DPA-Protected Authenticated Encryption Mostafa Taha and Patrick - - PowerPoint PPT Presentation

dpa protected authenticated encryption
SMART_READER_LITE
LIVE PREVIEW

DPA-Protected Authenticated Encryption Mostafa Taha and Patrick - - PowerPoint PPT Presentation

May 19, 2023 153 likes •640 views

A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no. 1115839. Leakage-Resilient

slide-1
SLIDE 1

A Key Management Scheme for DPA-Protected Authenticated Encryption

Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013

This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no. 1115839.

slide-2
SLIDE 2

Leakage-Resilient Cryptography

2

Classical Cryptography

Input Output Key Algorithm

slide-3
SLIDE 3

Execution Time Power Consumption Electromagnetic Radiation Acoustic Waves Photonic Emission

Leakage-Resilient Cryptography

3

Side-Channel Analysis

Input Output Key Algorithm Fault Detection

slide-4
SLIDE 4

Execution Time Power Consumption Electromagnetic Radiation Acoustic Waves Photonic Emission

Leakage-Resilient Cryptography

3

Side-Channel Analysis

Input Output Key Algorithm Fault Detection

Is this a problem?

slide-5
SLIDE 5

Differential Power Analysis

  • The key in DPA is to find a sensitive intermediate

variable that depends on:

– a controllable/observable input. – and a fixed unknown. Where the unknown is affected by a small part of the key.

4

S

P K

slide-6
SLIDE 6

Leakage-Resilient Cryptography

5

1- Hardware Protection

Input Output Key Algorithm

slide-7
SLIDE 7
  • Typically at High Cost (typically 2x).

Leakage-Resilient Cryptography

5

1- Hardware Protection

Input Output Key Algorithm

slide-8
SLIDE 8

Leakage-Resilient Cryptography

6

2- Leakage-Resilient Cryptography

Input Output Key Algorithm

slide-9
SLIDE 9

Leakage-Resilient Cryptography

6

2- Leakage-Resilient Cryptography

Input Output Key Algorithm

New Primitive Special Mode of operation (compatible with current modes)

slide-10
SLIDE 10

Leakage-Resilient Cryptographic Primitive

  • Stream Ciphers: [DP08, P09, YSPY10]
  • Block Ciphers: [FPS12]
  • Digital Signatures: [BSW11]
  • Public-Key Encryption: [NS12]

and many more

7

slide-11
SLIDE 11

Leakage-Resilient Cryptographic Primitive

  • Stream Ciphers: [DP08, P09, YSPY10]
  • Block Ciphers: [FPS12]
  • Digital Signatures: [BSW11]
  • Public-Key Encryption: [NS12]

and many more However:

  • The assumptions used are controversial.
  • High-overhead initialization procedure.
  • Not a current solution (still needs standardization).

7

slide-12
SLIDE 12

Leakage-Resilient Mode of Operation

  • Are current modes DPA-protected?

8

slide-13
SLIDE 13

Leakage-Resilient Mode of Operation

  • Are current modes DPA-protected?
  • No

– Different design requirement. – The IV/nonce is not secret, hence the same attack methodology can be used.

8

slide-14
SLIDE 14

Leakage-Resilient Mode of Operation

  • Are current modes DPA-protected?
  • No

– Different design requirement. – The IV/nonce is not secret, hence the same attack methodology can be used.

  • Research Goals:

– Current: Design a compatible DPA-protection add-on. – Future: Include the DPA-protection in a new AE mode.

8

slide-15
SLIDE 15

Outline

Introduction

  • Design Model
  • Security Requirements of the New Scheme
  • Previous Work
  • NLFSR-Based Scheme
  • Concluding Remarks

9

slide-16
SLIDE 16

Design Model

10

Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Initialization Encryption Key Propagation

slide-17
SLIDE 17

Goal: protection against any “differential” attack. This is NOT shifting the problem, but separating it.

Design Model

10

Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Initialization Encryption Key Propagation

slide-18
SLIDE 18

Goal: protection against any “differential” attack. This is NOT shifting the problem, but separating it.

Design Model

10

Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Direct Leakage Initialization Encryption Key Propagation

slide-19
SLIDE 19

Goal: protection against any “differential” attack. This is NOT shifting the problem, but separating it.

Design Model

10

Combined Information Leakage Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Direct Leakage Initialization Encryption Key Propagation

slide-20
SLIDE 20

Goal: protection against any “differential” attack. This is NOT shifting the problem, but separating it.

Design Model

10

Combined Information Leakage Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Direct Leakage Initialization Encryption Key Propagation

slide-21
SLIDE 21

Goal: protection against any “differential” attack. This is NOT shifting the problem, but separating it.

Design Model

10

Combined Information Leakage Master Key AES In Out K1 K2 AES In Out K3 AES In Out Session Key Initialization Vector Direct Leakage Initialization Encryption Key Propagation

slide-22
SLIDE 22

Security Requirements

  • Initialization:

– Maximum Diffusion. – Compatible with current AES modes . (no additional secrets or exchanged variables) – One-wayness. – DPA-hard, without depending on the Hardware. – Small hardware overhead.

11

Session Key Initialization Vector Master Key

slide-23
SLIDE 23

Security Requirements

  • Key Propagation:

– Non-linearity. – Prevent divide-and-conquer. – Forward Security (better). – Small hardware overhead.

12

K1 K2 K3 Session Key

slide-24
SLIDE 24
  • They are all:

– High cost. – Or, depend on other hardware protections.

