a stochastic approach in side channel analysis in the
play

A Stochastic Approach in Side-Channel Analysis in the Presence of - PowerPoint PPT Presentation

Sep 25, 2023 •980 likes •1.13k views

FIRST TALK A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt f r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Barcelona, May 22, 2007 Power attacks on a block cipher

  1. FIRST TALK A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt f ü r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Barcelona, May 22, 2007

  2. Power attacks on a block cipher implementation protected by masking r (Classical) template attacks: most powerful attack, but gigantic workload (= # of measurements) for profiling Second order DPA: no profiling, but only little r efficient W. Schindler May 22, 2007 Slide 2

  3. The Stochastic Approach (Example: Power attack on AES) x ∈ {0,1} 8 (known) part or the plaintext or ciphertext z ∈ {0,1} 8 masking value k ∈ {0,1} 8 subkey t time I t (x,z;k) = h t (x,z;k) + R t Time t: Random variable deterministic part Random variable (depends on x,z,k) (depends on x,z,k) E(R t ) = 0 quantifies the random- Noise ness of the side-channel signal at time t W. Schindler May 22, 2007 Slide 3

  4. 1 st Profiling Step: Estimation of h t (.,.,.) Na ï ve Approach: Estimate h t (x,z;k) = E (I t (x,z;k)) r independently for each triple (x,z;k) ∈ {0,1} 8 × {0,1} 8 × {0,1} 8 for all t ∈ { t 1 ,t 2 , … ,t m } (relevant instants) Drawback: Gigantic number of measurements r W. Schindler May 22, 2007 Slide 4

  5. More efficient procedure r For any fixed subkey k interpret the function h t;k ( · , · ): {0,1} 8 × {0,1} 8 → R, h t;k ( · , · ) = h t ( · , · ;k), as an element of a real vector space F . r Approximate h t;k ( · , · ) by its image h* t;k under the orthogonal projection onto a suitably chosen low- dimensional vector subspace F u;t h t;k geometric . * h t;k visualization F u;t W. Schindler May 22, 2007 Slide 5

  6. r (clou) The image h* t;k minimizes a functional on the vector subspace F u;t h* t;k can be determined without knowing h (.,.,.k) r (Qualitative) conjectures on the reasons for the leakage signal → subspace F u;t r Typical vector space dimensions ( → Example) r dim( F ) = 2 16 r dim( F u;t ) = 9 or 17 W. Schindler May 22, 2007 Slide 6

  7. Comparison with Template Attacks Non-masking case: r introduced by Schindler, Lemke, Paar (CHES 2005) r extensive experimental studies by Gierlichs, Lemke, Paar (CHES 2006) r Compared to template attacks: reduces the number of measurements in the profiling phase up to factor 50 Masking case: The advantages of the stochastic approach are even by an order of magnitude larger than in the non- masking case. W. Schindler May 22, 2007 Slide 7

  8. Summary The stochastic approach r reduces the profiling workload by order(s) of magnitude r combines engineer ’ s insight into the reasons for the leakage ( → suitability of the subspace F u;t ) with precise stochastic methods ( → optimal approximator in F u;t ) r identifies and quantifies those properties that have significant impact on the side-channel signal r supports constructively the design of security implementations W. Schindler May 22, 2007 Slide 8

  9. Contact Bundesamt f ü r Sicherheit in der Informationstechnik (BSI) Werner Schindler Godesberger Allee 185-189 53175 Bonn Tel: +49 (0)3018-9582-5652 Fax: +49 (0)3018-10-9582-5652 Werner.Schindler@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de W. Schindler May 22, 2007 Slide 9

  10. SECOND TALK A Stochastic Model for Particular Designs of Physical RNGs with Robust Entropy Estimators Wolfgang Killmann 1 , Werner Schindler 2 1 T-Systems GEI GmbH 2 Bundesamt f ü r Sicherheit in Bonn, Germany der Informationstechnik (BSI) Bonn, Germany Barcelona, May 22, 2007

  11. Generic Design r n (random bit) r n+1 = r n + sw(n+1) (mod 2) # switches in time period n+1 W. Schindler May 22, 2007 Slide 11

  12. Summary r Goal: Determine the conditional entropy H(R n+1 | R 1 , ...,R n ) r We formulated and analysed a stochastic model of the noise source. r We derived robust entropy estimators, yielding practically useful lower entropy bounds. Practical experiments: 10 5 random bits / sec (limitations by the USB interface) entropy / random bit > 1 - 10 -5 W. Schindler May 22, 2007 Slide 12

  13. Contact Wolfgang Killmann T-Systems, GEI GmbH, Bonn, Germany wolfgang.killmann@t-systems.com Werner Schindler Bundesamt f ü r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Werner.Schindler@bsi.bund.de W. Schindler May 22, 2007 Slide 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high security solutions Rohde & Schwarz SIT GmbH Stuttgart/Germany Dr. Torsten Schtze Workshop on Applied Cryptography Lightweight

