Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rump Session, CHES 2004August 12, 2004 How to Securely Implement Cryptosystems Against Side-Channel Attacks on General Purpose Cryptographic Hardware Filipe.

Published bySharlene Arline Jackson Modified over 9 years ago

Similar presentations

Presentation on theme: "Rump Session, CHES 2004August 12, 2004 How to Securely Implement Cryptosystems Against Side-Channel Attacks on General Purpose Cryptographic Hardware Filipe."— Presentation transcript:

1 Rump Session, CHES 2004August 12, 2004 How to Securely Implement Cryptosystems Against Side-Channel Attacks on General Purpose Cryptographic Hardware Filipe Rosado da-Fonseca frdafonseca@mind-security.com Portugal

2 Rump Session, CHES 2004August 12, 2004 Common Implementation 1.The cryptosystem to implement is selected. 2.The cryptosystem is implemented by use of the functions made available by the cryptographic hardware's APIs.

3 Rump Session, CHES 2004August 12, 2004 Cryptographic Hardware's APIs 1.Non-cryptographic Functions (xor, and, or, not,...): protected against simple side-channel attacks. 2.Cryptographic Primitives (RSA, AES, SHA-1,...): protected against both simple and differential side-channel attacks.

4 Rump Session, CHES 2004August 12, 2004 Example: CBC-MAC T K (M) { if ((|M|=0)  ((|M| mod 128)≠0)) then return error; n_m:=|M|/128; for(j:=1; j≤n_m; j++) m j :=M[(j-1)*128...j*128-1]; y 0 := > 128 ; for(i:=1; i≤n_m; i++) { x1 i :=xor(m i, y i-1 ); y i :=AES K (x1 i ); } tag:=y n_m ; return tag; }

5 Rump Session, CHES 2004August 12, 2004 Secure Implementation 1.The cryptosystem to implement is selected. 2.The cryptosystem is tested for leakages. If leakages are found, then one goes back to step 1. Otherwise, one goes to step 3. 3.The cryptosystem is implemented by use of the functions made available by the cryptographic hardware's APIs.

6 Rump Session, CHES 2004August 12, 2004 Questions and Further Information Annotated Slides: http://mind-security.com/papers/1 SCA1 Model: http://mind-security.com/papers/3 Email: frdafonseca@mind-security.com

Download ppt "Rump Session, CHES 2004August 12, 2004 How to Securely Implement Cryptosystems Against Side-Channel Attacks on General Purpose Cryptographic Hardware Filipe."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
SHA-1 collision found Lukáš Miňo, Richard Bartuš.

SHA-1 collision found Lukáš Miňo, Richard Bartuš.
RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small.

RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information.

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
Iron Key and Portable Drive Security Zakary Littlefield.

Iron Key and Portable Drive Security Zakary Littlefield.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
©1999 by J. D. Tygar Endeavour Overview 1 Endeavour Security and assurance Doug Tygar UC Berkeley 25 May 1999.

©1999 by J. D. Tygar Endeavour Overview 1 Endeavour Security and assurance Doug Tygar UC Berkeley 25 May 1999.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan 2006. 10. 11. Ph.D. Jin Kwak Kyushu University, JAPAN

R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.

Dan Boneh Public Key Encryption from trapdoor permutations RSA in practice Online Cryptography Course Dan Boneh.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Database Key Management CSCI 5857: Encoding and Encryption.

Database Key Management CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google