Introduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
|
|
- Mildred Barber
- 5 years ago
- Views:
Transcription
1 Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol
2 Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part 4: Current research Please do ask questions as & when they arise
3 Types of attacks Measure some physical characteristics like power consumption, electromagnetic emanation, timing Device (Smart Card, phone,..) Crypto (AES, RSA-OAEP, ECC, ) Implementation of Algorithm (Software + Hardware) Dismantle Induce Error (Laser, Voltage, Electromagnetic Pulse, )
4 Types of attacks in a nutshell Non-Invasive Attacks Device attacked as is, only accessible interfaces exploited, relatively inexpensive Semi-Invasive Attacks Device is depackaged but no direct electrical contact is made to the chip surface, more expensive Invasive Attacks No limits what is done with the device Passive Attacks The device is operated largely or even entirely within its specification Side-channel attacks: timing attacks, power + EM attacks, cache trace Read out memory of device without probing or using the normal read-out circuits Probing depackaged devices but only observe data signals Active Attacks The device, its inputs, and/or its environment are manipulated in order to make the device behave abnormally Insert fault in device without depackaging: clock glitches, power glitches, or by changing the temperature Induce faults in depackaged devices with e.g. X-rays, electromagnetic fields, or light Depackaged devices are manipulated by probing, laser beams, focused ion beams
5 Security is hard in practice! Crypto devices ought to protect keys from being revealed/extracted Cryptographers have been very good in proving algorithms secure in theory Engineers have learned how to deal with the practical mess Real life often gets in the way Limited computing power Limited memory Limited time
6 Outline Part 1: SCA overview & leakage Focus on power analysis Part 2: SCA attacks & exploiting leakage Part 3: Countermeasures Part 4: Current research Please do ask questions as & when they arise
7 Power Analysis Attacks Power consumption of cryptographic device depends on instructions and data. V dd q Data q a q CMOS Inverter A GND Power consumption
8 (Simple) Power analysis Use snapshot of power consumption Single or few power traces Analyse patterns within one trace Patterns correspond to secret key
9 Differential power analysis Attacker requires many power traces Fixed key, varying data Analyse patterns/differences across different traces (but at same point in time) t t K=0 D=1 K=0 D=2 K=0 D=3 t
10 SPA and DPA exploit leakage Global leakage per time index Power analysis, EM analysis Local leakage per time index EM analysis, timing derived via EM Global leakage Timing, cache trace, timing derived via power consumption Amount of leakage does depend on side channel!
11 Does leakage behaviour change? Of course: it depends on e.g. power consumption which depends on parameters such as supply voltage, clock frequency, but also which parts of a device are accessed, scheduling of processes, etc.
12 How can we measure leakage? Theoretical issues Average entropy vs. min entropy Univariate vs. multivariate Practical issues Which configuration of device? (parallel processing, pipelining, interrupts, etc.) Multivariate: points of interest?
13 Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage Part 3: Countermeasures Part 4: Current research Please do ask questions as & when they arise
