Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe,

Published byBeatrix Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe,"— Presentation transcript:

1 Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe, Angelo Ambrose, Aleks Ignjatovic, Sri Parameswaran

2 Representation of Money 600 AD – Paper drafts representing the value of coins in China Coins represented by the intrinsic value of the material Today – Money is represented by strings of 1s and 0s Adapted from Prof Yasuura’s talk 2008

3 School of Computer Science and Engineering AES Unprotected AES Circuit 3 Plaintext Key SubByte ShiftRows Mix Columns Add Round Key SubByte ShiftRows Add Round Key Ciphertext N-1 Plaintext 128 bits ; Key 128, 192 or 256 bits AES - 128 N=10 AES - 192N=12 AES - 256N=14

4 School of Computer Science and Engineering Power Analysis Attacks Often non-intrusive and invasive First proposed by Kocher in 1998 – Simple power analysis – Differential power analysis – Correlation power analysis – Mutual information analysis Many more ….. Power consumption Plaintext, Key, Ciphertext Plaintext, Key, Ciphertext

5 School of Computer Science and Engineering Simple Power Analysis Widely used against Asymmetric-key algorithms embedded.com RSA Implementation

6 School of Computer Science and Engineering Differential Power Analysis Attacks - DPA PtKeyPtkeyBinaryμWμW 3F003F0011111150 6E006E0110111034 0700060000011032 4800480100100027 2900290010100136 B300B31011001125 8300831000001120 M 0 = M 1 = 34 50 + + 32 36252020 27+ ++ Key 0255 |R| PtKeyPtkeyBinaryμWμW 3F013E1000111050 6E016F0110111134 0701060000011032 4801490100100127 2901280010100036 B301B21011001025 8301821000001020 PtKeyPtkeyBinaryμWμW 3F053A0011101050 6E05650110010134 0705070000011132 48054D0100110127 29052C0010110036 B305b61011011025 8305861000011020

7 School of Computer Science and Engineering PtKeyPtkeyHW(S(Ptkey))μWμW 3F003F550 6E006E634 070006432 480048327 290029436 B300B3525 830083520 PtKeyPtkeyHW(S(Ptkey))μWμW 3F013E450 6E016F334 070106632 480149527 290128336 B301B2525 830182320 PtKeyPtkeyHW(S(Ptkey))μWμW 3F053A150 6E0565434 070507432 48054D527 29052C436 B305b6525 830586620 Correlation Power Analysis Attacks - CPA

8 School of Computer Science and Engineering Attack on Standard AES Circuit

9 School of Computer Science and Engineering CPA can only detect linear dependencies Shannon's entropy is used to calculate the mutual information Often the key convergence rate falls behind the CPA Mutual Information Analysis Attacks 9 Hypothetical power consumption Observed power consumption Source: Wikipedia

10 School of Computer Science and Engineering Logic 1Logic 2 Yokohama 06 Basics of Algorithmic Balancing 0 1 1 0 CMOSWDDL by Tiri 07 AES

11 School of Computer Science and Engineering Balancing : MUTE AES Proposed by Ambrose for a processor based environment

12 School of Computer Science and Engineering Back to AES Circuit Assume:

13 School of Computer Science and Engineering State 2 2 Way Balancing State 1

14 School of Computer Science and Engineering 4-way or Quadruple Balancing State 1 State 2 Can prove the same for timing

15 School of Computer Science and Engineering QuadSeal-4

16 School of Computer Science and Engineering QuadSeal-uni 512 bits 8 bits 32 bits

17 School of Computer Science and Engineering Attack on QuadSeal Visible Key bytes

18 School of Computer Science and Engineering Process Variation Path imbalances Aging effects. Process Variation Inter-dieIntra-die 18

19 School of Computer Science and Engineering …,L6,L5,L4,L3,L2,L1.,L6,L5,L4,L3, L2,L1 19 P1, P2, P3, P4, P5, P6, …..

20 School of Computer Science and Engineering QuadSeal Against Process Variation Each core (Din, Kin), (Din, Kin), (Din,Kin) and (Din,Kin) 24 inputs combinations 63-bit LFSR repetition time of (2 63 -1) Running at 50 MHz, (5, 849 years more precise) 20 Enable Signal

21 School of Computer Science and Engineering 21

22 School of Computer Science and Engineering CPA attacks

23 School of Computer Science and Engineering How Efficient is the swapping? 23

24 School of Computer Science and Engineering CPA attacks

25 School of Computer Science and Engineering Software Implementation of QuadSeal Microblaze is a 32 bit soft processor by Xilinx 32 bit input 32 bit output; 2 32 entries (4 GB) But only 256 entries will be used Composite SubByte table as a Hardware IP Pre-clear ? –After each table lookup, data lines are refreshed by loading 00000…0 (32’h0) Throughput X/4 25 Microblaze Control FPGA SASEBO GII Virtex V PC

26 School of Computer Science and Engineering Devices we target and attacks we prevent! DEVICES – ASIC – FPGA – Software on 32-bit Processors – Extensible Processors ATTACKS WE PREVENT – Differential Power Analysis Attacks (DPA) – Correlation Power Analysis (CPA) – Mutual Analysis Attacks

27 School of Computer Science and Engineering An Example Attack Setup

28 School of Computer Science and Engineering Thank you!

Download ppt "Click to edit Present’s Name Three Attacks, Many Process Variations and One Expansive Countermeasure International Workshop on Cybersecurity Darshana Jayasinghe,"

Similar presentations

Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
White-Box Cryptography

White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Computes the partial dot products for only the diagonal and upper triangle of the input matrix. The vector computed by this architecture is added to the.

Computes the partial dot products for only the diagonal and upper triangle of the input matrix. The vector computed by this architecture is added to the.
Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.
Advanced Encryption Standard

Advanced Encryption Standard
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Performance Analysis of Processor Characterization Presentation Performed by : Winter 2005 Alexei Iolin Alexander Faingersh 307724211 Instructor: 306966912.

Performance Analysis of Processor Characterization Presentation Performed by : Winter 2005 Alexei Iolin Alexander Faingersh Instructor:

Similar presentations

Ads by Google