Anderson, Optical fault Induction Attack, disponible sur le site de R. Anderson. SOR H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan, The Sorcerer s Apprentice Guide to Fault, UCH dinoj/smartcard/security.html WA D. Wagner, Cryptanalysis of a provable secure CRT-RSA algorithm, Conference on Computer and Communication Security, CCS 2004, ACM SIGSAC, CM Press, Ya S.-M. Yen, S. Kim, S. Lim et S. Moon, RSA speedup with residue number system immune against hardware fault cryptanalysis, IEEE Transactions on Computers, vol 52, , attacks