introduction to physical attacks
play

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC - PowerPoint PPT Presentation

Dec 12, 2023 •415 likes •993 views

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018 Summary Introduction Side Channel Attacks Fault Injection Attacks Conclusion and References Arnaud Tisserand. CNRS Lab-STICC. Introduction

  1. Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018

  2. Summary • Introduction • Side Channel Attacks • Fault Injection Attacks • Conclusion and References Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 2/24

  3. Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage, RFID tags, WSN, smart grids. . . Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 3/24

  4. Attacks attack Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  5. Attacks observation attack perturbation invasive Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  6. Attacks timing analysis power analysis EMR analysis observation attack perturbation fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  7. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  8. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering advanced algorithms probing optimized programming EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  9. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 5/24

  10. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) “Old style” side channel attacks : + good value clic clac bad value Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 5/24

  11. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 6/24

  12. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k measure attack k , M ??? E General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 6/24

  13. What Should be Measured? Answer : everything that can “enter” and/or “get out” in/from the device • power consumption • electromagnetic radiation • temperature • sound • computation time • number of cache misses • number and type of error messages • ... The measured parameters may provide informations on: • global behavior (temperature, power, sound...) • local behavior (EMR, # cache misses...) Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 7/24

  14. Power Consumption Analysis General principle: 1. measure the current i ( t ) in the cryptosystem 2. use those measurements to “deduce” secret informations crypto. secret key = 962571. . . i ( t ) R V DD Crypto/server-dell traces Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 8/24

  15. Differences & External Signature An algorithm : r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  16. Differences & External Signature An algorithm has a current signature : r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 I t 1 2 3 4 5 6 7 8 i I + I × a i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  17. Differences & External Signature An algorithm has a current signature and a time signature: r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 T t T + T × I t 1 2 3 4 5 6 7 8 i I + I × a i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  18. Simple Power Analysis (SPA) Source: [2] Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 10/24

  19. Simple Power Analysis (SPA) Source: [2] Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 10/24

  20. SPA on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  21. SPA on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  22. SPA on ECC protocol level DBL DBL DBL DBL DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  23. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  24. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc 0 0 0 1 1 0 [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) • simple power analysis (& variants) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  25. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc 0 0 0 1 1 0 [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) • simple power analysis (& variants) field level . . . x ± y x × y • differential power analysis (& variants) • horizontal/vertical/templates/. . . attacks Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  26. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  27. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  28. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  29. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Answer : use statistics over several traces Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  30. Differential Power Analysis (DPA) cryptosystem Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  31. Differential Power Analysis (DPA) cryptosystem internal state Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  32. Differential Power Analysis (DPA) cryptosystem internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  33. Differential Power Analysis (DPA) cryptosystem implementation internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  34. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  35. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Introduction to Physical Attacks Application to Secret Specifications Algorithms

An Introduction to Physical Attacks Application to Secret Specifications Algorithms

An Introduction to Physical Attacks Application to Secret Specifications Algorithms Christophe Clavier GEMALTO Security Labs SSTIC Rennes May 30, 2007 Christophe Clavier SSTIC 07 Rennes Physical Attacks Against

708 views • 23 slides
Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon RASTIKIAN Arnaud TISSERAND 2 = 3 PLAN Introduction Elliptic Curve Cryptography Side Channel Attacks

473 views • 33 slides
Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP Lyon, 2018.11.09 Summary Introduction Physical Attacks Arithmetic Circuits Protections Conclusion and References Arnaud

594 views • 46 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information Security Agency) Saturday, December 20 th , 2014 Introduction| Side Channel Attacks (SCA)| Fault Attacks (FA)| Combined Attacks| Protections|

817 views • 71 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo Why do Physical-space Threats Concern for SmartPhones? Why do Physical-space Threats

318 views • 31 slides
Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems (ICCPS 2019) Nicola Paoletti Royal Holloway, University of London Joint work with: Scott A Smolka, Shan Lin,

406 views • 36 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Cheap & Cheerful A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and Cryptographic Engineering (PACE), Nanyang Technological University, Singapore SPACE 2016,

667 views • 31 slides
Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks Devendra Shelar and Saurabh Amin Massachusetts Institute of Technology INFORMS November 15 th , 2016 Vulnerable Electricity Networks: Key issues Two

