a formal study of power variability issues and side
play

A Formal Study of Power Variability Issues and Side-Channel Attacks - PowerPoint PPT Presentation

Dec 03, 2022 •257 likes •579 views

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011

  1. A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran¸ cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011 1 Microelectronics Laboratory

  2. Outline Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion UCL Crypto Group Cryptopuces - May 2011 2 Microelectronics Laboratory

  3. Outline Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion UCL Crypto Group Cryptopuces - May 2011 3 Microelectronics Laboratory

  4. Electronic devices are everywhere... And may contain sensitive data. RFID tags Sensor networks Smartcards UCL Crypto Group Cryptopuces - May 2011 4 Microelectronics Laboratory

  5. Introduction K Adversary Cryptographic P C algorithm Classical cryptanalysis UCL Crypto Group Cryptopuces - May 2011 5 Microelectronics Laboratory

  6. Introduction K Adversary Cryptographic P C algorithm Implementation Physical leakage Side-Channel cryptanalysis UCL Crypto Group Cryptopuces - May 2011 5 Microelectronics Laboratory

  7. Block ciphers UCL Crypto Group Cryptopuces - May 2011 6 Microelectronics Laboratory

  8. Example of attacks Numerous side-channel attacks. ◮ Non-profiled attacks: DPA, CPA, ... ◮ Profiled attacks: template attacks, stochastic models, ... Divide-and-conquer strategy. L k ⊕ y x P S UCL Crypto Group Cryptopuces - May 2011 7 Microelectronics Laboratory

  9. Example of attack : template attack Univariate template attack. 1. Profiling phase. ◮ Measurements on a training device. The attacker determines the plaintexts and keys. ◮ Assumption: Gaussian noise. ◮ Building templates N ( l | ˆ σ 2 µ x , ˆ x ) (= pdf). ˆ σ x ˆ µ x UCL Crypto Group Cryptopuces - May 2011 8 Microelectronics Laboratory

  10. Example of attack : template attack 2. Attack phase. ◮ Measurements on the target device ⇒ { p i , l i } . ◮ Compute Pr[ k ∗ | l , p ] ∀ k ∗ . l 1 l 2 ◮ Choose ˜ k such that ˜ Pr[ k ∗ | l , p ]. k = arg max k ∗ UCL Crypto Group Cryptopuces - May 2011 9 Microelectronics Laboratory

  11. Outline Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion UCL Crypto Group Cryptopuces - May 2011 10 Microelectronics Laboratory

  12. Motivation General trend in electronics: scaling down the circuit size. ◮ Logic styles are more difficult to balance ◮ Non-linearity increases ◮ Variability UCL Crypto Group Cryptopuces - May 2011 11 Microelectronics Laboratory

  13. Motivation Classical assumption: Chip production unit UCL Crypto Group Cryptopuces - May 2011 12 Microelectronics Laboratory

  14. Motivation Classical assumption: User Chip production Attack! unit Adversary UCL Crypto Group Cryptopuces - May 2011 12 Microelectronics Laboratory

  15. Motivation With variability: User Chip production ??? unit Adversary UCL Crypto Group Cryptopuces - May 2011 12 Microelectronics Laboratory

  16. Background: framework How do we fairly evaluate the security of an implementation? Example: Adversary A breaks implementation I 1 in 10 power traces and breaks implementation I 2 in 10.000 power traces. Is I 2 1000 times more secure than I 1 , or is A not adapted to break I 2 ? UCL Crypto Group Cryptopuces - May 2011 13 Microelectronics Laboratory

  17. Background: framework F.-X. Standaert, T.G. Malkin and M. Yung presented A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks at Eurocrypt 2009. Concept: separating the evaluation of the implementation from the evaluation of the adversary. ◮ Implementation → information theoretic metric (MI). ◮ Adversary → security metric (succes rate according to the number of traces). UCL Crypto Group Cryptopuces - May 2011 14 Microelectronics Laboratory

  18. Background: framework Information theoretic metric MI( X ; L ): how much the uncertainty on X is reduced by knowing L . MI( X ; L ) = H[ X ] − H[ X | L ] � � = H[ X ] − Pr[ l ] Pr[ x | l ] log 2 Pr[ x | l ] l ∈L x ∈X � � = H[ X ] − Pr[ l ]Pr[ x | l ] log 2 Pr[ x | l ] l ∈L x ∈X Bayes: Pr[ x | l ]Pr[ l ] = Pr[ l | x ]Pr[ x ] � � = H[ X ] − Pr[ x ]Pr[ l | x ] log 2 Pr[ x | l ] l ∈L x ∈X � � = H[ X ] − Pr[ x ] Pr[ l | x ] log 2 Pr[ x | l ] x ∈X l ∈L UCL Crypto Group Cryptopuces - May 2011 15 Microelectronics Laboratory

