Presentation is loading. Please wait.

Presentation is loading. Please wait.

On The Feasibility of Internal-Nodes Power Analysis

Published byOsborne Pitts Modified over 6 years ago

Similar presentations

Presentation on theme: "On The Feasibility of Internal-Nodes Power Analysis"β€” Presentation transcript:

1 On The Feasibility of Internal-Nodes Power Analysis
Reut Caspi & Moriah Stern Academic Advisor: Prof. Alexander Fish, Dr. Osnat Keren Advisor: Mr. Itamar Levi

2 Outline Motivation Background Project Objective Results
Further Research Conclusions Power analysis Small Scale Model Real Life Model

3 Motivation Cryptography is the science of transferring
Background Project Objective Results Further Research Conclusions plaintext Cryptographic module ciphertext Motivation Cryptography is the science of transferring information in a secure way. The effort needed to logically break the AES algorithm is the same as the brute-force attack ( 2 𝑛 ). Side channel information is any information that is not obtained from the communication interface, such as the power-supply current dissipation. By utilizing this information an attacker can find secret key very fast (and cheaply). secret key

4 Power Analysis Attacks Power Attack Procedure:
Motivation Background Project Objective Results Further Research Conclusions Power Analysis Attacks Power Attack Procedure: Create a hypothesis of the different currents according to different keys 𝐼 β„Žπ‘¦π‘π‘œπ‘‘β„Žπ‘’π‘ π‘–π‘  =π»π‘Šβˆ™π»π·

5 Power Attack Procedure:
Motivation Background Project Objective Results Further Research Conclusions Calculate the correlation between the hypothesis current of each key and the measured current. The hypothesis that yields the largest correlation is most likely of the correct key. Measurement Hypothesis SNR Χ’Χ‘Χ•Χ”: Χ–Χ” Χ”ΧžΧ€ΧͺΧ— Χ”Χ Χ›Χ•ΧŸ! Key ranking (SNR) 5

6 Objectives Objective: Parameters to examine:
Motivation Background Project Objective Results Further Research Conclusions Objectives Where most research is focused (known crypto architecture) What we are researching Objective: Finding ways to reduce the information that leaks from the combinational part. To explore if it is feasible to attack internal nodes? Under which parameters? Parameters to examine: Fan-out Symmetric / Asymmetric design Logic Structure Noise – Dependent / Independent

7 Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Small Scale Model A simple module was designed in order to illustrate specific physical-phenomena- related trends we believe exist. Additional circuitry was added to assure the attack is that of an inner node.

8 Fan-Out => 𝐸=πΉπ‘‚βˆ— 𝐢 𝑖𝑛𝑣 𝑉𝑑𝑑2
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Fan-Out Larger load capacitance -> energy increase The capacitance is simplified to be linear with the fan-out. 𝐸= 𝐢 π‘™π‘œπ‘Žπ‘‘ βˆ— 𝑉𝑑𝑑 2 πΆπ‘™π‘œπ‘Žπ‘‘ = πΉπ‘‚βˆ—πΆπ‘–π‘›π‘£ Increased PA sensitivity => 𝐸=πΉπ‘‚βˆ— 𝐢 𝑖𝑛𝑣 𝑉𝑑𝑑2

9 Asymmetry Symmetric design - delay balanced through all-paths.
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Asymmetry Symmetric design - delay balanced through all-paths. Asymmetric design - different delays on different paths. An attack succeeds when different computations leak information at the same time. As the asymmetry increases it is harder to capture such samples.

10 Asymmetry symmetric asymmetric Motivation Background Project Objective
Small Scale Further Research Conclusions Real Life Results Asymmetry symmetric asymmetric

11 Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Logical Structure The logical structure implies correlations between intermediate computations. Designs constructed with only AND or only OR based gates are highly sensitive. and or 50% and – 50% or

12 Current Components current we are interested in measuring
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Current Components current we are interested in measuring β€œundesired” components: independent of the data - easily filtered out when given enough statistics data dependent - cannot be completely filtered Data dependent current is very prominent when discussing inner nodes. Correctly designed it can enhance the immunity to PA attacks.