14 SCA attack types Disclaimer: there are no universally accepted definitions/descriptions for any of the concepts I will mention SPA, template based SPA, collision attacks DPA, template based DPA, univariate, multivariate
15 SPA-type attacks SPA attacks exploit key-dependent differences that occur within a trace. Use only very few power traces. k = 31 Some SPA attacks can be extremely successful Unprotected multiplications or scalar multiplications (ECC) can be trivially broken Simple timing analysis can be shockingly successful Just think of all the implementations of PIN/password comparisons implemented efficiently (i.e. check item by item with stop as soon as mismatch is detected) Obstacles in practice Often need to know how implementation work Profiling required for template-based SPA attacks k = 21 difference
16 DPA-type attacks Data Device under Attack (Key) Data Model of the Device under Attack Key Hypothesis Real power consumption Statistical Analysis Hypothetical power consumption Decision about Key Hypothesis
17 DPA: Measuring real power consumption (1/5) Cryptographic device (device under attack) Measurement circuit, probe Oscilloscope/PC Challenge is not to induce too much noise Maybe more art than science
18 DPA: key hypothesis (2/5) Key guess in model is typically small Example: AES State Mixes key with message bit-wise Uses key byte-wise AES round State' s 0,0 s 0,1 s 0,2 s 0,3 s 1,0 s 1,1 s 1,2 s 1,3 SubBytes ( ) s' 0,0 s' 0,1 s' 0,2 s' 0,3 s' 1,0 s' 1,1 s' 1,2 s' 1,3 s 2,0 s 2,1 Ss 2,2 i,j s 2,3 SBox S' i,j s 3,0 s 3,1 s 3,2 s 3,3 s 3,0 s 3,1 s 3,2 s 3,3 3 s 2,0 s 2,1 s 2,2 s 2,3 2 S 2,2 s' 2,0 s' 2,1 s' 2,2 s' 2,3 s' 3,0 s' 3,1 s' 3,2 s' 3,3 s 0,0 s 0,1 s 0,2 s 0,3 0 s' 0,0 s' 0,1 s' 0,2 s' ShiftRows ( ) 0,3 s 1,0 s 1,1 s 1,2 s 1,3 1 s' 1,0 s' 1,1 s' 1,2 s' 1,3 S 2,0 S 2,1 S 2,2 S 2,3 s' 2,0 S 2,3 s' 2,1 Ss' 2,2 2,0 s' 2,3 S 2,1 S 0,2 s0,0 s0,1 s0,2 s0,3 S 1,2 s1,0 s1,1 s1,2 s1,3 S 2,2 s2,0 s2,1 s2,2 s2,3 s3,0 s3,1 s3,2 s3,3 S 3,2 Rotate left MixColumns ( ) (`03 x 3 + `01 x 2 + `01 x + `02 ) mod (x 4 + 1) s' 3,0 s' 3,1 s' 3,2 s' 3,3 S' 0,2 s'0,0 s'0,1 s'0,2 s'0,3 S' 1,2 s'1,0 s'1,1 s'1,2 s'1,3 S' 2,2 s'2,0 s'2,1 s'2,2 s'2,3 s'3,0 s'3,1 s'3,2 s'3,3 S' 3,2 s0,0 s0,1 s0,2 s0,3 s 1,0 s 1,1 s 1,2 s 1,3 s2,0 s2,1 s2,2 s2,3 s 3,0 s 3,1 s 3,2 s 3,3 SubBytes ( ) ShiftRows ( ) MixColumns ( ) AddRoundKey( ) s'0,0 s'0,1 s'0,2 s'0,3 s' r,c s' 1,0 s' 1, s' 1,2 s' 1,3 Byte s'2,0 s'2,1 s'2,2 s'2,3 s' 3,0 s' 3,1 s' 3,2 s' 3,3 s0,0 s0,1 s0,2 s0,3 s 1,0 s 1,1 s 1,2 s 1,3 s 2,0 s 2,1 s 2,2 s 2,3 AddRoundKey ( ) k0,0 k0,1 k0,2 k0,3 AddRoundKey ( ) k 1,0 k 1,1 k 1,2 k 1,3 k 2,0 k 2,1 k 2,2 k 2,3 s'0,0 s'0,1 s'0,2 s'0,3 s' 1,0 s' 1,1 s' 1,2 s' 1,3 s' 2,0 s' 2,1 s' 2,2 s' 2,3 Si,j ki,j S'i,j s 3,0 s 3,1 s 3,2 s 3,3 k 3,0 k 3,1 k 3,2 k 3,3 s' 3,0 s' 3,1 s' 3,2 s' 3,3
19 DPA: model (3/5) Model of device Implement cryptographic algorithm (similar architecture if possible) Calculate intermediate value using key guess Map intermediate value to hypothetical power consumption value
20 DPA: Three popular statistical tests (4/5) arg max s* ( *), M s ρ L Correlation analysis using Pearson s correlation coefficient. arg max s* p( M s* L) Bayesian analysis using normal distribution to determine probability. arg max E( L s* M s* = 0 ) E( L M s* = 1 M hypothetical leakage, determined from model L physical leakage, measured from device ) Distance of means test.
