efficient template attacks
play

Efficient Template Attacks CARDIS 2013 Omar Choudary Markus G. - PowerPoint PPT Presentation

Aug 15, 2023 •215 likes •717 views

Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Efficient Template Attacks CARDIS 2013 Omar Choudary Markus G. Kuhn Berlin, 29 November 2013 Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide

  1. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Efficient Template Attacks CARDIS 2013 Omar Choudary Markus G. Kuhn Berlin, 29 November 2013 Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 1

  2. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  3. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Certification to CC profiles requires their evaluation Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  4. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Certification to CC profiles requires their evaluation Contributions: Dealing with large number of samples (avoiding numerical pitfalls) Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  5. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Certification to CC profiles requires their evaluation Contributions: Dealing with large number of samples (avoiding numerical pitfalls) Efficient implementation (reducing evaluation time, e.g. from 3 days to 30 minutes) Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  6. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Certification to CC profiles requires their evaluation Contributions: Dealing with large number of samples (avoiding numerical pitfalls) Efficient implementation (reducing evaluation time, e.g. from 3 days to 30 minutes) Fair evaluation of most common compression techniques Show several assumptions do not hold in general Practical guideline for choosing the right compression Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  7. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Introduction Template Attacks [Chari et al., ’03] Certification to CC profiles requires their evaluation Contributions: Dealing with large number of samples (avoiding numerical pitfalls) Efficient implementation (reducing evaluation time, e.g. from 3 days to 30 minutes) Fair evaluation of most common compression techniques Show several assumptions do not hold in general Practical guideline for choosing the right compression And ... we provide data and code so you can try it! Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 2

  8. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Experiment: eavesdropping on 8-bit data bus Executed Code: movw r30, r24 ld r8, Z+ ld r9, Z+ ld r10, Z+ ld r11, Z+ MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 0 0 2 4 6 8 10 Time [ µ s] Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 3

  9. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Experiment: eavesdropping on 8-bit data bus Executed Code: movw r30, r24 ld r8, 0 ld r9, k ld r10, 0 ld r11, 0 MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 0 0 2 4 6 8 10 Time [ µ s] Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 4

  10. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Profiling: Acquire Traces Executed Code: movw r30, r24 ld r8, 0 MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 ld r9, k Amplitude MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 ld r10, 0 k = 0 Amplitude MOV 0 0 2 4 6 8 10 LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 Time [ µ s] LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 ld r11, 0 Amplitude 0 0 2 4 6 8 10 Time [ µ s] 0 0 2 4 6 8 10 Time [ µ s] MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 k = 1 Amplitude MOV 0 0 2 4 6 8 10 LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 Time [ µ s] LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 0 0 2 4 6 8 10 Time [ µ s] . . . 0 0 2 4 6 8 10 Time [ µ s] k = 255 Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 5

  11. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Profiling: Estimate Templates 0.06 µ r 1 µ r 1 + std( µ r 1 ) µ r 1 − std( µ r 1 ) 0.05 max k ( µ r k ) MOV min k ( µ r LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 k ) LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 0.04 Amplitude Amplitude [V] MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 ¯ x k 0.03 k = 0 Amplitude MOV 0 0 2 4 6 8 10 LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 Time [ µ s] LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 0.02 0 0 2 4 6 8 10 Time [ µ s] Compression 0.01 0 0 2 4 6 8 10 Time [ µ s] 0 3.2 3.4 3.6 3.8 4 4.2 4.4 4.6 Time [ µ s] 6 MOV x 10 LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 20 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 10 MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 15 20 S k k = 1 Amplitude MOV 0 0 2 4 6 8 10 LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 Time [ µ s] LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 30 10 Amplitude 0 0 2 4 6 8 10 Time [ µ s] 40 . . 5 . 0 50 0 2 4 6 8 10 Time [ µ s] 60 0 10 20 30 40 50 60 k = 255 Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 6

  12. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Attack: using the multivariate normal distribution x k ) ′ S − 1 1 − 1 √ � � d ( k | x ) = (2 π ) m | S k | exp 2 ( x − ¯ k ( x − ¯ x k ) k ⋆ → argmax k d ( k | x ) MOV LD R8, clk #2 LD R9, clk #2 LD R10, clk #2 LD R11, clk #2 LD R8, clk #1 LD R9, clk #1 LD R10, clk #1 LD R11 clk #1 LD R12 clk #1 Amplitude 0 0 2 4 6 8 10 Time [ µ s] Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 7

  13. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Problem 1: Floating point issues x k ) ′ S − 1 1 − 1 √ � � d ( k | x ) = (2 π ) m | S k | exp 2 ( x − ¯ k ( x − ¯ x k ) Issue 1: exp( x ) is only safe for | x | < 710, which is easily exceeded in our experiments. Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 8

