host differential power attacks ece 525 side channel
play

HOST Differential Power Attacks ECE 525 Side-Channel Attacks - PowerPoint PPT Presentation

Dec 06, 2023 •230 likes •363 views

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

  1. HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic implementations reveal information about internal operations in the power supply as they execute the algorithm Power supply transient signals (I DDT ) and electromagnetic radiation can be measured using benchtop oscilloscopes and reverse-engineered to deduce the secret key Dynamic current can measured by inserting a small resistance in series with the power supply wires, or by using current or EM probes All types of hardware devices are vulnerable, including microprocessors, FPGAs and dedicated ASICs Some are more vulnerable than others, e.g., microprocessors execute instructions on different functional units within the ALU Therefore, I DDT in these cases is dependent on both data and instructions ECE UNM 1 (3/20/18)

  2. HOST Differential Power Attacks ECE 525 Simple Power Analysis (SPA) SPA or Simple Power Analysis is a technique that involves directly analyzing I DDT during cryptographic operations 16 DES rounds P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis", Proceedings of Advances in Cryptology-CRYPTO’99, Springer-Verlag, 1999, pp. 388-397 Above trace is measured over 1 ms, sampled at 5 MHz (5000 pts) Blow-up of previous figure showing 2nd and 3rd rounds of DES encryption 28-bit DES key registers C and D Small variations rotated once in round 2 and twice in round 3 between the rounds are also visible, which can be exploited b/c they result from conditional jumps based on key bits, etc. ECE UNM 2 (3/20/18)

  3. HOST Differential Power Attacks ECE 525 Simple Power Analysis (SPA) The DES key schedule algorithm An even higher resolution trace through two regions, each with 7 clock cycles at 3.5714 MHz Jump taken Jump not taken ECE UNM 3 (3/20/18)

  4. HOST Differential Power Attacks ECE 525 Simple Power Analysis (SPA) The differences in the traces result primarily from differences in the power consump- tion of different microprocessor instructions It is clear that SPA can reveal the sequence of instructions executed Therefore, it can be used to break crypto. implementations in which the execu- tion path depends on the data being processed For example: • DES Key Schedule The key schedule involves rotating 28-bit key registers A conditional branch is commonly used to check the bit shifted off the end so that "1" bits can be wrapped around The resulting power consumption traces for a "1" bit and a "0" bit will contain different SPA features if the execution paths takes different branches for each ECE UNM 4 (3/20/18)

  5. HOST Differential Power Attacks ECE 525 Simple Power Analysis (SPA) • DES permutations DES implementations perform a variety of bit permutations Conditional branching in software or microcode can cause significant power consumption differences for "0" and "1" bits • Comparisons String or memory comparison operations typically perform a conditional branch when a mismatch is found This conditional branching causes large SPA (and sometimes timing) character- istics • Multipliers Modular multiplication circuits tend to leak a great deal of information about the data they process The leakage functions depend on the multiplier design, but are often strongly correlated to operand values and Hamming weights ECE UNM 5 (3/20/18)

  6. HOST Differential Power Attacks ECE 525 Simple Power Analysis (SPA) • Exponentiators A simple modular exponentiation function parses the exponent, performing a squaring operation in every iteration An additional multiplication occurs for each exponent bit that is equal to "1" The exponent can be compromised if squaring and multiplication operations have different power consumption characteristics Or take different amounts of time Preventing SPA Avoiding procedures that use secret intermediates or keys for conditional branching operations will mask many SPA characteristics The microcode in some microprocessors cause large operand-dependent power consumption features, which are vulnerabilities ASIC implementations of symmetric cryptographic algorithms have sufficiently small power consumption variations, so SPA cannot be used to extract keys ECE UNM 6 (3/20/18)

  7. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) In addition to large-scale power variations due to the instruction sequence, there are effects correlated to data values being manipulated These variations tend to be smaller and are sometimes overshadowed by mea- surement errors and other noise In such cases, it is still often possible to break the system using statistical functions AES will be used here to demonstrate this function AES K (M) (K 0 , ..., K 10 ) <- expand(K) s <- M XOR K 0 for r = 1 to 10 do s <- S(s) s <- shift-rows(s) if r <= 9 then s <- mix-cols(s) fi s <- s XOR K r endfor return s ECE UNM 7 (3/20/18)

  8. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) AES first XORs the subkey K 0 (which is in fact the key -- see key sched.) with the plaintext byte and then uses the result to ’lookup’ a value in the SBOX function This table lists the values of S(0) , S(1) , .. S(255) Therefore, each output byte in the first round can be computed given a specified, i.e., known, plaintext byte and a guess of the subkey K 0 as: S( p XOR k ), with p representing the plaintext and k the subkey Let’s focus on the high order bit , v , of the output byte ECE UNM 8 (3/20/18)

  9. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) The attack assumes the power consumption during processing of this high order bit will depend on whether it is a ’0’ or a ’1’ The attack begins by measuring the power supply curve as each of 1000 random (but known) plaintexts are encrypted Once these traces are obtained, we have ALL the information we need to learn the key, i.e., the rest of the attack focuses only on post-processing these wfms The process of ’learning’ k simply involves creating two subsets of the 1000 power trace wfms for each guess of k Given that k can be 1 of 256 different values, this requires this process to be repeated 256 times, once for each guess The two subsets are created by computing the value of v under each guess of k Remember, the plaintext bytes are known Therefore, for each guess of k , each is XORed and run through SBOX ECE UNM 9 (3/20/18)

