behind the scene of side channel attacks
play

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor - PowerPoint PPT Presentation

Dec 15, 2023 •20 likes •340 views

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

  1. Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013

  2. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Agenda Side Channel Attacks (SCA) 1 a. Background b. Contributions Linear Regression Attack (LRA) 2 a. LRA Basics b. Experimental Results Template Attack (TA) 3 a. Template Attack Basics b. Experimental Results Conclusion 4 1/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  3. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Agenda Side Channel Attacks (SCA) 1 a. Background b. Contributions Linear Regression Attack (LRA) 2 a. LRA Basics b. Experimental Results Template Attack (TA) 3 a. Template Attack Basics b. Experimental Results Conclusion 4 2/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  4. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Context Since the 90’s, increasing use of Embedded Systems ◮ 7 G smartcards sold in 2012 (SIM, banking, pay-TV, ID, ✿ ✿ ✿ ) Embedded Systems integrating Cryptography are susceptible to Side Channel Cryptanalysis 3/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  5. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Side Channel Cryptanalysis [Kocher et al - Crypto99] A CMOS device leaks info. about its state during a computation through side-channels e.g.: time, power consumption, EM radiations, ✿ ✿ ✿ SCA exploit these physical leakages to guess a secret gray-box model (spy the computation) PLAINTEXT CIPHERTEXT blablablablablabla tO^à@:/!uYe#&²é" blibliblibliblibliblibl ccGt*µ$Bg;./rSdrtg CRYPTOSYSTEM bloblobloblobloblo ([jKé~-|kLm%*ø$tf blublublublublublu vB:!§eR'{qZé~rt6- blyblyblyblyblybly phçö^$"NhR([qSrT time power electromagnetic radiations vibrations light ... 4/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  6. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Generic SCA Flow 1. Collect N side channel traces w. known inputs t 1 ✦ Enc ✭ p 1 ❀ k ✮ ❀ ✿ ✿ ✿ ❀ t N ✦ Enc ✭ p N ❀ k ✮ 2. Choose sensitive variable depend. on input & secret ❫ i ❂ S ✭ p i ✟ ❫ k e.g. AES Sbox output ✦ v k ✮ 3. Choose a Leakage Model e.g. Hamming Weight (H) 4. Compute predictions for each key hypothesis ❫ ❫ ❫ k ❂ 0 k ❂ 0 k ❂ 0 ✦ H ✭ v ✮ ❀ ✿ ✿ ✿ ❀ H ✭ v ✮ 1 N ✿ ✿ ✿ ❫ ❫ ❫ k ❂ 255 k ❂ 255 k ❂ 255 ✦ H ✭ v ✮ ❀ ✿ ✿ ✿ ❀ H ✭ v ✮ 1 N 5. Use a distinguisher to discriminate the correct key by comparing the N traces and the predictions 5/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  7. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| SCA flow and Leakage Model: 3 cases 1. Select a priori a Leakage Model ◮ Hamming Weight, Hamming Distance ◮ Used in classical SCA (DPA, CPA, MIA, ✿ ✿ ✿ ) 2. Select a priori a space of Leakage Models ◮ Attack will guess the correct model in selected space ◮ Used in Linear Regression Attack (LRA) 3. Infer a Leakage Model through profiling before attack ◮ A preliminary step is performed on an open copy of the device to build a leakage model for each key value ◮ Used in Template Attack (TA) 6/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  8. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Agenda Side Channel Attacks (SCA) 1 a. Background b. Contributions Linear Regression Attack (LRA) 2 a. LRA Basics b. Experimental Results Template Attack (TA) 3 a. Template Attack Basics b. Experimental Results Conclusion 4 7/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  9. