Overview of Countermeasures against Implementation Attacks Marcel - - PowerPoint PPT Presentation

overview of countermeasures against implementation attacks
SMART_READER_LITE
LIVE PREVIEW

Overview of Countermeasures against Implementation Attacks Marcel - - PowerPoint PPT Presentation

Oct 11, 2022 372 likes •791 views

Overview of Countermeasures against Implementation Attacks Marcel Medwed UCL Crypto Group Marcel.medwed@uclouvain.be Design and Security of Cryptographic Algorithms and Devices 1 Albena, May 2011 Outline 1. Motivation & general

slide-1
SLIDE 1

Overview of Countermeasures against Implementation Attacks

Design and Security of Cryptographic Algorithms and Devices 1 Albena, May 2011

Marcel Medwed UCL Crypto Group Marcel.medwed@uclouvain.be

slide-2
SLIDE 2

Outline

  • 1. Motivation & general mechanisms
  • 2. Side-channel countermeasures
  • 3. Fault countermeasures
  • 4. Conclusions

Design and Security of Cryptographic Algorithms and Devices 2 Albena, May 2011

slide-3
SLIDE 3

Motivation

Design and Security of Cryptographic Algorithms and Devices 3 Albena, May 2011

  • Sensitive applications

require certification

– Pay TV, Banking,... – Standard portfolio of attacks

  • SCA
  • Fault analysis, probing
  • Cost security tradeoff
slide-4
SLIDE 4

General Mechanisms

Design and Security of Cryptographic Algorithms and Devices 4 Albena, May 2011

c = Ek(m)

Timing Shielding Detection Low SNR Faults Constant Limit measurements Probing Instantaneous Leakage

m1 m2 ... ... mn

Independence

slide-5
SLIDE 5

Side-Channel Countermeasures

  • 1. Data independent timing
  • 2. Hiding
  • 3. Masking
  • 4. Regular key updates

Design and Security of Cryptographic Algorithms and Devices 5 Albena, May 2011

slide-6
SLIDE 6

[ [

  • Data dependent

branches

– Reduction, Compiler  Use regular algorithms  Use assembly code

  • Architectural features

– e.g. ARM7 multiplier

  • time(0xFFFF*Op2) > time(0xFF*Op2)

Data Independent Timing

Design and Security of Cryptographic Algorithms and Devices 6 Albena, May 2011

slide-7
SLIDE 7
  • Leakage trace

– Vector of t leakage samples

  • Sensitive variable v

– Depends on key and input 

  • Observe noisy function of v

– For some i, – E.g. L = Hamming weight

Instantaneous Leakage

Design and Security of Cryptographic Algorithms and Devices 7 Albena, May 2011

slide-8
SLIDE 8

Hiding

  • In each clock cycle, consume either

– (close to) random power  increase n – (close to) constant power  L(v) ~ const.

  • Hiding only decreases the SNR
  • Hiding dimensions

– Time – Amplitude

Design and Security of Cryptographic Algorithms and Devices 8 Albena, May 2011

slide-9
SLIDE 9

S3

S4 S1 S2

Hiding in Software I

  • Time

– Insertion of dummy operations – Shuffling

Design and Security of Cryptographic Algorithms and Devices 9 Albena, May 2011

S1

S2 S3 S4

S3 D

D S4 S1 D D S2

S1

S2 S3 S4

S1

S2 S3 S4

S1

S2 S3 S4 D D S2 S4

S3 D

S4 D S1 D D S2

S3 D

D S4

S3

S4 S1 D D S2

D

D time

  • bservations
slide-10
SLIDE 10

Hiding in Software II

Design and Security of Cryptographic Algorithms and Devices 10 Albena, May 2011

– Effect of time randomization with n positions

  • Sample from with probability 1/n

– Integration over all n positions

  • Noise increases linearly
  • Correlation ~ n -1/2
slide-11
SLIDE 11

Hiding in Software III

  • Amplitude

– Peripheral activity

  • ADCs
  • Co-processors

– Memory addresses

  • of dummy registers
  • of key dependent registers

– Random precharge of bus

  • Pure HD leakage?