595 views • 15 slides
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Introduction / Motivation Symbolic Method Experiments Conclusion Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS In` es Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz

271 views • 25 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

633 views • 47 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

1.39k views • 86 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium Summer school on real-world crypto, 2016 Outline Link with linear cryptanalysis Standard Differential Power Analysis Noise-based security (is

1.17k views • 92 slides
Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to the basics!! details on power / EM leakage (low/high noise scenario) how/where to attack AES? di ff erent attacker models overview of

1.28k views • 74 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas

Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas

Background Correlation Analysis Results Conclusion Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas Peyrin CHES 2010 Workshop Santa Barbara - August 18, 2010 Background Correlation Analysis

1.1k views • 36 slides
Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Conference on Cryptographic Hardware and Embedded Systems (CHES) 2020 Strength in Numbers: Improving Generalization with Ensembles in Machine Learning-based Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

468 views • 25 slides
Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages

Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages

Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages Cryptarchi 2018 June 17-19, 2018 Guidel-Plage, France Eloi de Chrisey, Sylvain Guilley & Olivier Rioul Tlcom ParisTech, Universit

559 views • 34 slides
Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam

Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam

Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam Bhasin 1 , Dirmanto Jap 1 , Anupam Chattopadhyay 1 , Stjepan Picek 2 , Annelie Heuser 3 , and Ritu Ranjan Shrivastwa 4 1 NTU, Singapore 2 TU Delft,

335 views • 22 slides
State-of-the-art of international standardisation of side-channel analysis test methodologies and

State-of-the-art of international standardisation of side-channel analysis test methodologies and

State-of-the-art of international standardisation of side-channel analysis test methodologies and calibration of acquisition tools Sylvain GUILLEY sylvain.guilley@TELECOM-ParisTech.fr September 10, 2015, PARIS 1/18 Overview on the workshop

836 views • 25 slides
An Approach and Case Study of Cloud Instance Type Selection for Multi-Tier Web Applications

An Approach and Case Study of Cloud Instance Type Selection for Multi-Tier Web Applications

An Approach and Case Study of Cloud Instance Type Selection for Multi-Tier Web Applications Christian Davatz, Christian Inzinger, Joel Scheuner, Philipp Leitner University of Zurich, Switzerland software evolution & architecture lab

446 views • 23 slides
Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Integrating Workload Specification and Extraction for Model- Based and Measurement-Based

Stuttgart, Germany, 2014-11-27 Integrating Workload Specification and Extraction for Model- Based and Measurement-Based Performance Evaluation An Approach for Session-Based Software Systems Andr van Hoorn, Christian Vgele Eike Schulz,

1.02k views • 29 slides
Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls

Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls

Technische Universitt Mnchen + Hewlett Packard Laboratories Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls Stefan Krompass Harumi Kuno Alfons Kemper Umeshwar Dayal TU Mnchen HP Labs,

541 views • 41 slides
From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic

From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic

From Traffic Measurement to From Traffic Measurement to Realistic Workload Generation Realistic Workload Generation Felix Hernandez- -Campos Campos Felix Hernandez Ph. D. Candidate Ph. D. Candidate Dept. of Computer Science Dept. of

435 views • 16 slides
Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In Kee Kim , Wei Wang, Yanjun (Jane) Qi, and Marty Humphrey Computer Science @ University of Virginia Motivation Cloud Resource Scaling Approach

449 views • 31 slides
Lessons from privacy measurement Arvind Narayanan Princeton University @random_walker Caveat:

Lessons from privacy measurement Arvind Narayanan Princeton University @random_walker Caveat:

Lessons from privacy measurement Arvind Narayanan Princeton University @random_walker Caveat: my work is in the web privacy space BUT Ive aimed to extract broadly applicable lessons Common theme: issues beyond encryption Outline of this

658 views • 27 slides
A Measurement-based Model for Parallel Real-Time Tasks KUNAL AGRAWAL & SANJOY

A Measurement-based Model for Parallel Real-Time Tasks KUNAL AGRAWAL & SANJOY

A Measurement-based Model for Parallel Real-Time Tasks KUNAL AGRAWAL & SANJOY BARUAH Washington University in St. Louis Current models for parallel real-time workloads Graph based : < graph G = (V, E); relative deadline D;

414 views • 8 slides
Rare/other processes working group summary Motto: 100% uncertainties sound conservative,

Rare/other processes working group summary Motto: 100% uncertainties sound conservative,

Rare/other processes working group summary Motto: 100% uncertainties sound conservative, but... Jeremy Wolcott Tufts University Nu-Print Neutrino Cross Section Strategy Workshop March 14, 2018 What are we considering? Any

345 views • 16 slides

More recommend