  14. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Problem 1: Floating point issues x k ) ′ S − 1 1 − 1 √ � � d ( k | x ) = (2 π ) m | S k | exp 2 ( x − ¯ k ( x − ¯ x k ) Issue 1: exp( x ) is only safe for | x | < 710, which is easily exceeded in our experiments. Issue 2: | S k | can overflow/underflow easily for large m ( > 50). These are real problems. Naive implementations are likely to fail. Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 9

  15. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Solution: use LOG x k ) ′ S − 1 2 log 2 π − 1 2 log | S k | − 1 d LOG ( k | x ) = − m 2 ( x − ¯ k ( x − ¯ x k ) log Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 10

  16. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Caveat: pdf can be larger than 1 “[Choose the candidate k that leads to the] smallest absolute value [of d LOG ]” [Mangard, Oswald, Popp ’07] log Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 11

  17. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Caveat: pdf can be larger than 1 “[Choose the candidate k that leads to the] smallest absolute value [of d LOG ]” Incorrect: log is monotonic, abs is not! We choose k with highest value of d LOG . [Mangard, Oswald, Popp ’07] log Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 12

  18. Introduction Classic Approach Problems Efficient Templates Evaluation Conclusion Problem 2: dealing with large number of samples Myth: problems with inversion of S k as soon as m is large. m = number of samples n p = number of traces from profiling, for each k Omar Choudary, Markus G. Kuhn Efficient Template Attacks Slide 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
Modern Modern Template Techniques Template The Simplest Function Template

Modern Modern Template Techniques Template The Simplest Function Template

Modern Modern Template Techniques Template The Simplest Function Template CRTPStatic Polymorphism Techniques Type TraitsBasic Metaprogramming Compile-time Conditionals Policy Classes Perfect Forwarding

1.29k views • 42 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook

An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook

An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook University (Research supported by DARPA, NS F and ONR) 2/9/2009 Example: SquirrelMail Command Injection Attack: use maliciously Incom ing

747 views • 21 slides
Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University of Kansas 1 Speculative Execution Attacks Attacks exploiting microarchitectural side-effects of

499 views • 21 slides
EVENT REPORT TEMPLATE (Annex H to Quality Control and Monitoring Manual) This template has to be

EVENT REPORT TEMPLATE (Annex H to Quality Control and Monitoring Manual) This template has to be

EVENT REPORT TEMPLATE (Annex H to Quality Control and Monitoring Manual) This template has to be filled by project partners (organisers) for all IF4TM events (except SC meetings). Furthermore, this template can be used to inform colleagues and

434 views • 4 slides
Announcements: Homework 1 Out HW1 and a latex template for solutions are out on the course

Announcements: Homework 1 Out HW1 and a latex template for solutions are out on the course

Announcements: Homework 1 Out HW1 and a latex template for solutions are out on the course website: http://www.haifeng-xu.com/cs6501fa19 The HW sol template is for your convenience, but not required. Feel free to use your own template

750 views • 39 slides
Webinar Agenda Welcome and Introductions The HSA template The HSA/PP Section template

Webinar Agenda Welcome and Introductions The HSA template The HSA/PP Section template

Health Systems and Public Policy Analysis Section Jeremy Patch, MPH Stephanie Reffey, PhD Becky Royer, MPH, CHES Webinar Agenda Welcome and Introductions The HSA template The HSA/PP Section template The HSA/PP Section checklist

725 views • 9 slides
Template Metaprogramming in C++ CS242, Fall 2009 Keith Schwarz Preliminaries A C++ template is a

Template Metaprogramming in C++ CS242, Fall 2009 Keith Schwarz Preliminaries A C++ template is a

Template Metaprogramming in C++ CS242, Fall 2009 Keith Schwarz Preliminaries A C++ template is a type or function parameterized over a set of types, functions, or constants. template &lt;typename One, typename Two&gt; struct Pair { One

1.34k views • 113 slides
BUILDING A POWER POINT TEMPLATE By using a Master Template for your PowerPoint presentations, you

BUILDING A POWER POINT TEMPLATE By using a Master Template for your PowerPoint presentations, you

BUILDING A POWER POINT TEMPLATE By using a Master Template for your PowerPoint presentations, you can save the time it takes to make a presentation and to standardize a look and feel for you slides. A Master Template is a presentation that you

81 views • 4 slides
Testbench Template Testbench template generated by Cadence The Big Picture 1010010100100

Testbench Template Testbench template generated by Cadence The Big Picture 1010010100100

Testbench Template Testbench template generated by Cadence The Big Picture 1010010100100 DUT 1001000010100 (Device Actual 1110101001110 Under Output 1010100010011 Test) Vectors 0100100010001 Input Vector Table Pass/Fail Compare

305 views • 18 slides
TWG Review and Reporting Template TWG Network Meeting 27-28 February Name of TWG: on

TWG Review and Reporting Template TWG Network Meeting 27-28 February Name of TWG: on

TWG Review and Reporting Template TWG Network Meeting 27-28 February Name of TWG: on HIV/AIDS General guidance for using the template This template is designed to support and complement the dialogue

753 views • 7 slides
C++ Template Meta A basic introduction to basic C++ techniques used in template metaprogramming.