21 DPA: evaluation/key ranking (5/5) 1 d 1 d 2 d q k 1 k 2 k K Algorithm 3 V 1,1 V 1,2 V 1,K V 2,1 V 2,2 V 2,K V q,1 V q,2 2 Power model Traces l 1,1 l 1,2 l 1,T l 2,1 l 2,2 l 2,T V q,k 4 m 1,1 m 1,2 m 1,K m 2,1 m 2,2 m 2,K l q,1 l Dq,2 l q,t m q,1 m q,2 m q,k Statistics 5 r 1,1 r 1,2 r 1,T r 2,1 r 2,2 r 2,T r K,1 r K,2 r K,T
22 Effectiveness of DPA attacks: using ρ 2 8z 1 α / 2 We know the relationship n = ρ between the ρ and n ln 1 ρ A simple device (power model) allows attacker to determine ρ= ρ ck,ct via simulation or computation Previous slides: 8-bit microcontroller showing HW leakage, bit-model ρ ck,ct = ρ(m ck, l ct )=ρ(lsb(v ck ),HW(v ck ))=0.35 n 220 traces Disadvantage: works in specific scenarios only
23 Effectiveness of DPA attacks: success rate (SR) Ranking of key hypothesis Succ A (q)=sr correct key is ranked top in sr attack runs using q queries Generic measure
24 Does it matter which statistics to use? All 3 previously mentioned statistics are equally effective (in standard DPA attacks using mean-free data) Correlation: arg Bayes: E( L M s* s* max ρ( L, M ) = arg max s* 2 s* 2 s* s* E(( M ) ) E( M ) s* s* E( L M ) arg max p( M L) = arg max s* 2 s* s* E(( M ) ) )
25 Relationship between information and correlation Assuming we have Gaussian leakages and models which are close enough to Gaussian, this implies a direct relationship between correlation (i.e. how well does an attack work) and leakage In all other cases this relationship is NOT that simple
26 Experiments: Entropy (3/3) Practical evidence for Thm.4: Holds even for HW and Binary power models!
27 Other attacks: e. g. multivariate stuff, aka template attacks Characterisation Phase Determine interesting points, build templates: A template consists of the pair (m,c) that defines a multivariate normal distribution. Analysis Phase Match the templates to the given trace(s). The template that fits best, indicates the correct key.
28 Other attacks: e.g. second-order DPA (on masked implementations) Pre-processing prepares traces for DPA step. Targeted intermediate values occur in (P K) M Different clock cycles The same clock cycle The same clock cycle but power consumption characteristic allows exploiting leakage directly (L(S(P K) M)-L(P K M) S -box S(P K) M Then DPA attack on pre-processed traces using suitable hypothesis HW(S(P K) P K)
29 Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage Part 3: Countermeasures Part 4: Current research Please do ask questions as & when they arise
30 Countermeasures Intermediate values correspond to values processed in the device Power consumption of device can be related to processed values Intermediate values as predicted by attacker Masking Intermediate values as processed by device Hiding Power consumption of device Goal of any countermeasure: Make power consumption independent of intermediate values!
31 Masking: concealing intermediate values by random values Each intermediate value v is concealed by a random value m which is called the mask m generated at random and independent from v m is not known to the attacker m is generated anew for each new encryption run v m = v m Power consumption characteristics of device are not changed! Can be used to protect existing devices, logic styles
32 Hiding: modifying relationship between interm. values and power consumption Power consumption of device is independent of processed data if Device consumes random amounts of power in each clock cycle Device consumes equal amounts of power in each clock cycle Power consumption characteristics of a device are changed Same intermediate values are processed
33 Countermeasures: Protocol level First patents by Kocher: key update mechanism First academic contribution: PhD thesis of Borst Today: plenty of works that define leakage resilient schemes based on the key update idea
34 Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage Part 3: Countermeasures Part 4: Current research Please do ask questions as & when they arise
35 Current research Practitioner community: seems to be caught up with details -> find variation of attack X on implementation Y Do not look at system holistically Theory community: seem to only focus on high-level protocols -> can prove scheme X secure in model Y Do not pay any attention to practice (i.e. does model Y make sense, can scheme X be implemented)
36 Current research Fundamental questions still unanswered How do we measure leakage (univariate, multivariate, configuration of device, statistical method, etc.) How does leakage translate into SR of attacks How can high-level ideas be mapped on secure implementations (SCA aware compilers, design flow?)