Design and Security of Cryptographic Algorithms and Devices 11 Albena, May 2011

slide-12
SLIDE 12

Hiding in Hardware I

  • Time

– Dummy instructions – Shuffling – Random jitters – Change clock frequency – Multiple clock domains

Design and Security of Cryptographic Algorithms and Devices 12 Albena, May 2011

slide-13
SLIDE 13

Hiding in Hardware II

  • Amplitude

– Filters

  • Switching capacitors
  • Constant drain circuits

– Noise generation engines – Parallelization – Pipelining / Unrolling – Dynamic reconfiguration (FPGAs)

Design and Security of Cryptographic Algorithms and Devices 13 Albena, May 2011

slide-14
SLIDE 14

Hiding at Cell Level

  • Dual-rail precharge logic styles

Design and Security of Cryptographic Algorithms and Devices 14 Albena, May 2011

Trans. l 00 01 1 10 1 11 Trans. l 1000 1 0100 1 0010 1 0001 1

Single Rail

a b q

Dual Rail

a ¬a b ¬b q ¬q

slide-15
SLIDE 15

Conclusions for Hiding

  • Decrease the SNR

– Increase noise – Decrease signal

  • Only minor changes to the algorithms
  • Check local SNRs
  • Noise is essential for masking!

Design and Security of Cryptographic Algorithms and Devices 15 Albena, May 2011

slide-16
SLIDE 16

Masking

  • Randomized redundant representation

  • nth-order masking

– All n-1 intermediate variables are independent of v – Adversary needs to

  • identify n leakage samples
  • and combine their information
  • Challenge

– Usually achieving is not straightforward

Design and Security of Cryptographic Algorithms and Devices 16 Albena, May 2011

slide-17
SLIDE 17

Masking Few Bits I

  • Assume little structure (e.g. block cipher)

– Boolean masking

  • Alternatively

– Multiplicative masking (zero-value problem)

  • – Affine Masking
  • Design and Security of Cryptographic Algorithms and Devices

17 Albena, May 2011

slide-18
SLIDE 18

Masking Few Bits II

  • Marginal PDFs are independent  joint PDF

WH(v)=0 WH(v) = 4

  • Effect

– k shares, sufficient noise – Number of traces relates to – Combination results in additional loss

Design and Security of Cryptographic Algorithms and Devices 18 Albena, May 2011

WH(v1) WH(v2) WH(v1) WH(v2)

slide-19
SLIDE 19

Masking Few Bits III

Design and Security of Cryptographic Algorithms and Devices 19 Albena, May 2011

Only masking Only shuffling Combined

slide-20
SLIDE 20
  • First-order masking

 Lookup tables

  • Higher order masking

– Secure table computation for 2nd order masking – Test all subsets!

  • Check Hamming distance

– Buses, registers,...

Masking in Software I

Design and Security of Cryptographic Algorithms and Devices 20 Albena, May 2011

slide-21
SLIDE 21

Masking in Software II

  • Rivain and Prouff – CHES10

– Provable secure masking for AES with arbitrary

  • rder

– Based on Private Circuits

  • Cycle counts for a masked AES

– Pay for security directly in execution time

Design and Security of Cryptographic Algorithms and Devices 21 Albena, May 2011

Masking order AES cycles w/o masking 2 000 1 10 000 2 271 000 3 470 000

slide-22
SLIDE 22

Masking in Hardware I

  • Unclear what synthesizer does

– Unintentional unmasking – Unintentional combination function

  • Data dependent glitches

Design and Security of Cryptographic Algorithms and Devices 22 Albena, May 2011

Masked S-box

vm m S(v)m‘ m‘

slide-23
SLIDE 23

Masking in Hardware II

  • Nikova et al. – Threshold implementation

– Independent processing of subset of shares

  • If shares processed in parallel

– Univariate leakage – But still higher order attack

Design and Security of Cryptographic Algorithms and Devices 23 Albena, May 2011

f1

v1 v2 v3

f2 f3 f4

y1 y2 y3

f5 f6

z1 z2 z3

slide-24
SLIDE 24

Masked Logic Styles

  • Remove requirement for balanced routing

– Average power consumption is constant (in theory) – E.g. MDPL NAND gate

Design and Security of Cryptographic Algorithms and Devices 24 Albena, May 2011

SR MAJ

am bm m q

SR MAJ

¬am ¬bm ¬m ¬q am bm m ¬am ¬bm ¬m q ¬q 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

slide-25
SLIDE 25

Exploiting Algebraic Structures

  • Scalar blinding
  • Message blinding
  • Embeddings

Design and Security of Cryptographic Algorithms and Devices 25 Albena, May 2011

slide-26
SLIDE 26

Using Inherent Redundancy

  • ECC point projection

– Originally to avoid inversions – Free randomization

Design and Security of Cryptographic Algorithms and Devices 26 Albena, May 2011

slide-27
SLIDE 27

Conclusions for Masking

  • Take care of

– Unintentional unmasking – Glitches – Lower order leakages

  • For small mask widths

– PDFs can be estimated – But exponential increase in data complexity

  • For large mask widths (PKC)