C++ Template Meta A basic introduction to basic C++ techniques used in template metaprogramming.

C++ Template Meta A basic introduction to basic C++ techniques used in template metaprogramming. Github Repo The presentation and all of the code are online on github, with an OSI license. github.com/zwimer/Template-Meta-Tutorial Note: Much

1.12k views • 84 slides
Spoken Document Retrieval and Browsing Ciprian Chelba OpenFst Library C++ template library

Spoken Document Retrieval and Browsing Ciprian Chelba OpenFst Library C++ template library

Spoken Document Retrieval and Browsing Ciprian Chelba OpenFst Library C++ template library for constructing, combining, optimizing, and searching weighted finite-states transducers (FSTs) Goals: Comprehensive, flexible, efficient and

892 views • 36 slides
Fair, Efficient and Open Competition Regulation Preferential Sharing of Records Not Available to

Fair, Efficient and Open Competition Regulation Preferential Sharing of Records Not Available to

Fair, Efficient and Open Competition Regulation Preferential Sharing of Records Not Available to the Public Metropolitan Centre August 28, 2009 Agenda 1. Background 2. Timeline 3. Process Template Stakeholder Feedback 4. Minimum

651 views • 12 slides
Learning and Reasoning in Logic Tensor Networks Luciano Serafini 1 , Ivan Donadello 1 , 2 , Artur

Learning and Reasoning in Logic Tensor Networks Luciano Serafini 1 , Ivan Donadello 1 , 2 , Artur

Learning and Reasoning in Logic Tensor Networks Luciano Serafini 1 , Ivan Donadello 1 , 2 , Artur dAvila Garces 3 1 Fondazione Bruno Kessler, Italy 2 University of Trento, Italy 3 City University London, UK May 7, 2017 Luciano Serafini, Ivan

813 views • 38 slides
Undiagnosed Diseases Network (UDN) Background In 2008, the NIH established an intramural

Undiagnosed Diseases Network (UDN) Background In 2008, the NIH established an intramural

February 25, 2016 Undiagnosed Diseases Network (UDN) Background In 2008, the NIH established an intramural Undiagnosed Diseases Program (UDP) to aid individuals plagued by longstanding medical conditions that elude medical diagnosis. Since then,

190 views • 5 slides
Logic Tensor Networks Luciano Serafini Fondazione Bruno Kessler AITP 2017 joint work with Artur

Logic Tensor Networks Luciano Serafini Fondazione Bruno Kessler AITP 2017 joint work with Artur

Logic Tensor Networks Luciano Serafini Fondazione Bruno Kessler AITP 2017 joint work with Artur dAvila Garces - City Univ. London and Ivan Donadello, FBK Luciano Serafini (Fondazione Bruno Kessler) Logic Tensor Networks AITP 2017 1 / 30

2.47k views • 37 slides
Mapping filter services on heterogeneous platforms To appear in IPDPS 2009 Anne Benoit,Fanny

Mapping filter services on heterogeneous platforms To appear in IPDPS 2009 Anne Benoit,Fanny

Mapping filter services on heterogeneous platforms To appear in IPDPS 2009 Anne Benoit,Fanny Dufoss e,Yves Robert January 9, 2009 Anne Benoit,Fanny Dufoss e,Yves Robert () Mapping filter services on heterogeneous platforms January 9, 2009

928 views • 63 slides
EI331 Signals and Systems Lecture 27 Bo Jiang John Hopcroft Center for Computer Science

EI331 Signals and Systems Lecture 27 Bo Jiang John Hopcroft Center for Computer Science

EI331 Signals and Systems Lecture 27 Bo Jiang John Hopcroft Center for Computer Science Shanghai Jiao Tong University May 30, 2019 Contents 1. Evaluation of Definite Integrals Using Residues 2. Z -transform 3. Properties of Z -transform 4.

992 views • 36 slides
Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested

Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested

Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested Embedded Linux Conference Europe 2016 Jan-Simon Mller Release Manager, AGL , The Linux Foundatjon ( jsmoeller@linuxfoundatjon.org, DL9PF @IRC and

688 views • 33 slides
Building Robots That Can See Scott Garman Intel Open Source Technology Center

Building Robots That Can See Scott Garman Intel Open Source Technology Center

Building Robots That Can See Scott Garman Intel Open Source Technology Center scott.a.garman@intel.com ELC Europe Edinburgh 25 Oct 2013 Who Am I? Software Engineer on the Yocto Project Technical Evangelist for MinnowBoard and

618 views • 22 slides
Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18

Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18

Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18 Now Jesus did many other signs in the presence of the disciples, which are not written in this book; but these are written so that you may believe

842 views • 62 slides

More recommend