37 Want more? Check out on IACR eprint One for all Leakage resilient cryptography The DPA book Visit: OpenSCA toolbox Follow links from
Elliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationHow to Evaluate Side-Channel Leakages
How to Evaluate Side-Channel Leakages 7. June 2017 Ruhr-Universität Bochum Acknowledgment Tobias Schneider 2 Motivation Security Evaluation Attack based Testing Information theoretic Testing Testing based
More informationDPA-Resistance without routing constraints?
Introduction Attack strategy Experimental results Conclusion Introduction Attack strategy Experimental results Conclusion Outline DPA-Resistance without routing constraints? A cautionary note about MDPL
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationComparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
International Conference on Manufacturing Science and Engineering (ICMSE 2015) Comparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer 1 Power Analysis Simple Power Analysis Correlation Power
More informationLeakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th, 015 Motivation Security Evaluation Motivation Security Evaluation
More informationRandom Delay Insertion: Effective Countermeasure against DPA on FPGAs
Random Delay Insertion: Effective Countermeasure against DPA on FPGAs Lu, Yingxi Dr. Máire O Neill Prof. John McCanny Overview September 2004 PRESENTATION OUTLINE DPA and countermeasures Random Delay Insertion
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationEfficient Application of Countermeasures for Elliptic Curve Cryptography
Efficient Application of Countermeasures for Elliptic Curve Cryptography Vladimir Soukharev, Ph.D. Basil Hess, Ph.D. InfoSec Global Inc. May 19, 2017 Outline Introduction Brief Summary of ECC Arithmetic
More informationDifferential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b, Jiachao Chen2,c, Junrong Liu3,d
4th International Conference on Sensors, Measurement and Intelligent Materials (ICSMIM 2015) Differential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b,
More informationA DPA attack on RSA in CRT mode
A DPA attack on RSA in CRT mode Marc Witteman Riscure, The Netherlands 1 Introduction RSA is the dominant public key cryptographic algorithm, and used in an increasing number of smart card applications.
More informationCorrelation Power Analysis. Chujiao Ma
Correlation Power Analysis Chujiao Ma Power Analysis Simple Power Analysis (SPA) different operations consume different power Differential Power Analysis (DPA) different data consume different power Correlation
More informationInvestigations of Power Analysis Attacks on Smartcards *
Investigations of Power Analysis Attacks on Smartcards * Thomas S. Messerges Ezzy A. Dabbish Robert H. Sloan 1 Dept. of EE and Computer Science Motorola Motorola University of Illinois at Chicago tomas@ccrl.mot.com
More informationProvably Secure Higher-Order Masking of AES
Provably Secure Higher-Order Masking of AES Matthieu Rivain 1 and Emmanuel Prouff 2 1 CryptoExperts matthieu.rivain@cryptoexperts.com 2 Oberthur Technologies e.prouff@oberthur.com Abstract. Implementations
More informationAccelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl
Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography International Workshop on Information Security & Hiding (ISH '05) Institute for Applied Information Processing and Communications
More informationStart Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling
IEEE TRANSACTIONS ON COMPUTERS, VOL.?, NO.?,?? 1 Start Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling Liran Lerman, Nikita Veshchikov, Olivier Markowitch,
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationMasking and Dual-rail Logic Don't Add Up