  19. Perceived information � � Pr chip [ l | x ] log 2 ˆ MI( X ; L ) = H[ X ] − Pr model [ x | l ] Pr[ x ] x ∈X l ∈L Interpretation: ◮ Pr chip [ l | x ] are the pdf from the actual chip. ˆ Pr model [ x | l ] are the estimated pdf from the adversary’s ◮ model. Are those pdf the same? UCL Crypto Group Cryptopuces - May 2011 16 Microelectronics Laboratory

  20. Perceived information - AES Sbox in 65 nm Perfect profiling phase ˆ Pr model = Pr chip l ∈L Pr chip [ l | x ] log 2 ˆ MI( X ; L ) = H[ X ] − � x ∈X Pr[ x ] � Pr model [ x | l ] Mutual information = IT metric. UCL Crypto Group Cryptopuces - May 2011 17 Microelectronics Laboratory

  21. Perceived information - AES Sbox in 65 nm Bounded profiling phase Variability Simpler model ˆ Pr model = Pr chip l ∈L Pr chip [ l | x ] log 2 ˆ MI( X ; L ) = H[ X ] − � x ∈X Pr[ x ] � Pr model [ x | l ] PI Perceived information = informal measure. UCL Crypto Group Cryptopuces - May 2011 17 Microelectronics Laboratory

  22. Templates in presence of variability In 65nm: impossible to produce 2 exactly identical chips. → profiling on a different chip. σ chip 2 , x σ chip 1 , x µ chip 2 , x µ chip 1 , x UCL Crypto Group Cryptopuces - May 2011 18 Microelectronics Laboratory

  23. Templates in presence of variability In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. σ chip 1 , x µ chip 2 , x µ chip 1 , x µ chip 4 , x µ chip 3 , x µ chip 5 , x UCL Crypto Group Cryptopuces - May 2011 18 Microelectronics Laboratory

  24. Templates in presence of variability In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. ˆ σ model , x ˆ µ model , x UCL Crypto Group Cryptopuces - May 2011 18 Microelectronics Laboratory

  25. Templates in presence of variability In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. � σ 2 σ 2 ˆ model , x + ˆ noise , x ˆ µ model , x UCL Crypto Group Cryptopuces - May 2011 18 Microelectronics Laboratory

  26. Results Perceived information UCL Crypto Group Cryptopuces - May 2011 19 Microelectronics Laboratory

  27. Results Data complexity UCL Crypto Group Cryptopuces - May 2011 20 Microelectronics Laboratory

  28. Model soundness Model soundness: the asymptotic success rate of a Bayesian adversary exploiting it in order to recover a target value is 1. Here: target value = transition. ˆ � Pr chip [ l | s ] log 2 ˆ ˆ Pr model [ s ∗ | l ] , = − H s , s ∗ l ∈L ˆ ˆ ˆ  h 1 , 1 h 1 , 2 h 1 , |S|  ... ˆ ˆ ˆ h 2 , 2 h 2 , 2 h 2 , |S| ...   =  ,   ... ... ... ...  ˆ ˆ ˆ h |S| , 1 h |S| , 2 h |S| , |S| ... UCL Crypto Group Cryptopuces - May 2011 21 Microelectronics Laboratory

  29. Model soundness UCL Crypto Group Cryptopuces - May 2011 22 Microelectronics Laboratory

  30. Results Success rate for non-profiled attacks UCL Crypto Group Cryptopuces - May 2011 23 Microelectronics Laboratory

  31. Outline Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion UCL Crypto Group Cryptopuces - May 2011 24 Microelectronics Laboratory

  32. Conclusions ◮ Important to take variability into account. ◮ Perceived information is a useful informal metric when the adversary is not optimal. ◮ HW leakage model is not always relevant. UCL Crypto Group Cryptopuces - May 2011 25 Microelectronics Laboratory

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Issues in Managing Variability of Medical Imaging ACHER Mathieu, COLLET Philippe, LAHIRE

Issues in Managing Variability of Medical Imaging ACHER Mathieu, COLLET Philippe, LAHIRE

Issues in Managing Variability of Medical Imaging ACHER Mathieu, COLLET Philippe, LAHIRE Philippe MICCAI Grid New York, September 2008 Functional QoS description Variability QoS computation Capturing commonality and variability ...