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Microelectronics & Side Channel Cryptanalysis Moore’s law: ◮ Nb. of transistors on ICs doubles approx. every two years ◮ CMOS processes decrease 1995 ✦ CMOS process 350 nm / 2013 ✦ CMOS process 22 nm Consequence: ◮ intra-chip variability increases ✮ bits leak differently ones from others ◮ inter-chip variability increases ✮ two identical ICs behave differently ✮ New challenges for Side Channel Attacks ?! 8/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  10. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| Background| Contributions| Our Contributions Propose a study on the practicality of: ◮ Linear Regression Attack (LRA) ◮ Template Attack (TA) Perform experiments on 3 different microcontrollers: ◮ Device A - CMOS process 350 nm - AES 128 enc. 51600 points per trace - highest SNR 1 : 0 ✿ 3 ◮ Device B - CMOS process 130 nm - AES 128 enc. 16800 points per trace - highest SNR 1 : 0 ✿ 6 ◮ Device C - CMOS process 90 nm - AES 128 enc. 12800 points per trace - highest SNR 1 : 0 ✿ 09 Use of 3 copies of each device for cross-tests 1 SNR: Signal-to-Noise Ratio 9/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  11. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| Agenda Side Channel Attacks (SCA) 1 a. Background b. Contributions Linear Regression Attack (LRA) 2 a. LRA Basics b. Experimental Results Template Attack (TA) 3 a. Template Attack Basics b. Experimental Results Conclusion 4 10/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  12. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| Linear Regression Attack [Doget et al - Cosade11] Leakage function L : models the handling of sens. var. v handling of v ✦ L ✭ v ✮ ✰ B , with B a gaussian noise In LRA, L assumed unknown and viewed as a multivariate polynomial in the bit-coordinates v i of v w. coefs. in R L ✭ v ✮ ❂ ✎ 0 v 0 ✰ ✎ 1 v 1 ✰ ✿ ✿ ✿ ✰ ✎ 0 ❀ 1 v 0 v 1 ✰ ✎ 0 ❀ 2 v 0 v 2 ✰ ✿ ✿ ✿ ✰ ✿ ✿ ✿ ⑤④③⑥ ⑤ ④③ ⑥ ⑤ ④③ ⑥ etc linear part quadratic part In LRA, guessing L is hence equivalent to solve a polynomial interpolation in a noisy context ✮ use of linear regression techniques 11/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  13. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| LRA Issues Previous works reporting experiments on LRA consider side channel traces composed of one unique point In practice, side channel traces are never composed of one unique point, but rather several thousands Classical strategy consists in applying SCA on each time sample and to keep the key candidate maximizing the score over all time samples In our experiments, such a strategy did not work for LRA 12/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  14. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| Our Solution From our experiments, we observed that correct key k is ranked first at time samples where: ◮ the distance score ✭ k ✮ � E ❬ score ✭ k ✮ ] is large ◮ Var ❬ score ✭ k ✮❪ is small We hence deduced a normalization step: ◮ center the scores ◮ divide by their variance ◮ normalized _ score ✭ k ✮ ❂ score ✭ k ✮ � E ❬ score ✭ k ✮❪ Var ❬ score ✭ k ✮❪ 13/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  15. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| Agenda Side Channel Attacks (SCA) 1 a. Background b. Contributions Linear Regression Attack (LRA) 2 a. LRA Basics b. Experimental Results Template Attack (TA) 3 a. Template Attack Basics b. Experimental Results Conclusion 4 14/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  16. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| LRA vs. Normalized LRA (device A - 350nm) 160 LRA normalized LRA 140 average rank of the correct key 120 100 80 60 40 20 0 100 200 300 400 500 600 700 800 900 1000 number of traces Figure: Correct key rank evolution vs. nb. of traces 15/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

