Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms Sarani Bhattacharya and Debdeep Mukhopadhyay Dept. of Computer Science and.

Slides:

Advertisements

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Advertisements

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.

Public Key Encryption Algorithm

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

7. Asymmetric encryption-

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Attacks on Digital Signature Algorithm: RSA

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Public Key Cryptography

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.

Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Side-Channel Attack: timing attack Hiroki Morimoto.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

“RSA”. RSA  by Rivest, Shamir & Adleman of MIT in 1977  best known & widely used public-key scheme  RSA is a block cipher, plain & cipher text are.

Introduction to Public Key Cryptography

Public Key Model 8. Cryptography part 2.

 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.

8. Data Integrity Techniques

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

A Cryptography Education Tool Anna Yu Department of Computer Science College of Engineering North Carolina A&T State University June 18, 2009.

Application of Elliptic Curves to Cryptography

Template attacks Suresh Chari, Josyula R. Rao, Pankaj Rohatgi IBM Research.

RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.

RSA Ramki Thurimella.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.

Improving Encryption Algorithms Betty Huang Computer Systems Lab

Cryptography Lecture 7: RSA Primality Testing Piotr Faliszewski.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

By Yernar.  Background  Key generation  Encryption  Decryption  Preset Bits  Example.

Public-Key Encryption

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

1 Number Theory and Advanced Cryptography 5. Cryptanalysis of RSA Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.

Cryptography and Network Security Chapter 9 - Public-Key Cryptography

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.

Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep.

24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,

Cryptography and Network Security Public Key Cryptography and RSA.

Network Security Lecture 18 Presented by: Dr. Munam Ali Shah.

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.

Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.

Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.

DIGITAL SIGNATURE IMPLEMENTATION

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Data encryption with big prime numbers DANIEL FREEMAN, SLU.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Lecture 6. RSA Use in Encryption to encrypt a message M the sender: – obtains public key of recipient PU={e,n} – computes: C = M e mod n, where 0≤M

Copyright © Zeph Grunschlag, RSA Encryption Zeph Grunschlag.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Cryptography By: Nick Belhumeur. Overview What is Cryptography? What is Cryptography? 2 types of cryptosystems 2 types of cryptosystems Example of Encryption.

Public Key Cryptosystems - RSA

Presentation transcript:

Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms Sarani Bhattacharya and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology, Kharagpur, India 10 March 2015

Public-Key Cryptography

RSA Encryption & Decryption 3 Plaintext: M C = M e mod (n=pq) Ciphertext: C C d mod n From n, difficult to figure out p,q From (n,e), difficult to figure d. From (n,e) and C, difficult to figure out M s.t. C = M e

Popular variants of Modular Exponentiation Algorithm

SPA and Timing Side Channel Resistant Algorithm for Modular Exponentiation

Primitive Algorithm for Performing Multiplication and Squaring

Modelling Branch Miss as Side- Channel from HPC Profiling of HPCs are done using performance monitoring tools and considered as side-channel. Provides simple user interface to different hardware event counts. Branch misses rely on the ability of the branch predictor to correctly predict future branches to be taken.

Strong Correlation between two-bit predictor and system predictor $ perf stat -e branch-misses executable-name Direct correlation is observed for the branch misses from HPCs and from the simulated 2-bit dynamic predictor over a sample of exponent bitstream. This confirms assumption of 2-bit dynamic predictor being an approximation to the underlying system branch predictor.

Threat model of the Attack

Offline Phase of Attack

Separation of Random Inputs

Online Phase Branch misses from HPCs are monitored for execution of cipher over the entire secret key on each ciphertext for 4 separate sets. The probable next bit is decided as:

Experimental Validation

Comparison with Timing Side- channel

Variation in separation with increase of Ciphertexts

Variation in separation with increase in number of Iterations

RSA-OAEP Randomized Padding Scheme

Decryption in RSA-OAEP

Separation for RSA-OAEP scheme

Thank you.