Masking and Dual-rail Logic Don't Add Up Patrick Schaumont schaum@vt.edu Secure Embedded Systems Group ECE Department Kris Tiri kris.tiri@intel.com Digital Enterprise Group Intel Corporation Our Contributions
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationImproving DPA by Peak Distribution Analysis
Improving DPA by Peak Distribution Analysis Jing Pan 1, Jasper GJ van Woudenberg 1, Jerry I den Hartog 2, and Marc F Witteman 1 1 Riscure BV, 2628 XJ Delft, The Netherlands {pan,vanwoudenberg,witteman}@riscurecom
More informationIntro to Physical Side Channel Attacks
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy Šibenik, Croatia Outline Why physical attacks matter Implementation attacks and power analysis
More informationLinear Regression Side Channel Attack Applied on Constant XOR
Linear Regression Side Channel Attack Applied on Constant XOR Shan Fu ab, Zongyue Wang c, Fanxing Wei b, Guoai Xu a, An Wang d a National Engineering Laboratory of Mobile Internet Security, Beijing University
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationAffine Masking against Higher-Order Side Channel Analysis
Affine Masking against Higher-Order Side Channel Analysis Guillaume Fumaroli 1, Ange Martinelli 1, Emmanuel Prouff 2, and Matthieu Rivain 3 1 Thales Communications {guillaume.fumaroli, jean.martinelli}@fr.thalesgroup.com
More informationLeakage Resilient Cryptography in Practice
Leakage Resilient Cryptography in Practice François-Xavier Standaert 1, Olivier Pereira 1, Yu Yu 1, Jean-Jacques Quisquater 1, Moti Yung 2,3, Elisabeth Oswald 4 1 Université catholique de Louvain, Crypto
More informationHardware Security Side channel attacks
Hardware Security Side channel attacks R. Pacalet renaud.pacalet@telecom-paristech.fr May 24, 2018 Introduction Outline Timing attacks P. Kocher Optimizations Conclusion Power attacks Introduction Simple
More informationSummary. Secured Arithmetic Operators for Cryptography. Introduction. Terminology
Summary Secured Arithmetic Operators for Cryptography Arnaud Tisserand CNRS, IRISA laboratory, CAIRN research team Electrical and Computer Engineering Seminar University of Massachusetts Amherst November
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. In
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationAlgebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection
Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection Andrey Bogdanov 1, Ilya Kizhvatov 2, and Andrey Pyshkin 3 1 Horst Görtz Institute for Information Security Ruhr-University
More informationA Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks François-Xavier Standaert 1, Tal G. Malkin 2, Moti Yung 2,3 1 UCL Crypto Group, Université Catholique de Louvain. 2 Dept. of Computer
More informationDIFFERENTIAL FAULT ANALYSIS ATTACK RESISTANT ARCHITECTURES FOR THE ADVANCED ENCRYPTION STANDARD *
DIFFERENTIAL FAULT ANALYSIS ATTACK RESISTANT ARCHITECTURES FOR THE ADVANCED ENCRYPTION STANDARD * Mark Karpovsky, Konrad J. Kulikowski, Alexander Taubin Reliable Computing Laboratory,Department of Electrical
More informationSystematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers
Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers Hui Zhao, Yongbin Zhou,,François-Xavier Standaert 2, and Hailong Zhang State Key Laboratory
More informationChannel Equalization for Side Channel Attacks
Channel Equalization for Side Channel Attacks Colin O Flynn and Zhizhang (David) Chen Dalhousie University, Halifax, Canada {coflynn, z.chen}@dal.ca Revised: July 10, 2014 Abstract. This paper introduces
More informationDifferential Fault Analysis of AES using a Single Multiple-Byte Fault
Differential Fault Analysis of AES using a Single Multiple-Byte Fault Subidh Ali 1, Debdeep Mukhopadhyay 1, and Michael Tunstall 2 1 Department of Computer Sc. and Engg, IIT Kharagpur, West Bengal, India.