559 views • 42 slides
Role of Power Electronics in Wind Integration and Reliability Issues Wind Integration

Role of Power Electronics in Wind Integration and Reliability Issues Wind Integration

Role of Power Electronics in Wind Integration and Reliability Issues Wind Integration Challenges: Variability Uncertainty Asynchronism Solutions: Demand Response Energy Storage Improved Wind Forecasting

529 views • 20 slides
Software variability management Xavier Devroey <x.d.m.devroey@tudelft.nl> Office 4.W.740

Software variability management Xavier Devroey <x.d.m.devroey@tudelft.nl> Office 4.W.740

Software variability management Xavier Devroey <x.d.m.devroey@tudelft.nl> Office 4.W.740 (4th floor, West side, VMB building 28) Introduction Variability in hardware Variability in platforms Operating System: Database Management System:

853 views • 72 slides
DTT: a Divertor Tokamak Test facility for the study of the power exhaust issues in view of DEMO

DTT: a Divertor Tokamak Test facility for the study of the power exhaust issues in view of DEMO

DTT: a Divertor Tokamak Test facility for the study of the power exhaust issues in view of DEMO R. Albanese, ENEA-CREATE (Italy) on behalf of the WPDTT2 Team & the DTT report contributors (work carried out in tight cooperation with

327 views • 30 slides
Aperiodic variability study of the accreting millisecond pulsar IGR J17511-3057 Maithili Kalamkar

Aperiodic variability study of the accreting millisecond pulsar IGR J17511-3057 Maithili Kalamkar

Aperiodic variability study of the accreting millisecond pulsar IGR J17511-3057 Maithili Kalamkar Diego Altamirano Michiel van der Klis University of Amsterdam Black hole variability 2010, University of Southampton 1 a. Introduction to the

267 views • 9 slides
Power Presentation: Formal Speech in an Informal Power Presentation: Formal Speech in an Informal

Power Presentation: Formal Speech in an Informal Power Presentation: Formal Speech in an Informal

BMNAFVMJBHLJ // Kindle \ Power Presentation: Formal Speech in an Informal World Power Presentation: Formal Speech in an Informal Power Presentation: Formal Speech in an Informal World World Filesize: 4.86 MB Reviews Reviews A top quality

153 views • 3 slides
NARIC Study on Formal Recognition of Non-formal and Informal Learning RPL Bologna Seminar

NARIC Study on Formal Recognition of Non-formal and Informal Learning RPL Bologna Seminar

NARIC Study on Formal Recognition of Non-formal and Informal Learning RPL Bologna Seminar Jenneke Lokhoff Policy Officer 12 December 2008 Background (1) National and international Lifelong Learning strategies Increasing number of

348 views • 18 slides
PVMD Delft University of Technology Learning objectives 1. Voltage issues 2. Power, frequency

PVMD Delft University of Technology Learning objectives 1. Voltage issues 2. Power, frequency

Power, frequency and harmonic issues Ravi Vasudevan PVMD Delft University of Technology Learning objectives 1. Voltage issues 2. Power, frequency and harmonics issues Power output fluctuation Power factor correction Frequency

220 views • 11 slides
What are the contributions of Demand Side Management for balancing power systems? 9 th Conference

What are the contributions of Demand Side Management for balancing power systems? 9 th Conference

What are the contributions of Demand Side Management for balancing power systems? 9 th Conference on Applied Infrastructure Research Jos Luis Calvo de Miguel joseluis.calvodemiguel@supelec.fr Introduction The interest in Demand Side

180 views • 15 slides
A study of variability of the Am Kepler star KIC 9204718 C.Ulusoy 1 , I.Stateva 2 , I.Kh.Iliev 2 ,

A study of variability of the Am Kepler star KIC 9204718 C.Ulusoy 1 , I.Stateva 2 , I.Kh.Iliev 2 ,

XI BULGARIAN-SERBIAN ASTRONOMICAL CONFERENCE 14 - 18 MAY, 2018, BELOGRADCHIK, BULGARIA A study of variability of the Am Kepler star KIC 9204718 C.Ulusoy 1 , I.Stateva 2 , I.Kh.Iliev 2 , B.Ula 3 , M.Napetova 2 1 School of Aviation, Girne American

314 views • 4 slides
Gas Market Demand side dynamics Jon Fieldsend Total Gas & Power Ltd Total Gas & Pow er

Gas Market Demand side dynamics Jon Fieldsend Total Gas & Power Ltd Total Gas & Pow er

Gas Market Demand side dynamics Jon Fieldsend Total Gas & Power Ltd Total Gas & Pow er in the UK Gas and Power Supplier Operated under the Elf Business Energy brand. Industrial and Commercial customer base across all

457 views • 18 slides
Implications of Wide-Area Geographic Diversity for Short-Term Variability of Solar Power Andrew

Implications of Wide-Area Geographic Diversity for Short-Term Variability of Solar Power Andrew

Implications of Wide-Area Geographic Diversity for Short-Term Variability of Solar Power Andrew Mills and Ryan Wiser Lawrence Berkeley National Laboratory September 2010 This analysis was funded by the U.S. Department of Energy, Office of

457 views • 22 slides
Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan

Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan

Types of Cooperation Episodes in Side-by-Side Program m ing Lutz Prechelt, Ulrich Strk, Stephan Salinger Institut fr Informatik Freie Universitt Berlin What is side-by-side prog.? Study setup And why are we interested?

