an introduction to physical attacks
play

An Introduction to Physical Attacks Application to Secret - PDF document

Mar 03, 2023 •465 likes •708 views

An Introduction to Physical Attacks Application to Secret Specifications Algorithms Christophe Clavier GEMALTO Security Labs SSTIC Rennes May 30, 2007 Christophe Clavier SSTIC 07 Rennes Physical Attacks Against

  1. An Introduction to Physical Attacks – Application to Secret Specifications Algorithms – Christophe Clavier GEMALTO Security Labs SSTIC – Rennes – May 30, 2007 Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 1 / 46 Outline 1 Introduction to Physical Attacks Side Channel Analysis Fault Analysis 2 Reverse Engineering of Unknown Algorithms A SCARE attack against an A3/A8 algorithm 3 Key Recovery with Unknown Algorithms A trivial (yet important) example The case of obfuscated DES Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 2 / 46

  2. Introduction to Physical Attacks Introduction to Physical Attacks Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 3 / 46 Introduction to Physical Attacks What is Physical Security ? Physical security � = Cryptanalysis Physical security is concerned by all means to threaten the security of a device by exploiting its physical properties or its behaviour while operating. When applied to secure embedded devices such as smart cards, this may be performed by: Observing and analysing the duration of commands or operations (not covered in this presentation) Measuring the power consumption of the device when it operates Perturbing the normal functioning, and analysing its abnormal behaviour or its faulty output Observing, probing or altering the surface of the chip (not covered in this presentation) Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 4 / 46

  3. Introduction to Physical Attacks Side Channel Analysis Side Channel Analysis (content) Introduction to Power Analysis Experimental equipment Information leakage through the power Simple Power Analysis (SPA) Against an RSA private exponentiation Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 5 / 46 Introduction to Physical Attacks Side Channel Analysis Experimental equipment Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 6 / 46

  4. Introduction to Physical Attacks Side Channel Analysis Information leakage The power consumption of a chip depends on: The executed instruction The manipulated data Leakage models Hamming weight of whatever data put on the bus: data, address, opearation code, . . . W = a · HW( data ) + b Hamming distance (bus transition weight) w.r.t. a reference state W = a · HD( data t , RF ) + b = a · HW( data t ⊕ RF ) + b RF : data t − 1 or data t +1 Other models, chip & technologies, . . . Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 7 / 46 Introduction to Physical Attacks Side Channel Analysis Information leakage Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 8 / 46

  5. Introduction to Physical Attacks Side Channel Analysis Information leakage Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 9 / 46 Introduction to Physical Attacks Side Channel Analysis Information leakage Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 10 / 46

  6. Introduction to Physical Attacks Side Channel Analysis SPA attack on standard RSA RSA signature computation requires arithmetic operations on large integer operands On some cryptoprocessors, the power consumption may depend on the type of (large integer) arithmetic operation performed SPA against the RSA signature private exponentiation s = m d mod n m is the message and s is the signature n = pq is a large modulus (say 1024 bits), with p and q two large primes d is the private exponent such that ed ≡ 1 (mod ( p − 1) ∗ ( q − 1)) (with e the public exponent) The attacker aims at retrieving d Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 11 / 46 Introduction to Physical Attacks Side Channel Analysis SPA attack on standard RSA Algorithm 1 RSA signature (classical left-to-right ‘Square & Multiply’) Input: d = ( d k − 1 , . . . , d 0 ) the k -bit private exponent, m the input Output: s the signature of m 1: procedure Sign ( m ) 2: s ← 1 3: for i from k − 1 down to 0 do 4: s ← s ∗ s mod n 5: if d i = 1 then 6: s ← s ∗ m mod n 7: end if 8: end for 9: return s 10: end procedure s = m 13 = m 1101 b Example: s = (1) 2 ∗ m = m 1 i = 3 ( d 3 = 1) s = ( m 1 ) 2 ∗ m = m 3 i = 2 ( d 2 = 1) s = ( m 3 ) 2 = m 6 i = 1 ( d 1 = 0) s = ( m 6 ) 2 ∗ m = m 13 i = 0 ( d 0 = 1) Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 12 / 46

  7. Introduction to Physical Attacks Side Channel Analysis SPA attack on standard RSA The power consumption directly reveals the private key! d = 0x 2E C6 91 5B F9 4A Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 13 / 46 Introduction to Physical Attacks Fault Analysis Fault Analysis (content) Fault injection methods Glitch attacks Temperature variation Light attacks Classification Permanent faults Transient faults Fault Analysis examples Differential Fault Analysis (DFA) on DES Collision Fault Analysis (CFA) on AES Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 14 / 46

  8. Introduction to Physical Attacks Fault Analysis Fault injection methods Glitch attacks Variations in supply voltage during execution may cause the processor to misinterpret or skip instructions Variations in the external clock may cause data misread or an instruction miss Temperature attacks Variations in temperature may cause: random modification of RAM cells alter read operations in NVMs Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 15 / 46 Introduction to Physical Attacks Fault Analysis Fault injection methods Light attacks Photoelectric effect (duration, power and location of the emission) White light (flash camera) cheap equipment Laser allows to precisely target a circuit area Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 16 / 46

