Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.

Published byGarey Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015."— Presentation transcript:

1 Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015

2 Module Outlines 2  Introduction to Side Channel Attacks  Simple Analysis Attacks.  Differential Analysis Attacks.  Types of Side Channel Attacks  Power Analysis Attacks Simple Power Analysis Attacks Differential Power Analysis Attacks.  Countermeasures  Summary

3 Introduction 3  Security Against Side Channel Attacks  Every computing device acts also as a source of additional information called side channel leak information  There are many side channel attacks in the literature Fault Data-dependent Power Consumed Operation dependent Data-and-operation dependent Execution time Data-and-operation dependent Magnetic field Operation dependent Data-and-operation dependent

4 4 Introduction (Contd.)  Side Channel Attack (SCA)  Simple: a single observation  Differential: several observations used together with statistical tools.

5 5 Examples of Side Channel Attacks  Time Attack  Power Analysis Attacks  Electromagnetic Radiations  Fault-Based (induced errors)  Processor-Flag (overflow or carry flag)  Hamming weight  Thermal Analysis

6 Simple Power Analysis Attacks 6  Security Against Side Channel Attacks (a) Power consumption trace of ECC scalar multiplication. (b) Power consumption trace of ECC point doubling operation.

7 Differential Power Analysis Attacks 7

8 Types of DPA Attacks 8  Refined Power Analysis (RPA) attacks:  Exploits a special point with zero-value such as (0, y) or (x, 0).  Zero-value Point Attack (ZPA):  A generalization of RPA where it exploits any zero- value auxiliary register.  Doubling Attack (DA):  Based on detecting when the same operation is performed on the same operands.

9 Types of DPA Attacks 9  Address-bit DPA (ABDPA):  Based on the idea that accessing the same location is correlated to the scalar bit value.  Projective Coordinates Leak (PCL):  Based on knowing the projective representation of a point obtained using a particular projective coordinate system.  More..

10 10 ECC Scalar Multiplication

11 11 SPA Countermeasures

12 12 DPA Countermeasures  Randomization of the of the private exponent:  Each execution of the algorithm  Select a random No. and multiply it by the total No. of EC points (point at infinity O).  Add the result to d to have d’  Compute new Q multiplying d’ by P

13 13 DPA Countermeasures (Contd.)  Blind the point P:  Add a secret random point R  S= dR  New Q will be computed by d( R + P )  Subtract S= dR to get dP

14 14 DPA Countermeasures (Contd.)  Blind the point P:  Add a secret random point R  S= dR  New Q will be computed by d( R + P )  Subtract S= dR to get dP

15 15 Countermeasures – Cont.  Randomized projective coordinates:  For new execution  or also after each point addition and doubling

16 PhD Thesis.. (2006) 16

17 Timing Attacks Paper (2006) 17

18 Power Analysis Attacks Paper (2008) 18

19 Survey Paper (2012) 19

20 Survey Paper (2012) 20

21 Another Survey Paper (2012) 21

22 Another Survey Paper (2012) 22

23 Buffer Paper.. (2013) 23

24 Patents 24  Turki F. Al-Somani, Method for Securing Scalar Multiplication aganist Simple Power Attacks, US 8,861,721 B2, 2014.  Turki F. Al-Somani, System and Method for Securing Scalar Multiplication aganist Differential Power Attacks US 8,804,952 B2, 2014.  Turki F. Al-Somani and M. K. Ibrahim, Method for Generic-Point Parallel Scalar Multiplication without Precomputations, US 8,755,517 B2, 2014.  Turki F. Al-Somani and Alaaeldin Amin, Method for elliptic curve scalar multiplication, U.S. 2012/0008780 A1, 2012.  Turki F. Al-Somani and Ayman Fayomi, Method for Efficient Postcomputation-Based Generic- Point Parallel Scalar Multiplication (submitted in Dec 2012).  Hilal Hussain and Turki F. Al-Somani, Method for Securing Elliptic Curve Cryptography against Simple Power Attacks. (submitted in Dec 2012).  Hilal Hussain and Turki F. Al-Somani, Method for Securing Elliptic Curve Cryptography against Differential Power Attacks (submitted in Dec 2012).  Turki F. Al-Somani, Method for Elliptic Curve Scalar Multiplication using Reference Points (submitted in May 2012).  Turki F. Al-Somani, Method for Method for Securing Scalar Multiplication agaanist Power Analysis Attacks using Reference Points (submitted in May 2012).

25 Summary 25  Resistance against DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far.  To protect against the doubling attack, the projective coordinates should be randomized or a random field isomorphism should be used, while to protect against RPA and ZVP attacks, the base point P or the scalar multiplier k should be randomized.  Hence, to protect against all these recent DPA attacks, randomizing the scalar multiplier and randomizing the projective coordinates, for instance, can be applied together.

26 THANKS & GOOD LUCK Dr. Turki F. Al-Somani 2015

Download ppt "Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015."

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.

Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.
1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.

1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Side-Channel Attack: timing attack Hiroki Morimoto.

Side-Channel Attack: timing attack Hiroki Morimoto.

Similar presentations

Ads by Google