13 Current Components Data-dependent noise noisy ~50 gates no noise
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Current Components Data-dependent noise no noise noisy ~50 gates noisy ~200 gates

14 Attackability not attackable attackable Motivation Background
Project Objective Small Scale Further Research Conclusions Real Life Results Attackability not attackable attackable

15 Cost of Fan-Out 859 763 684 637 602 555 547 Area\Energy …
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Cost of Fan-Out Implementations were synthesized with Cadence Encounter RTL Design constraints were used to achieve the desired designs. Design FO2 FO3 FO4 FO5 FO6 FO7 FO8 Total No. of Nodes 859 763 684 637 602 555 547 Area\Energy …

16 Data dependent currents
Motivation Background Project Objective Small Scale Further Research Conclusions Real Life Results Data dependent currents distance from the output increases -> data-dependent β€œnoise” increases (more inner) -> vulnerability to PA attack increases

17 Motivation Background Project Objective Results Future Research Conclusions Future Research Inner nodes are likely to only be dependent on part of the input. Hypothesis functions must be created for sub-keys to remove unwanted noise. Example: 𝑓 π‘₯ 1 ,… π‘₯ 8 , π‘˜ 1 ,… π‘˜ 8 = π‘₯ 1 βŠ• π‘˜ 1 βˆ— π‘₯ 2 βŠ• π‘˜ 2 βˆ— π‘₯ 3 βŠ• π‘˜ 3 βˆ— π‘₯ 4 βŠ• π‘˜ 4

18 Conclusions YES! Is power analysis feasible in inner nodes? Sometimes…
Motivation Background Project Objective Results Future Research Conclusions Conclusions Is power analysis feasible in inner nodes? YES! Sometimes… What effects the feasibility / quality of an attack? fan-out asymmetry noise logic structure etc. What is the cost? enhanced security larger no. of gates larger area

19 Thank You!

Download ppt "On The Feasibility of Internal-Nodes Power Analysis"

Similar presentations

TOPIC : SYNTHESIS DESIGN FLOW Module 4.3 Verilog Synthesis.

TOPIC : SYNTHESIS DESIGN FLOW Module 4.3 Verilog Synthesis.
VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Software Connectors. Attach adapter to A Maintain multiple versions of A or B Make B multilingual Role and Challenge of Software Connectors Change A’s.

Software Connectors. Attach adapter to A Maintain multiple versions of A or B Make B multilingual Role and Challenge of Software Connectors Change A’s.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
Optimality Study of Logic Synthesis for LUT-Based FPGAs Jason Cong and Kirill Minkovich VLSI CAD Lab Computer Science Department University of California,

Optimality Study of Logic Synthesis for LUT-Based FPGAs Jason Cong and Kirill Minkovich VLSI CAD Lab Computer Science Department University of California,
1 A Method for Fast Delay/Area Estimation EE219b Semester Project Mike Sheets May 16, 2000.

1 A Method for Fast Delay/Area Estimation EE219b Semester Project Mike Sheets May 16, 2000.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptography Week-6.

Cryptography Week-6.
KAIS T A lightweight secure protocol for wireless sensor networks μœ€μ£Όλ²” 2007.12. 4 ELSEVIER Mar. 2006.

KAIS T A lightweight secure protocol for wireless sensor networks μœ€μ£Όλ²” ELSEVIER Mar
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Network Security Lecture 11 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 11 Presented by: Dr. Munam Ali Shah.
National Institute of Science & Technology Cryptology and Its Applications Akshat Mathur [1] Cryptology and Its Applications Presented By AKSHAT MATHUR.

National Institute of Science & Technology Cryptology and Its Applications Akshat Mathur [1] Cryptology and Its Applications Presented By AKSHAT MATHUR.
WEP Protocol Weaknesses and Vulnerabilities

WEP Protocol Weaknesses and Vulnerabilities

Similar presentations

Ads by Google