  9. Introduction to Physical Attacks Fault Analysis Type of faults Permanent faults Destructive effect The value of a cell is definitely changed data (EEPROM, RAM) code (EEPROM) Transient faults The circuit recovers its original behaviour after reset or when the fault’s stimulus ceases The code execution or a computation is perturbed: instruction byte: a different instruction is executed (call to a routine skipped, test avoided, . . . ) parameter byte: a different value or address is considered (operation with another operand, loop variable modified, . . . ) Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 17 / 46 Introduction to Physical Attacks Fault Analysis Differential Fault Analysis Principle of Differential Fault Analysis (DFA) Ask for a cryptographic computation twice With any input and no fault (reference) With same input, inject a fault during the cryptographic computation Infer information about the key from the output differential When applied to DES (Biham & Shamir, 1996) A fault is injected in the penultimate (15 th ) round The differential propagates and is observed after the last round For each S-Box at last (16 th ) round, eliminate subkeys incompatible with input/output differentials Also applies to other algorithms (RSA, AES, . . . ) Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 18 / 46

  10. Introduction to Physical Attacks Fault Analysis Collision Fault Analysis DFA aims at retrieving information about the key from a differential effect on the output. With Collision Fault Analysis (CFA), information is obtained from two identical outputs. Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 19 / 46 Introduction to Physical Attacks Fault Analysis CFA on AES Assume the following (realistic) fault model: First AES AddRoundKey implements 16 times: Inject a fault when executing z i = m i ⊕ k i and stores the corresponding � � corrupt output C . ( z i = 0) Exhaustively search for m ∗ i (without fault) until the same output is obtained. Then, k i = m ∗ i . Whole key is retrieved within 16 faults and at most 4096 normal executions. Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 20 / 46

  11. Introduction to Physical Attacks Discussion All previous attacks implicitly assume that the cryptographic function (DES, AES, RSA, . . . ) is known from the attacker. As a security measure, keeping the cryptographic algorithm secret should make such physical attacks very difficult (impossible?). Two questions Reverse engineering Is it possible to reveal (part of) the specification of the algorithm by physical attacks? Key recovery Without knowledge about the algorithm, is it yet possible to blindly recover the key? Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 21 / 46 Reverse Engineering of Unknown Algorithms Reverse Engineering of Unknown Algorithms Christophe Clavier SSTIC 07 – Rennes Physical Attacks Against Unknown Algorithms 22 / 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018 Summary

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018 Summary

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018 Summary Introduction Side Channel Attacks Fault Injection Attacks Conclusion and References Arnaud Tisserand. CNRS Lab-STICC. Introduction

993 views • 56 slides
Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon RASTIKIAN Arnaud TISSERAND 2 = 3 PLAN Introduction Elliptic Curve Cryptography Side Channel Attacks

473 views • 33 slides
Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP Lyon, 2018.11.09 Summary Introduction Physical Attacks Arithmetic Circuits Protections Conclusion and References Arnaud

594 views • 46 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information Security Agency) Saturday, December 20 th , 2014 Introduction| Side Channel Attacks (SCA)| Fault Attacks (FA)| Combined Attacks| Protections|

817 views • 71 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo Why do Physical-space Threats Concern for SmartPhones? Why do Physical-space Threats

318 views • 31 slides
Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems (ICCPS 2019) Nicola Paoletti Royal Holloway, University of London Joint work with: Scott A Smolka, Shan Lin,

406 views • 36 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Cheap & Cheerful A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and Cryptographic Engineering (PACE), Nanyang Technological University, Singapore SPACE 2016,

667 views • 31 slides
Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks Devendra Shelar and Saurabh Amin Massachusetts Institute of Technology INFORMS November 15 th , 2016 Vulnerable Electricity Networks: Key issues Two

391 views • 7 slides
M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas Svetla Nikova, Ventzislav Nikov, Vincent Rijmen B ACK TO THE 90 S Differential Power Analysis (DPA) Paul Kocher et al. 1999 [KJJ99]

322 views • 28 slides
CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor Arribas, Begul Bilgin, Svetla Nikova, Venzi Nikov, Nigel Smart COSIC KU Leuven University of Bristol NXP Semiconductors Problem statement 2 (Johann

563 views • 37 slides
Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever

Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever

Differential Privacy (Part IV) Alice Eve Bob Cryptographic protocols Tons of attacksnever ending list! essential in distributed systems Needham-Schroeder (1996) e-banking Microsoft Passport (2001) e-commerce Kerberos (2004) e-mail

571 views • 22 slides
General fault attacks on multivariate public key cryptosystems Y. Hashimoto (Univ. of the

General fault attacks on multivariate public key cryptosystems Y. Hashimoto (Univ. of the

General fault attacks on multivariate public key cryptosystems Y. Hashimoto (Univ. of the Ryukyus) T. Takagi (Kyushu Univ.) K. Sakurai(ISIT) Y. Hashimoto (Univ. of the Ryukyus) T. Takagi (Kyushu Univ.) General fault attacks on multivariate

587 views • 23 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography Linear Cryptanalysis Differential Cryptanalysis Analytic Cryptanalysis of Block Ciphers, Stream Ciphers, Modes of Other Advanced Attacks Operation,

933 views • 11 slides
1 FPGAs Attack Model Consider a device capable of implementing the FPGAs allow parallel

1 FPGAs Attack Model Consider a device capable of implementing the FPGAs allow parallel

Introduction Classic cryptography views the secure problems with mathematical abstractions The classic cryptanalysis has had a great

443 views • 11 slides
Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs marc.joye@thomson.net CryptoPuces 2009 Porquerolles, June 26, 2009 Outline Elliptic Curve Cryptography Inducing Faults Fault Attacks Countermeasures

363 views • 24 slides
Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de

Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de

Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de Fabian Seiberling Fabian.b.Seiberling@student.hs-rm.de 1st Wiesbaden Workshop on 13.02.2014 Advanced Microkernel Operating Systems Table of

580 views • 27 slides
On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen 1 , M.J.B. Robshaw 2 ,

On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen 1 , M.J.B. Robshaw 2 ,

Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen 1 ,

624 views • 26 slides

More recommend