– Inexpensive and very effective

Design and Security of Cryptographic Algorithms and Devices 27 Albena, May 2011

slide-28
SLIDE 28

Key / Message Transformations

  • Sequential key update

– E.g. with hash function

  • Indexed key update

– Use invertible function

  • Parallel key update

– Easy to protect key update function

  • Leakage resilient cryptography
  • Message transformation

– Also apply to ciphertext

Design and Security of Cryptographic Algorithms and Devices 28 Albena, May 2011

slide-29
SLIDE 29

Evaluating Countermeasures

  • Correlation attacks might overestimate the

security

  • Compute mutual information between

leakage and sensitive variable

  • Attacks might become too sophisticated

– lower bound moves far away from real security

Design and Security of Cryptographic Algorithms and Devices 29 Albena, May 2011

slide-30
SLIDE 30

Invasive-Attack Countermeasures

  • Fault injection prevention
  • Error detection

Design and Security of Cryptographic Algorithms and Devices 30 Albena, May 2011

www.coders4fun.com

C = f(A,B) D = f(A,B) If (C != D) then errorHandling(); EndIf;

ADD XOR AND CMP

slide-31
SLIDE 31

Protecting All Points-of-Attack

  • Crypto

– Data integrity

  • OS level

– Self-check – Redundant state machines

  • Hardware level

– Prevent physical access – Increase cost for physical access – Filter fault sources

Design and Security of Cryptographic Algorithms and Devices 31 Albena, May 2011

slide-32
SLIDE 32

Active-Attack Prevention

  • Shields
  • Sensors (e.g. light)
  • Filter power line
  • On-chip generation of clock signal
  • Limit number of operations
  • Burry sensitive parts

Design and Security of Cryptographic Algorithms and Devices 32 Albena, May 2011

slide-33
SLIDE 33

General Countermeasures

  • Time redundancy
  • Space redundancy
  • Loop invariants
  • CRC sums
  • MMU constraints
  • Encrypted memory / Bus scrambling

Design and Security of Cryptographic Algorithms and Devices 33 Albena, May 2011

slide-34
SLIDE 34

Countermeasures for SKC

  • Inverse
  • S-box with parities
  • Operate on error detection codes
  • Code properties might not hold for the whole algorithm!

Design and Security of Cryptographic Algorithms and Devices 34 Albena, May 2011

slide-35
SLIDE 35

Countermeasures for SKC II

  • Digest values in Software

– Find robust protection for each operation – Overlap them

  • Key update

– Frequency!

  • Probabilistic encryption

– Decryption!

Design and Security of Cryptographic Algorithms and Devices 35 Albena, May 2011

slide-36
SLIDE 36

Countermeasures for PKC

  • Inverse computation
  • Ring extensions / embeddings
  • Point integrity check (ECC)
  • Algorithmic invariants  Montgomery ladder
  • Output insufficient or useless information

– ECDSA – Infective computation

Design and Security of Cryptographic Algorithms and Devices 36 Albena, May 2011

slide-37
SLIDE 37

Using Cell Level Redundancy

  • Logic styles

– Precharge values as invalid states – Potentially trigger a precharge wave

Design and Security of Cryptographic Algorithms and Devices 37 Albena, May 2011

Enc(v) V 10 1 01 00 X 11 X

Dual Rail

a ¬a b ¬b q ¬q

slide-38
SLIDE 38

Conclusions

  • Timing

– Simple to handle

  • SCA

– Effects are (mostly) well studied – Information theoretic analysis of countermeasures

  • FA

– Crypto might be the last element in the chain – What is a reasonable adversary? – Detection probability vs. correctness check!

Design and Security of Cryptographic Algorithms and Devices 38 Albena, May 2011

slide-39
SLIDE 39

Overview of Countermeasures against Implementation Attacks

Design and Security of Cryptographic Algorithms and Devices 39 Albena, May 2011

Marcel Medwed UCL Crypto Group Marcel.medwed@uclouvain.be

slide-40
SLIDE 40

Further Reading

  • S. Mangard, E. Oswald, T. Popp – “Power Analysis Attacks -

Revealing the Secrets of Smartcards”

  • W. Rankl, W. Effing – “Smart Card Handbook”
  • M. Joye, M. Tunstall – “Fault Analysis in Cryptography” – to appear
  • S. Nikova et al. – “Secure Hardware Implementation of Nonlinear

Functions in the Presence of Glitches”

  • M. Rivain, E. Prouff – “Provably Secure Higher-Order Masking of

AES”

  • F.-X. Standaert et al. – “The World is Not Enough: Another Look on

Second-Order DPA”

Design and Security of Cryptographic Algorithms and Devices 40 Albena, May 2011