Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential.

Slides:

Advertisements

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Advertisements

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format

Statistical Tools Flavor Side-Channel Collision Attacks

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK

October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.

White-Box Cryptography

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.

N-Secure Fingerprinting for Copyright Protection of Multimedia

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.

Fault Tolerant Infective Countermeasure for AES

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

H.M.Gamaarachchi (E/10/102) P.B.H.B.B.Ganegoda (E/10/104)

The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.

Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.

Cryptography Team Presentation 2

Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.

Possible Testing Solutions and Associated Costs

Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep.

Enhanced Doublng Attacks on Signed-All-Bits Set Recoding 1 Graduate School of Information Management and Security, Korea University, Korea

© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo.

Some Security Aspects of the Randomized Exponentiation Algorithm (Bradford, UK) Colin D. Walter M IST.

DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.

Sliding Windows Succumbs to Big Mac Attack Colin D. Walter

A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University.

An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk.

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter formerly: (Manchester, UK)

Linear Cryptanalysis of DES

Secure Unlocking of Mobile Touch Screen Devices by Simple Gestures – You can see it but you can not do it Muhammad Shahzad, Alex X. Liu Michigan State.

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter (Manchester, UK)

Power Analysis Attack on the Masking Type Conversion Algorithm Using Exponentiation Young In Cho', Dong-GukHan g, Seokhie Hong', Young-Ho Park a 'LIST.

New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper.

1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.

WISA 2007 Jeju Island, Korea, 27th – 29th Aug 2007 Longer Randomly Blinded RSA Keys may be Weaker than Shorter Ones Colin D. Walter

CS548_ ADVANCED INFORMATION SECURITY Jong Heon, Park / Hyun Woo, Cho Paper Presentation #1 Improved version of LC in attacking DES.

Linear Cryptanalysis of DES M. Matsui. 1.Linear Cryptanalysis Method for DES Cipher. EUROCRYPT 93, 1994.Linear Cryptanalysis Method for DES Cipher 2.The.

In The Name of Allah Fault attacks on ECC

Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe,

Yossi Oren, yos strudel bgu.ac.il, yossioren System Security Engineering course, Dec

PV204 Security technologies

Advanced Information Security 6 Side Channel Attacks

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

Ali Galip Bayrak EPFL, Switzerland June 7th, 2011

Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian

The Effectiveness of Instruction Set Randomization

Distinguishing Exponent Digits by Observing Modular Subtractions

Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.

Protect Your Hardware from Hacking and Theft

Cryptographic Timing Attacks

Presentation Outline Introduction to Side Channel Attacks

Presentation transcript:

Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA Fujitsu Laboratories LTD.

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Contents What is DPA(Differential Power Analysis)? Data-bit DPA and Address-bit DPA Our Address-bit DPA Attack against OK- Schemes(OKS) SE-attack ZE-attack Our Experimental Result Countermeasures

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) What is DPA? (Kocher, CRYPTO’99) Analyze a secret key stored in the cryptographic device by monitoring its power consumption. スマートカード秘密情報 Make a differential t V t V  Smartcard Secret key K Plaintext P i (i=1,2,...,N) Analyze Secret key K Monitor a power consumption

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Differential Data-bit DPA (Kocher, Crypto’99) V t m i (i=1,2,3,....) k(secret key)  S[x] S[m 1  k’]=0001 attacker guesses k’=k, then makes the differential for output value of Sbox V t Schema (DES) k’=k k’  k S[m 4  k’]=0111 S[m 999  k’]= S[m 2  k’]=0000 S[m 3  k’]=0110 S[m 1000  k’]= LSB=1 LSB=0 S[m i  k]

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Differential Address-bit DPA (Messerges, USENIX’99) V t &S[0]+m 1  k’= V t Schema (DES) k’=k k’  k &S[0]+m 3  k’= &S[0]+m 999  k’= LSB=1LSB=0 &S[0]+m 2  k’= &S[0]+m 4  k’= &S[0]+m 1000  k’= m i (i=1,2,3,....) k(secret key)  S[x] attacker guesses k’=k, then makes the differential for address value of Sbox &S[0]+m i  k(address value)

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Masking Method on DES (Messerges, FSE 2000) m i (i=1,2,3,...) k(secret key)  S[x  r in ]  r out Data are blinded by the random number Countermeasure against DPA  r in (random) m 1 m 2 m ****.... ****.... ****.... DPA attack is prevented

