Advanced Information Security 6 Side Channel Attacks

Slides:

Advertisements

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Advertisements

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

Advanced Information Security 4 Field Arithmetic

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Embedded Systems Laboratory Informatics Institute Federal University of Rio Grande do Sul Porto Alegre – RS – Brazil SRC TechCon 2005 Portland, Oregon,

Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Side-Channel Attack: timing attack Hiroki Morimoto.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

Simple Data Type Representation and conversion of numbers

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

Issues of Security with the Oswald-Aigner Exponentiation Algorithm Colin D Walter Comodo Research Lab, Bradford, UK Colin D Walter.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Smart card security Nora Dabbous Security Technologies Department.

Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.

Projekt „ESSNBS“ Niš, November 4 th – 7 th, DAAD Design and Simulation of Multiplexer Cell Resistant to Side Channel Attacks.

Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.

Possible Testing Solutions and Associated Costs

Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep.

Enhanced Doublng Attacks on Signed-All-Bits Set Recoding 1 Graduate School of Information Management and Security, Korea University, Korea

Some Security Aspects of the Randomized Exponentiation Algorithm (Bradford, UK) Colin D. Walter M IST.

DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.

Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential.

A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University.

Design of a Reversible Binary Coded Decimal Adder by Using Reversible 4-bit Parallel Adder Babu, H. M. H. Chowdhury, A.R, “Design of a reversible binary.

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.

DIGITAL SIGNAL PROCESSORS. Von Neumann Architecture Computers to be programmed by codes residing in memory. Single Memory to store data and program.

Future Cryptography: Standards Are Not Enough Tomáš Rosa Decros-ICZ, CTU FEE

KEYNOTE OF THE FUTURE 2: EMMA McLARNON CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.

WISA 2007 Jeju Island, Korea, 27th – 29th Aug 2007 Longer Randomly Blinded RSA Keys may be Weaker than Shorter Ones Colin D. Walter

Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.

Security of Using Special Integers in Elliptic Scalar Multiplication Mun-Kyu Lee o Jin Wook Kim Kunsoo Park School of CSE, Seoul National University.

Computer Architecture Lecture 11 Arithmetic Ralph Grishman Oct NYU.

In The Name of Allah Fault attacks on ECC

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Advanced Information Security 3 PROJECTIVE COORDINATES Dr. Turki F. Al-Somani 2015.

Efficient Montgomery Modular Multiplication Algorithm Using Complement and Partition Techniques Speaker: Te-Jen Chang.

A PRESENTATION ON VIRTUAL MEMORY (PAGING) Submitted to Submitted by Prof. Dr. Ashwani kumar Ritesh verma Dept. Of Physics Mtech (Instrumentation) Roll.

Simple Power Analysis of

Overview on Hardware Security

Network Security Design Fundamentals Lecture-13

Advanced Information Security 5 ECC Cryptography

D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

Elliptic Curves.

Survey of Crypto CoProcessor Design

Efficient CRT-Based RSA Cryptosystems

Elliptic Curve Cryptography (ECC)

Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.

High-Level Synthesis for Side-Channel Defense

Elliptic Curve Cryptography (ECC)

Chapter 4 計算機算數.

Cryptology Design Fundamentals

An Improved and Efficient Countermeasure against Power Analysis Attacks ChangKyun Kim1, JaeCheol Ha2, SangJae Moon3, Sung-Ming Yen4, Wei-Chih Lien4,

Network Security Design Fundamentals Lecture-13

Presentation transcript:

Advanced Information Security 6 Side Channel Attacks Dr. Turki F. Al-Somani 2017

Module Outlines Introduction to Side Channel Attacks Simple Analysis Attacks. Differential Analysis Attacks. Types of Side Channel Attacks Power Analysis Attacks Simple Power Analysis Attacks Differential Power Analysis Attacks. Countermeasures Summary

Introduction Security Against Side Channel Attacks Magnetic field Operation dependent Data-and-operation dependent Fault Data-dependent Power Consumed Operation dependent Data-and-operation dependent Execution time Data-and-operation dependent Every computing device acts also as a source of additional information called side channel leak information There are many side channel attacks in the literature

Introduction (Contd.) Side Channel Attack (SCA) Simple: a single observation Differential: several observations used together with statistical tools.

Examples of Side Channel Attacks Time Attack Power Analysis Attacks Electromagnetic Radiations Fault-Based (induced errors) Processor-Flag (overflow or carry flag) Hamming weight Thermal Analysis

Simple Power Analysis Attacks Security Against Side Channel Attacks (a) Power consumption trace of ECC scalar multiplication. (b) Power consumption trace of ECC point doubling operation.

Differential Power Analysis Attacks

Types of DPA Attacks Refined Power Analysis (RPA) attacks: Exploits a special point with zero-value such as (0, y) or (x, 0). Zero-value Point Attack (ZPA): A generalization of RPA where it exploits any zero- value auxiliary register. Doubling Attack (DA): Based on detecting when the same operation is performed on the same operands.

Types of DPA Attacks Address-bit DPA (ABDPA): Based on the idea that accessing the same location is correlated to the scalar bit value. Projective Coordinates Leak (PCL): Based on knowing the projective representation of a point obtained using a particular projective coordinate system. More ..

ECC Scalar Multiplication

SPA Countermeasures

DPA Countermeasures Randomization of the of the private exponent: Each execution of the algorithm Select a random No. and multiply it by the total No. of EC points (point at infinity O). Add the result to d to have d’ Compute new Q multiplying d’ by P

DPA Countermeasures (Contd.) Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

DPA Countermeasures (Contd.) Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

Countermeasures – Cont. Randomized projective coordinates: For new execution or also after each point addition and doubling

PhD Thesis .. (2006)

Timing Attacks Paper (2006)

Power Analysis Attacks Paper (2008)

Survey Paper (2012)

Survey Paper (2012)

Another Survey Paper (2012)

Another Survey Paper (2012)

Buffer Paper .. (2013)

Patents Patents: Patent Applications: Hilal Hussain and Turki F. Al-Somani, Method for Efficiently Protecting Elliptic Curve Cryptography against Simple Power Attacks, U.S. 9,565,017 B2, 2017. Turki F. Al-Somani and Hilal Hussain, Method and apparatus for scalar multiplication secure against differential power attacks, US 9,419,789 B2, 2016. Turki F. Al-Somani, System and Method for Securing Scalar Multiplication against Simple Power Attacks, US 8,861,721 B2, 2014. Turki F. Al-Somani, System and Method for Securing Scalar Multiplication aganist Differential Power Attacks US 8,804,952 B2, 2014. Patent Applications: Turki F. Al-Somani and Hilal Hussain, Method and Apparatus For Scalar Multiplication Secure against Differential Power Attacks, U.S. Patent Application No. 20160072622, 2016. Turki F. Al-Somani, Method for Securing Scalar Multiplication against Power Analysis Attacks using Reference Points, U.S. Application No. 20150381364, 2015.

KACST Project .. UQU’s SCA Kit 2017

Summary Resistance against DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far. To protect against the doubling attack, the projective coordinates should be randomized or a random field isomorphism should be used, while to protect against RPA and ZVP attacks, the base point P or the scalar multiplier k should be randomized. Hence, to protect against all these recent DPA attacks, randomizing the scalar multiplier and randomizing the projective coordinates, for instance, can be applied together.

Thanks & Good Luck Dr. Turki F. Al-Somani 2017