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationProvable Security against Side-Channel Attacks
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable
More informationMulti-target DPA attacks: Pushing DPA beyond the limits of a desktop computer
Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer Luke Mather, Elisabeth Oswald, and Carolyn Whitnall Department of Computer Science, University of Bristol, Merchant Venturers
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationRandomized Signed-Scalar Multiplication of ECC to Resist Power Attacks
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks Jae Cheol Ha 1 and Sang Jae Moon 2 1 Division of Information Science, Korea Nazarene Univ., Cheonan, Choongnam, 330-718, Korea jcha@kornu.ac.kr
More informationFormal Verification of Side-Channel Countermeasures
Formal Verification of Side-Channel Countermeasures Sonia Belaïd June 5th 2018 1 / 35 1 Side-Channel Attacks 2 Masking 3 Formal Tools Verification of Masked Implementations at Fixed Order Verification
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationLightweight Cryptography Meets Threshold Implementation: A Case Study for Simon
Lightweight Cryptography Meets Threshold Implementation: A Case Study for Simon by Aria Shahverdi A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the
More informationMy traces learn what you did in the dark: recovering secret signals without key guesses
My traces learn what you did in the dark: recovering secret signals without key guesses Si Gao 1,2, Hua Chen 1, Wenling Wu 1, Limin Fan 1, Weiqiong Cao 1,2, and Xiangliang Ma 1,2 1 Trusted Computing and
More informationFault Attacks Against Lattice-Based Signatures
Fault Attacks Against Lattice-Based Signatures T. Espitau P-A. Fouque B. Gérard M. Tibouchi Lip6, Sorbonne Universités, Paris August 12, 2016 SAC 16 1 Towards postquantum cryptography Quantum computers
More informationIntroduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES
CSC/ECE 574 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 Outline Introductory Remarks Feistel Cipher DES AES CSC/ECE 574 Dr. Peng Ning 2 Introduction
More informationDTIS Review of Fault Injection Mechanisms and Consequences on Countermeasures Design. Bruno Robisson Jean-Baptiste Rigaud Assia Tria
DTIS 2011 6 th International Conference on Design & Technology of Integrated Systems in Nanoscale Era Review of Fault Injection Mechanisms and Consequences on Countermeasures Design Jean-Max Dutertre Jacques
More informationOn the Use of Masking to Defeat Power-Analysis Attacks
1/32 On the Use of Masking to Defeat Power-Analysis Attacks ENS Paris Crypto Day February 16, 2016 Presented by Sonia Belaïd Outline Power-Analysis Attacks Masking Countermeasure Leakage Models Security
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationOn the Practical Security of a Leakage Resilient Masking Scheme
On the Practical Security of a Leakage Resilient Masking Scheme T. Roche thomas.roche@ssi.gouv.fr Joint work with E. Prouff and M. Rivain French Network and Information Security Agency (ANSSI) CryptoExperts
More informationInner Product Masking Revisited
Inner Product Masking Revisited Josep Balasch 1, Sebastian Faust 2, and Benedikt Gierlichs 1 1 KU Leuven Dept. Electrical Engineering-ESAT/COSIC and iminds Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee,
More informationHorizontal and Vertical Side-Channel Attacks against Secure RSA Implementations
Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID:
More informationPower Analysis to ECC Using Differential Power between Multiplication and Squaring
Power Analysis to ECC Using Differential Power between Multiplication and Squaring Toru Akishita 1 and Tsuyoshi Takagi 2 1 Sony Corporation, Information Technologies Laboratories, Tokyo, Japan akishita@pal.arch.sony.co.jp
More informationEfficient, portable template attacks
Efficient, portable template attacks Marios O. Choudary, Markus G. Kuhn Computer Laboratory https://www.cl.cam.ac.uk/~mgk25/ Paper: IEEE Trans. Inf. Foren. Sec. 13(2), Feb. 2018, DOI 10.1109/TIFS.2017.2757440
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationOn the Masking Countermeasure and Higher-Order Power Analysis Attacks
1 On the Masking Countermeasure and Higher-Order Power Analysis Attacks François-Xavier Standaert, Eric Peeters, Jean-Jacques Quisquater UCL Crypto Group, Place du Levant, 3, B-1348 Louvain-La-Neuve, Belgium.
More informationSeveral Masked Implementations of the Boyar-Peralta AES S-Box
Several Masked Implementations of the Boyar-Peralta AES S-Box Ashrujit Ghoshal 1[0000 0003 2436 0230] and Thomas De Cnudde 2[0000 0002 2711 8645] 1 Indian Institute of Technology Kharagpur, India ashrujitg@iitkgp.ac.in
More informationLow Complexity Differential Cryptanalysis and Fault Analysis of AES
Low Complexity Differential Cryptanalysis and Fault Analysis of AES Michael Tunstall May/June, 2011 Michael Tunstall (University of Bristol) May/June, 2011 1 / 34 Introduction We present a survey of low
More informationProtecting AES with Shamir s Secret Sharing Scheme
Protecting AES with Shamir s Secret Sharing Scheme Louis Goubin 1 and Ange Martinelli 1,2 1 Versailles Saint-Quentin-en-Yvelines University Louis.Goubin@prism.uvsq.fr 2 Thales Communications jean.martinelli@fr.thalesgroup.com
More informationCS293 Report Side Channel Attack with Machine Learning
000 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050
More informationDesign of Low Power Optimized MixColumn/Inverse MixColumn Architecture for AES
Design of Low Power Optimized MixColumn/Inverse MixColumn Architecture for AES Rajasekar P Assistant Professor, Department of Electronics and Communication Engineering, Kathir College of Engineering, Neelambur,
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationHow to Estimate the Success Rate of Higher-Order Side-Channel Attacks
How to Estimate the Success Rate of Higher-Order Side-Channel Attacks Victor Lomné 1, Emmanuel Prouff 1, Matthieu Rivain 2, Thomas Roche 1, and Adrian Thillard 1,3 1 ANSSI firstname.name@ssi.gouv.fr 2
More informationPower Consumption Analysis. Arithmetic Level Countermeasures for ECC Coprocessor. Arithmetic Operators for Cryptography.