  17. Side Channel Attacks (SCA)| Linear Regression Attack (LRA)| Template Attack (TA)| Conclusion| LRA Basics| Experimental Results| LRA vs. Normalized LRA (device B - 130nm) 160 LRA normalized LRA 140 average rank of the correct key 120 100 80 60 40 20 0 100 200 300 400 500 600 700 800 900 1000 number of traces Figure: Correct key rank evolution vs. nb. of traces 16/31 Victor LOMNE - ANSSI / Behind the Scene of Side Channel Attacks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&P), 2019 (Dustin)

726 views • 44 slides
Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

1.55k views • 111 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
Learning to Select Expert Demonstra4ons for Deformable Object

Learning to Select Expert Demonstra4ons for Deformable Object

Learning to Select Expert Demonstra4ons for Deformable Object Manipula4on Dylan Hadfield-Menell, Alex Lee, Sandy Huang, Eric Tzeng, Pieter Abbeel Workshop on

438 views • 22 slides
Ray Tracing Intro Steve Marschner CS 4620 Cornell University Cornell CS4620 Fall 2020 Steve

Ray Tracing Intro Steve Marschner CS 4620 Cornell University Cornell CS4620 Fall 2020 Steve

Ray Tracing Intro Steve Marschner CS 4620 Cornell University Cornell CS4620 Fall 2020 Steve Marschner 1 Projection To render an image of a 3D scene, we project it onto a plane Most common projection type is perspective projection

552 views • 16 slides
Nico Pietroni Paolo Cignoni 1 c What is Digital Fabrication? Additive Manufacturing CNC Milling

Nico Pietroni Paolo Cignoni 1 c What is Digital Fabrication? Additive Manufacturing CNC Milling

State Of The Art on Functional Fabrication Asla Medeiros e Sa Karina Rodriguez-Echavarria Nico Pietroni Paolo Cignoni 1 c What is Digital Fabrication? Additive Manufacturing CNC Milling Laser Cutter + any computer assisted fabrication

1.4k views • 48 slides
Towards X Visual Reasoning Hanwang Zhang hanwangzhang@ntu.edu.sg Pattern Recognition

Towards X Visual Reasoning Hanwang Zhang hanwangzhang@ntu.edu.sg Pattern Recognition

Towards X Visual Reasoning Hanwang Zhang hanwangzhang@ntu.edu.sg Pattern Recognition v.s. Reasoning Pattern Recognition v.s. Reasoning Caption: Lu et al. Neural Baby Talk. CVPR18 VQA: Teney et al. Graph- Structured Representations

1.1k views • 64 slides
Information Session June 9 th , Grade 5 Information Session School We are a Middle School of

Information Session June 9 th , Grade 5 Information Session School We are a Middle School of

Information Session June 9 th , Grade 5 Information Session School We are a Middle School of over 720 students Community catchment from R.D Barber, Hanover, Hilldale and Massey Street Sr PS. We also have an International Business and

768 views • 37 slides
Interfaces from SciFi Robert W. Lindeman Worcester Polytechnic Institute Department of Computer

Interfaces from SciFi Robert W. Lindeman Worcester Polytechnic Institute Department of Computer

CS-525H: Immersive HCI Interfaces from SciFi Robert W. Lindeman Worcester Polytechnic Institute Department of Computer Science gogo@wpi.edu Motivation "Any sufficiently advanced technology is indistinguishable from magic."

351 views • 11 slides
Computational Science Working Group Adam Lyon & Jim Kowalkowski All Scientist Retreat 26

Computational Science Working Group Adam Lyon & Jim Kowalkowski All Scientist Retreat 26

Computational Science Working Group Adam Lyon & Jim Kowalkowski All Scientist Retreat 26 April 2018 Micro-workshop https://indico.fnal.gov/event/16923/ Watch the movie! 2 Charge Addressing 2nd and 3rd charge items Structures

213 views • 20 slides
LESSONS ABOUT COMMUNITY FROM SCIENCE FICTION Dawn M. Foster Director of Community

LESSONS ABOUT COMMUNITY FROM SCIENCE FICTION Dawn M. Foster Director of Community

LESSONS ABOUT COMMUNITY FROM SCIENCE FICTION Dawn M. Foster Director of Community at Puppet Labs @geekygirldawn dawn@puppetlabs.com Presenta(on (with notes) available at

409 views • 21 slides

More recommend