391 views • 7 slides
M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas Svetla Nikova, Ventzislav Nikov, Vincent Rijmen B ACK TO THE 90 S Differential Power Analysis (DPA) Paul Kocher et al. 1999 [KJJ99]

322 views • 28 slides
CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor Arribas, Begul Bilgin, Svetla Nikova, Venzi Nikov, Nigel Smart COSIC KU Leuven University of Bristol NXP Semiconductors Problem statement 2 (Johann

563 views • 37 slides
Gossipping in Bologna Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA

Gossipping in Bologna Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA

Gossipping in Bologna Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Background 2003: Mrk Jelasity brings the gossipping gospel to Bologna from Amsterdam 2003-2006: We get good milage from gossipping in the

596 views • 47 slides
L ECTURE 14: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 T EACHER : G IANNI A. D I C ARO R EGULAR

L ECTURE 14: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 T EACHER : G IANNI A. D I C ARO R EGULAR

15-382 C OLLECTIVE I NTELLIGENCE S19 L ECTURE 14: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 T EACHER : G IANNI A. D I C ARO R EGULAR BEHAVIOR , PERIODIC ATTRACTORS 2 R EGULAR BEHAVIOR , PERIODIC ATTRACTORS 3 T RANSITION TO CHAOTIC BEHAVIOR 4 C

354 views • 19 slides
L ECTURE 11: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 I NSTRUCTOR : G IANNI A. D I C ARO O CCURRENCE

L ECTURE 11: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 I NSTRUCTOR : G IANNI A. D I C ARO O CCURRENCE

15-382 C OLLECTIVE I NTELLIGENCE S18 L ECTURE 11: D ISCRETE -T IME D YNAMICAL S YSTEMS 2 I NSTRUCTOR : G IANNI A. D I C ARO O CCURRENCE OF PERIODIC WINDOWS FOR > # At # = 3.57 the map becomes chaotic and the

373 views • 14 slides
Making global water efforts disability inclusive 29 August 2018, World Water Week Disabling

Making global water efforts disability inclusive 29 August 2018, World Water Week Disabling

One Billion Left Behind: Making global water efforts disability inclusive 29 August 2018, World Water Week Disabling Menstrual Barriers Research Project Kavre district, Nepal Jane Wilbur (Principle Investigator) Chelsea Huggett (Technical

606 views • 11 slides
MTN-020 Data Communiqu #8 May 10, 2013 AE and GAE Log CRF Revisions The AE-1 and GAE-1 Log

MTN-020 Data Communiqu #8 May 10, 2013 AE and GAE Log CRF Revisions The AE-1 and GAE-1 Log

MTN-020 Data Communiqu #8 May 10, 2013 AE and GAE Log CRF Revisions The AE-1 and GAE-1 Log CRF have been revised for sites to include a rationale for adverse events related to study product. SCHARP will follow-up for needed form

227 views • 6 slides
Hajj Webinar Womens Issues Academy for Learning Islam August 2014 When is Hajj obligatory on

Hajj Webinar Womens Issues Academy for Learning Islam August 2014 When is Hajj obligatory on

Hajj Webinar Womens Issues Academy for Learning Islam August 2014 When is Hajj obligatory on a woman? - When she has enough financial resources of her own (including jewels she can sell, her mahr, and her inheritance) - If someone offers

237 views • 9 slides
12 Synchronization and control Henk Nijmeijer, Henri Huijberts, Sasha Pogromsky Eindhoven

12 Synchronization and control Henk Nijmeijer, Henri Huijberts, Sasha Pogromsky Eindhoven

12 Synchronization and control Henk Nijmeijer, Henri Huijberts, Sasha Pogromsky Eindhoven University of Technology, University of London Cooperation with: Ilya Blekhman, Sasha Fradkov Alejandro Rodriguez-Angeles, Torsten Lilge, Iven Mareels,

719 views • 39 slides
Annual Report 2016/17 ANNUAL REPORT 2016 - 2017 Contents 6 Achievements 2016/17 7 About

Annual Report 2016/17 ANNUAL REPORT 2016 - 2017 Contents 6 Achievements 2016/17 7 About

Annual Report 2016/17 ANNUAL REPORT 2016 - 2017 Contents 6 Achievements 2016/17 7 About the ICC 8 About our Partners 10 Executive Summary 12 Supporting Students 14 Match Studio 16 Supporting Startups 18 ICC Supported

493 views • 21 slides

More recommend