Power Consumption Analysis General principle: measure the current I in the circuit Arithmetic Level Countermeasures for ECC Coprocessor Arnaud Tisserand, Thomas Chabrier, Danuta Pamula I V DD circuit traces
More informationComprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure
Comprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi,mischke}@crypto.rub.de
More informationSIDE Channel Analysis (SCA in short) exploits information. Statistical Analysis of Second Order Differential Power Analysis
1 Statistical Analysis of Second Order Differential Power Analysis Emmanuel Prouff 1, Matthieu Rivain and Régis Bévan 3 Abstract Second Order Differential Power Analysis O- DPA is a powerful side channel
More informationAlgebraic Side-Channel Collision Attacks on AES
Algebraic Side-Channel Collision Attacks on AES Andrey Bogdanov 1 and Andrey Pyshkin 2 1 Chair for Communication Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de 2 Department of Computer
More informationA Collision-Attack on AES Combining Side Channel- and Differential-Attack
A Collision-Attack on AES Combining Side Channel- and Differential-Attack Kai Schramm, Gregor Leander, Patrick Felke, and Christof Paar Horst Görtz Institute for IT Security Ruhr-Universität Bochum, Germany
More informationRemote Timing Attacks are Practical
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationImproved Collision-Correlation Power Analysis on First Order Protected AES
Improved Collision-Correlation Power Analysis on First Order Protected AES Christophe Clavier, Benoit Feix, Georges Gagnerot, Mylène Roussellet, Vincent Verneuil To cite this version: Christophe Clavier,
More informationStatistical Analysis for Access-Driven Cache Attacks Against AES
Statistical Analysis for Access-Driven Cache Attacks Against AES Liwei Zhang, A. Adam Ding, Yunsi Fei, and Zhen Hang Jiang 1 Department of Mathematics, Northeastern University, Boston, MA 02115 2 Department
More informationLeakage Resilient ElGamal Encryption
Asiacrypt 2010, December 9th, Singapore Outline 1 Hybrid Encryption, the KEM/DEM framework 2 ElGamal KEM 3 Leakage Resilient Crypto Why? How? Other models? 4 Leakage Resilient ElGamal CCA1 secure KEM (Key
More informationLS-Designs. Bitslice Encryption for Efficient Masked Software Implementations
Bitslice Encryption for Efficient Masked Software Implementations Vincent Grosso 1 Gaëtan Leurent 1,2 François Xavier Standert 1 Kerem Varici 1 1 UCL, Belgium 2 Inria, France FSE 2014 G Leurent (UCL,Inria)
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationThe Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek 1, Annelie Heuser 2, Alan Jovic 3, Shivam Bhasin 4, and Francesco Regazzoni 5 1 Delft
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationDifferential Cache Trace Attack Against CLEFIA
Differential Cache Trace Attack Against CLEFIA Chester Rebeiro and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur, India {chester,debdeep}@cse.iitkgp.ernet.in
More informationSide-Channel Analysis on Blinded Regular Scalar Multiplications
Side-Channel Analysis on Blinded Regular Scalar Multiplications Extended Version Benoit Feix 1 and Mylène Roussellet 2 and Alexandre Venelli 3 1 UL Security Transactions, UK Security Lab benoit.feix@ul.com
More informationTemplates as Master Keys
Templates as Master Keys Dakshi Agrawal, Josyula R. Rao, Pankaj Rohatgi, and Kai Schramm IBM Watson Research Center P.O. Box 74 Yorktown Heights, NY 1598 USA {agrawal,jrrao,rohatgi}@us.ibm.com Communication
More informationSquare Always Exponentiation
Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1,2 Georges Gagnerot 1,2 Mylène Roussellet 2 Vincent Verneuil 2,3 1 XLIM-Université de Limoges, France 2 INSIDE Secure, Aix-en-Provence, France
More informationConsolidating Inner Product Masking
Consolidating Inner Product Masking Josep Balasch 1, Sebastian Faust 2,3, Benedikt Gierlichs 1, Clara Paglialonga 2,3, François-Xavier Standaert 4 1 imec-cosic KU euven, Belgium 2 Ruhr-Universität Bochum,
More informationMaking Masking Security Proofs Concrete
Making Masking Security Proofs Concrete Or How to Evaluate the Security of any Leaking Device Extended Version Alexandre Duc 1, Sebastian Faust 1,2, François-Xavier Standaert 3 1 HEIG-VD, Lausanne, Switzerland
More informationSuccess through confidence: Evaluating the effectiveness of a side-channel attack.