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Data-bit DPA: Address-bit DPA: Data-bit DPA: Address-bit DPA: Data-bit DPA vs Address-bit DPA in attacking DES address data Normal ******** address ******** data Masking Method Sbox data S[x] ******** Sbox data S’[x]=S[x  r in ]  r out Address-bit DPA is not more effective than data-bit DPA

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) OKS (OK-ECDH/OK-ECDSA) Cryptographic Schemes OKS Proposed by HITACHI Candidates of the CRYPTREC project in Japan Elliptic curve based schemes on Montgomery-form curves Recommended Technology Montgomery ladder Randomized Projective Coordinate (RPC)

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(1) Developer’s claim : Add-and-double-always chain  Simple Power Analysis (SPA) protection Data are randomized by RPC  DPA protection “Secure against side channel attacks”

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(2) data When d i =0 When d i =1 Data are randomized by RPC ******** Q[0] Q[1] Q[2] ******** data ******** Q[0] Q[1] Q[2] ********

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(2) data When d i =0 When d i =1 Data are randomized by RPC... but addresses are still correlated to the key bit d i ! ******** Q[0] Q[1] Q[2] ******** data ******** Q[0] Q[1] Q[2] ******** ECDBL copy

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Basic Idea of Our Attack Analyze the correlation between address value and key bit d i Address-bit DPA is effective! ******** addressdata read when d i =0 Data-bit DPA: Address-bit DPA: ******** Q[0] Q[1] Q[2] read when d i =1

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[2] = ECDBL(Q[d A ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d A ], Q[1] = Q[1+d A ] Our Attack against OKS Scalar Multiplication Q[2] = ECDBL(Q[d B ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d B ], Q[1] = Q[1+d B ] Differential Basic strategy If d A = d B If d A  d B V t V t

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Fundamental Experiment Validity of the attack Average of loading 500 random data st [addr A], (random data).... ld A, [addr A].... st [addr B], (random data).... ld A, [addr B].... Differential Same address (A = B) Different address (A  B)

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Our attack Single-Exponent attack (SE-attack) Attacker has an averaged power trace for a known exponent, and collects that for an unknown exponent Zero-Exponent attack (ZE-attack) Attacker collects an averaged power trace for an unknown exponent Power trace should be segmented by each key bit operation

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Known: Unknown: Differential d k [i]d k [i-1]d k [i-2]d k [i-3]d k [i-4] d u [i]d u [i-1]d u [i-2]d u [i-3]d u [i-4] d u = Attack (1): SE-attack Schema Using an difference between a averaged power trace with known exponent and that with unknown exponent ?????

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Experimental Result of SE-attack We know d k =1111 …  We obtain d u = 1010… d k : known exponent, d u : unknown exponent

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Unknown: Differential d u [i]d u [i-1]d u [i-2]d u [i-3]d u [i-4] d u [i]  d u [i-1]   d u [i]  d u [i-2] Attack (2): ZE-attack Schema Dividing an averaged power trace with unknown exponent at each processing of d u [i], and using a difference the divided traces. ????? d U = d u [i]  d u [i-3] : d u [i]  d u [i-4] :

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Experimental Result of ZE-attack du[n] du[n1]du[n] du[n1] d u [n]=d u [n  2] du[n] du[n3]du[n] du[n3] We obtain d u =

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Swap(&Q[0], &Q[2  d i ]), Swap(&Q[1], &Q[1+d i ]) } for i = n-2 downto 0 { Q[1  d i ] = ECADD(Q[0], Q[1]) Q[d i ] = ECDBL(Q[d i ]) } Other Implementation Address Swapping  Enable (See our paper) Two Variables  Easier (More spikes will appear)

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Countermeasures Countermeasures against Proposed Attack Randomized Scalar Scalar Blinding, Coron (CHES’99) Scalar Splitting, Clavier-Joye (CHES’01) Overlapping Window, Itoh et al. (CHES’02) d w0w0 w1w1 w2w

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Conclusion We proposed new address-bit DPA, and attacked against OKS We proved the validity of our attacks with experimental results OKS is not secure against address-bit DPA For securing against DPA, not only data value, but also data access procedure must be irrelevant to secret key value

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002)

All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Questions & Comments