  10. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) The bit value that is generated for v is used to define the subsets, with all plaintext wfms that generate a ’0’ for v in one subset, and those generating a ’1’ in the other An important part of the attack is to eliminate the ’background noise’ Background noise is generated by simultaneous switching activity on other SBOX output bits during the time region of interest The time region of interest is simply the period of time when AES is computing the XOR and subsequently carrying out the SBOX operation Background noise is eliminated by computing an average trace using all wfms in each of the subsets The assumption here is that each of the other 127 bits on the SBOX outputs in each wfm subset have nearly equal numbers 0’s and 1’s If this is true, then the average power trace will become flat for these bits because of the averaging, effectively cancelling them out ECE UNM 10 (3/20/18)

  11. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) The final step is to compute a difference trace from the two averages, for each guess of the subkey k S. Mangard, E. Oswald and T. Popp, " Power Analysis Attacks: Revealing the Secrets of Smart Cards", Springer, 2007 The above shows guesses for k of 117, 118, 119 and 120 It is clear from the spikes that the actual subkey k used by AES is 119 ECE UNM 11 (3/20/18)

  12. HOST Differential Power Attacks ECE 525 Differential Power Analysis (DPA) DPA works because it can inspect intermediate values in the computation process, something the authors of AES assumed was not possible Power analysis provides internal observation of the temporal and spatial switching behavior of the chip This feature has been heavily used in the manufacturing test community since the early 90’s! So DPA was not first to make use of power supply transient signal analysis My Ph.D. research in 1997 (see ITC’96 and ’97) is also based on an analysis of I DDT signals However, unlike manufacturing test methods, such as I DDQ and I DDT , DPA does NOT need to account for process variation effects between ICs This is true because DPA is carried out entirely on ONE chip This allows much higher levels of resolution to be achieved ECE UNM 12 (3/20/18)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, &quot;Power Analysis Attacks, Revealing the Secrets of Smart Cards&quot;, Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices

A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011

579 views • 32 slides
FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by

FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by

FPGA-Based Remote Power Side Channel Attacks By Mark Zhao and G. Edward Suh Presented by Maitreyi Ashok Motivation FPGAs are used in most cloud computing environments for hardware acceleration The SoCs used for these can have multiple

390 views • 22 slides
HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel Power Resistance for Encryption Algo- rithms using Dynamic Partial Reconfiguration or SPREAD As a countermeasure to DPA, CPA and other types of

689 views • 10 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and

Ohms Law in Data Centers: A Voltage Side Channel for Timing Power Attacks Mohammad A. Islam and Shaolei Ren UC Riverside Acknowledgement: This work was supported in part by the U.S. NSF under grants CNS-1551661 and ECCS-1610471. Cloud data

1.15k views • 75 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER

The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER

The Laravel Developer's The Laravel Developer's Guide to Vue SPAs Guide to Vue SPAs JESS ARCHER The BaseCode Podcast The BaseCode Podcast basecodefieldguide.com/podcast Social wish list and gift reminders Social wish list and gift reminders

1.05k views • 92 slides
Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University

Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University

Political Finance and its Impact on Public Policy and Decision Making ProcessesHow to Mitigate the Risks of Capture: The U.S. Case James A. Thurber Director and University Professor Center for Congressional and Presidential Studies

621 views • 37 slides
Motivation VM VM VM VM VMM 2 15-02-02 The Storage Performance Analyzer (SPA) Motivation

Motivation VM VM VM VM VMM 2 15-02-02 The Storage Performance Analyzer (SPA) Motivation

Storage Performance Analyzer (SPA) Measuring, Monitoring, and Modeling of I/O Performance in Virtualized Environments Feb 2, 2015 Qais Noorshams, Axel Busch , Samuel Kounev, Ralf Reussner Austin, Texas, USA SOFTWARE DESIGN AND QUALITY GROUP

569 views • 12 slides
Spa$o-Textual Similarity Joins Panagio$s Bouros 1,2 , Shen Ge 1 ,

Spa$o-Textual Similarity Joins Panagio$s Bouros 1,2 , Shen Ge 1 ,

Spa$o-Textual Similarity Joins Panagio$s Bouros 1,2 , Shen Ge 1 , Nikos Mamoulis 1 1 University of Hong Kong 2 Humboldt-Universitt zu Berlin 39 th Interna$onal

724 views • 37 slides
SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas

SPA resistant Exponentiation based on Bruns GCD algorithm Val erie Berth e , Thomas Plantard Paris Diderot Universit e, University of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au 2019 Berthe, Plantard (IRIF,

1.16k views • 69 slides
LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent

LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent

2/12/16 There are so LESSON BJECTIVE many scams on the Students explore Internet right now. ways to prevent Send me $9.95 and iden%ty the* and I will tell you what avoid becoming a to watch out for! financial scam vic;m. 1 2/12/16

476 views • 10 slides
SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda

SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda

SPA workshop SPA workshop with Django and AngularJS with Django and AngularJS Agenda Agenda 1. Intro 2. Coding 3. Summary Intro Intro Broken code #1 Broken code #1 &lt;script&gt; {% if user.is_authenticated %} var USER = {

638 views • 28 slides
Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives

Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives

Staying Well and Engaged After Graduation Part 4 of Preparing for Civically Engaged Lives Bonner 8 Themes Curriculum Do you have adequate professional self-care? 1 4 7 Why Dont You Take Care of Yourself? Caring for myself is

372 views • 14 slides

More recommend