Success through confidence: Evaluating the effectiveness of a side-channel attack. Adrian Thillard, Emmanuel Prouff, and Thomas Roche ANSSI, 51, Bd de la Tour-Maubourg, 757 Paris 7 SP, France firstname.name@ssi.gouv.fr
More informationA Stochastic Model for Differential Side Channel Cryptanalysis
A Stochastic Model for Differential Side Channel Cryptanalysis Werner Schindler 1, Kerstin Lemke 2, Christof Paar 2 1 Bundesamt für Sicherheit in der Informationstechnik (BSI) 53175 Bonn, Germany 2 Horst
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationSliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock
Sliding-Window Correlation Attacks Against Encryption Devices with an Unstable Clock Dor Fledel 1 and Avishai Wool 1 School of Electrical Engineering, Tel-Aviv University, Tel-Aviv 69978, Israel dorfledel@tau.ac.il,
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de, www.crypto.rub.de Abstract. In
More informationElectromagnetic Side Channels of an FPGA Implementation of AES
Electromagnetic Side Channels of an FPGA Implementation of AES Vincent Carlier, Hervé Chabanne, Emmanuelle Dottax and Hervé Pelletier SAGEM SA Abstract. We show how to attack an FPGA implementation of
More informationExponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security
Exponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security Werner Schindler (Bundesamt für Sicherheit in der Informationstechnik (BSI)) and Kouichi Itoh (Fujitsu Laboratories
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationA Statistics-based Fundamental Model for Side-channel Attack Analysis
A Statistics-based Fundamental Model for Side-channel Attack Analysis Yunsi Fei, A. Adam Ding, Jian Lao, and Liwei Zhang 1 Yunsi Fei Department of Electrical and Computer Engineering Northeastern University,
More informationA New Framework for Constraint-Based Probabilistic Template Side Channel Attacks
A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks Yossef Oren 1, Ofir Weisse 2, Avishai Wool 3 yos@cs.columbia.edu, ofirweisse@gmail.com, yash@eng.tau.ac.il 1 Network Security
More informationInstitutionen för systemteknik
Institutionen för systemteknik Department of Electrical Engineering Examensarbete Power Analysis of the Advanced Encryption Standard Attacks and Countermeasures for 8-bit Microcontrollers Examensarbete
More informationMutual Information Analysis
Mutual Information Analysis A Universal Differential Side-Channel Attack Benedikt Gierlichs 1, Lejla Batina 1, and Pim Tuyls 1,2 1 K.U. Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee,
More informationEfficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2016 Efficient randomized regular modular exponentiation
More informationPARITY BASED FAULT DETECTION TECHNIQUES FOR S-BOX/ INV S-BOX ADVANCED ENCRYPTION SYSTEM
PARITY BASED FAULT DETECTION TECHNIQUES FOR S-BOX/ INV S-BOX ADVANCED ENCRYPTION SYSTEM Nabihah Ahmad Department of Electronic Engineering, Faculty of Electrical and Electronic Engineering, Universiti
More information