Previous Work

Contribution Initialization Propagation [Kocher03] DES DES [MSGR10] Modular Multiplication [GFM10] NLM and AES AES [Kocher11] Tree structure of Hashing Hashing [MSJ12] Improved tree of AES [BSH..13] Minimum SP Network Current Proposal NLFSR-based scheme

13

slide-25
SLIDE 25

Current Proposal

  • Why NLFSR?

– High DPA-attack complexity.

Current DPA attack on Grain leaves 30 bits of the key for exhaustive search [FGKV07].

– High diffusion and one-wayness. – High non-linearity. – Low hardware overhead,

as learned from the eSTREAM results.

  • What are the preferred properties of the NLFSR

for the best DPA-protection?

14

slide-26
SLIDE 26

DPA of a Generic LFSRs

15

C C C C C C

I0 I1 I2 In

slide-27
SLIDE 27

DPA of a Generic LFSRs

15

C C C C C C

I0 I1 I2 In

  • 1st input bit:

– One sensitive variable of high leakage.

The output of the feedback function can be found.

slide-28
SLIDE 28

DPA of a Generic LFSRs

16

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit:
slide-29
SLIDE 29

DPA of a Generic LFSRs

16

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit:

– Sensitive variable of high leakage.

The output of the feedback function can be found.

slide-30
SLIDE 30

DPA of a Generic LFSRs

16

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit:

– Sensitive variable of high leakage.

The output of the feedback function can be found.

– Sensitive variable of low leakage.

Intermediate unknown can be found.

slide-31
SLIDE 31

DPA of a Generic LFSRs

16

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit:

– Sensitive variable of high leakage.

The output of the feedback function can be found.

– Sensitive variable of low leakage.

Intermediate unknown can be found. Is it useful? depends on the computational hierarchy.

slide-32
SLIDE 32

DPA of a Generic LFSRs

17

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit.
  • nth input bit:

– A linear equation of n unknowns.

slide-33
SLIDE 33

DPA of a Generic LFSRs

17

C C C C C C

I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit.
  • nth input bit:

– A linear equation of n unknowns. LFSRs are directly breakable after reaching all state bits

slide-34
SLIDE 34

DPA of a Generic NLFSRs

18 I0 I1 I2 In Non-linear function

slide-35
SLIDE 35

DPA of a Generic NLFSRs

18 I0 I1 I2 In

  • 1st input bit:

– One sensitive variable of high leakage.

The output of the feedback function can be found.

Non-linear function

slide-36
SLIDE 36

DPA of a Generic LFSRs

19 I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit: Operation at the known bit:

Non-linear function

slide-37
SLIDE 37

DPA of a Generic LFSRs

19 I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit: Operation at the known bit:

– XOR: The output of the feedback function can be found. Intermediate unknown can be found. Is it useful? – AND: Only the intermediate unknown (low leakage) can be found. Is it useful? depends on the computational hierarchy.

Non-linear function

slide-38
SLIDE 38

DPA of a Generic LFSRs

19 I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit: Operation at the known bit:

– XOR: The output of the feedback function can be found. Intermediate unknown can be found. Is it useful? – AND: Only the intermediate unknown (low leakage) can be found. Is it useful? depends on the computational hierarchy.

Non-linear function

slide-39
SLIDE 39

DPA of a Generic LFSRs

20 I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit.
  • nth input bit:

– Only an intermediate variable within the feedback function

Non-linear function

slide-40
SLIDE 40

DPA of a Generic LFSRs

20 I0 I1 I2 In

  • 1st input bit.
  • 2nd input bit.
  • nth input bit:

– Only an intermediate variable within the feedback function

Non-linear function

NLFSRs can still be broken by focusing on small operations within the feedback function

slide-41
SLIDE 41

DPA of a Generic LFSRs

21 I0 I1 I2 In

  • Solution:

Implement the feedback function in memory.

Non-linear function

slide-42
SLIDE 42

DPA of a Generic NLFSRs

  • Preferred properties:

– Large internal state. – High number of feedback taps. – Feedback function includes the first state bit. – Either:

  • The first bit is ANDed at the top of computational hierarchy.
  • Or, the feedback function is implemented using memory.

– Maximum period.

22

slide-43
SLIDE 43

Comparison between NLFSRs

23

Grain Trivium KeeLoq [D12] [RSWZ12] Best Internal State 80 288 32 4:24 25,27 27 Feedback taps 13 3*5 7 3:7 18:21 21 Include 1st bit No No Yes Yes Yes Yes 1st bit ANDed No No Yes No No No Maximum period ? ? ? Yes Yes Yes

slide-44
SLIDE 44

Comparison between NLFSRs

23

Grain Trivium KeeLoq [D12] [RSWZ12] Best Internal State 80 288 32 4:24 25,27 27 Feedback taps 13 3*5 7 3:7 18:21 21 Include 1st bit No No Yes Yes Yes Yes 1st bit ANDed No No Yes No No No Maximum period ? ? ? Yes Yes Yes

  • The best available NLFSR is still not optimal.
slide-45
SLIDE 45

Current Work

  • Choose a new feedback function.
  • Increase the parallelism.
  • Implementation
  • Practical DPA attack.

24

slide-46
SLIDE 46

Future Work

  • Include the DPA-protection in a new AE mode

– Most modes of operation including major AE modes keep the Key as a constant. – Updating the Key can provide a free DPA-protection in new designs.

25

slide-47
SLIDE 47

Concluding Remaks

  • DPA-protection can be achieved by a special

mode of operation.

  • We propose a light-weight primitive that can

achieve a high level of DPA security.

  • We are working on including the DPA-protection

in a new AE mode. Collaborations are welcomed

26

slide-48
SLIDE 48

27

Thank You Questions?