667 views • 40 slides
Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on

Formal software engineering for computational modelling Formal software engineering Focus on the formal, mathematical side of software Ex. Algebra Three problems What are the concepts that have to be used for the construction of

110 views • 7 slides
Masking against Side-Channel Attacks: a Formal Security Proof Matthieu Rivain Joint work with

Masking against Side-Channel Attacks: a Formal Security Proof Matthieu Rivain Joint work with

Masking against Side-Channel Attacks: a Formal Security Proof Matthieu Rivain Joint work with Emmanuel Prouff EUROCRYPT 2013 May 27th Outline 1 Introduction and Previous Works 2 Our Contribution 3 Model of Leaking Computation 4

526 views • 36 slides
Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem?

Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem?

NsimPower: Interconnect Simulator for Power and Performance Prediction Koji Inoue Kyushu University, Japan 1 Power/Performance Issues on Interconnection Network (IN) Is interconnect power problem? Roughly 10 to 30 % of

381 views • 10 slides
Efficient Layout Hotspot Detection via Binarized Residual Neural Network Yiyang Jiang 1 , Fan Yang

Efficient Layout Hotspot Detection via Binarized Residual Neural Network Yiyang Jiang 1 , Fan Yang

Efficient Layout Hotspot Detection via Binarized Residual Neural Network Yiyang Jiang 1 , Fan Yang 1 , Hengliang Zhu 1 , Bei Yu 3 , Dian Zhou 2 , Xuan Zeng 1 1 State Key Lab of ASIC & System, Microelectronics Department, Fudan

357 views • 21 slides
On the Practical Use of Range Proofs S ebastien Canard, and Jacques Traor e Orange Labs

On the Practical Use of Range Proofs S ebastien Canard, and Jacques Traor e Orange Labs

On the Practical Use of Range Proofs S ebastien Canard, and Jacques Traor e Orange Labs Amandine Jambert CNIL Iwen Coisel Universit e catholique de Louvain - Crypto Group Provable Privacy Workshop - July 10th, 2012 UCL Crypto Group

580 views • 22 slides
Low ow-cos -cost L Lab abor orat ator ory P Proje oject cts an and alysis Application

Low ow-cos -cost L Lab abor orat ator ory P Proje oject cts an and alysis Application

Advanced Workshop on Technology for Sustainable Development: Low-Cost Tools to support Scientific Education 17 Sep 2018 Low ow-cos -cost L Lab abor orat ator ory P Proje oject cts an and alysis Application Video A Vi o Analy

1.04k views • 56 slides
A multiscale approach to the smart deployment of micro-sensors over flexible plates Giovanni

A multiscale approach to the smart deployment of micro-sensors over flexible plates Giovanni

C entre for C omputational S tructural and M aterials M echanics A multiscale approach to the smart deployment of micro-sensors over flexible plates Giovanni Capellari, Francesco Caimmi, Matteo Bruggi, Stefano Mariani Politecnico di Milano

479 views • 20 slides
ECEU530 Projects ECE U530 Individual project implementing a design in VHDL Digital Hardware

ECEU530 Projects ECE U530 Individual project implementing a design in VHDL Digital Hardware

ECEU530 Projects ECE U530 Individual project implementing a design in VHDL Digital Hardware Synthesis Team projects if the parts are well defined Complexity about the same as the calculator in ECEU323 Prof. Miriam Leeser

508 views • 16 slides
Your Toolbar In seAngs you will find your Microphone and Camera Set-up and trouble shoo.ng

Your Toolbar In seAngs you will find your Microphone and Camera Set-up and trouble shoo.ng

Please note this session may be recorded for future use. Session Menu Help Informa.on Phone in Leave Session Your Toolbar In seAngs you will find your Microphone and Camera Set-up and trouble shoo.ng Enable your Microphone

241 views • 9 slides
High-Performance Session Variability Compensation Session Variability Compensation in Forensic

High-Performance Session Variability Compensation Session Variability Compensation in Forensic

High-Performance Session Variability Compensation Session Variability Compensation in Forensic Automatic Speaker Recognition Daniel Ramos Javier Gonzalez Dominguez Daniel Ramos , Javier Gonzalez-Dominguez, Eugenio Arevalo and Joaquin

457 views • 24 slides
RoboX An End-to-End Solution to Accelerate Autonomous Control in Robotics Alternative Computing

RoboX An End-to-End Solution to Accelerate Autonomous Control in Robotics Alternative Computing

RoboX An End-to-End Solution to Accelerate Autonomous Control in Robotics Alternative Computing Technologies (ACT) Lab Jacob Sacks Divya Mahajan Richard C. Lawson Georgia Institute of Technology Hadi Esmaeilzadeh University of

548 views • 33 slides

More recommend