randomness as countermeasures against side channel attacks
play

Randomness as countermeasures against Side Channel Attacks Nadia El - PowerPoint PPT Presentation

May 07, 2023 •525 likes •900 views

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

  1. Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH’2019, April 17, 2019

  2. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Presentation given here Randomness and SCA Nadia El Mrabet 1 / 24

  3. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life What could be vulnerable ? Randomness and SCA Nadia El Mrabet 2 / 24

  4. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life Existing attacks Randomness and SCA Nadia El Mrabet 3 / 24

  5. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life Existing attacks Randomness and SCA Nadia El Mrabet 4 / 24

  6. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life ◮ Industrials are building teams to protect their product (Apple, Google, Wawai...) Randomness and SCA Nadia El Mrabet 5 / 24

  7. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Attacks on Device Randomness and SCA Nadia El Mrabet 6 / 24

  8. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – High level explanation of SCA Randomness and SCA Nadia El Mrabet 7 / 24

  9. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – Selection according to guesses on the key Randomness and SCA Nadia El Mrabet 8 / 24

  10. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – Real curve attack Randomness and SCA Nadia El Mrabet 9 / 24

  11. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The Countermeasures ◮ Physical Randomness and SCA Nadia El Mrabet 10 / 24

  12. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The Countermeasures ◮ Physical ◮ Algorithmic ◮ Arithmetical Randomness and SCA Nadia El Mrabet 10 / 24

  13. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Physical countermeasures Duplication of the circuit Dual rail technology Randomness and SCA Nadia El Mrabet 11 / 24

  14. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Physical countermeasures Protection of the circuit Shield Randomisation of the circuit Randomness and SCA Nadia El Mrabet 12 / 24

  15. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Double and add algorithm Data: r = ( r N . . . r 0 ) 2 , P ∈ E Result: rP T ← P ; for i = N − 1 to 0 do T ← [ 2 ] T ; if r i = 1 then T ← T + P ; end end return T = [ r ] P Figure – SPA Algorithm 1: Double and add Randomness and SCA Nadia El Mrabet 13 / 24

  16. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T ← P ; for i = N − 1 to 0 do T ← 2 T ; if r i = 1 then T ← T + P ; else U ← T + P ; end return T = rP Algorithm 2: Double and add always Randomness and SCA Nadia El Mrabet 14 / 24

  17. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T ← P ; for i = N − 1 to 0 do T ← 2 T ; if r i = 1 then T ← T + P ; else U ← T + P ; end return T = rP Algorithm 4: Double and add always FAULT ATTACK STRIKES Randomness and SCA Nadia El Mrabet 14 / 24

  18. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T 0 ← P , T 1 ← 2 P ; T ← P ; for i = N − 1 to 0 do for i = N − 1 to 0 do if r i = 1 then T ← 2 T ; T 0 ← T 0 + T 1 , T 1 ← 2 T 1 if r i = 1 then else T ← T + P ; T 1 ← T 0 + T 1 , T 0 ← 2 T 0 else U ← T + P ; end end end return T = rP return T 0 Algorithm 6: Double and add Montgomery Algorithm 7: always ladder FAULT ATTACK STRIKES Randomness and SCA Nadia El Mrabet 14 / 24

  19. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures The Montgomery ladder is not sufficient ◮ Goubin’s attack : uses a special point (several variants, same method). ◮ Walter’s attack : uses leakage from the conditional branch. ◮ Correlation collision attack (vertical and horizontal). Template, deep learning attacks... Generic protection ◮ Constant time implementation : necessary but not sufficient. ◮ The less conditional branches is the better. Randomness and SCA Nadia El Mrabet 15 / 24

  20. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Behind Montgomery ladder ◮ Joye’s double-add ◮ Add-Only ◮ Square Only (Remember Thomas presentation) ◮ Zero-less signed digit expansion ◮ Atomic block Randomness and SCA Nadia El Mrabet 16 / 24

  21. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Behind Montgomery ladder ◮ Joye’s double-add [ Still safe ] ◮ Add-Only [ Correlation collision attacks ] ◮ Square Only (Remember Thomas presentation) [ Correlation collision attacks ] ◮ Zero-less signed digit expansion [ Still safe ] ◮ Atomic block [ Horizontal correlation collision attacks ] Randomness and SCA Nadia El Mrabet 16 / 24

  22. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves ◮ Huff model, Hessian curves ◮ Jacobi curves Randomness and SCA Nadia El Mrabet 17 / 24

  23. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves [ Template attacks ] ◮ Huff model, Hessian curves ◮ Jacobi curves Randomness and SCA Nadia El Mrabet 17 / 24

  24. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves [ Template attacks ] ◮ Huff model, Hessian curves ◮ Jacobi curves ECC : representation of the points ◮ Unified formulaes for Weieirstrass ⇒ Goubin’s, Izu-Takagi’s attacks (special point) ⇒ Amiel et al’s attack : uses SCA to distinguish a S from a M ⇒ Horizontal attacks Randomness and SCA Nadia El Mrabet 17 / 24

  25. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure ◮ Exponentiation splitting ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP ◮ Regular representation of the scalar ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) ◮ Chevallier-Mames Self-Randomised Exponentiation Randomness and SCA Nadia El Mrabet 18 / 24

  26. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure [ Big attack ] ◮ Exponentiation splitting [ Big Mac attack ] ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP [ Still safe ] ◮ Regular representation of the scalar [ Correlation collision attacks ] ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) [ Big Mac attack ] ◮ Chevallier-Mames Self-Randomised Exponentiation [ Still safe ] Randomness and SCA Nadia El Mrabet 18 / 24

  27. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure [ Big attack ] ◮ Exponentiation splitting [ Big Mac attack ] ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP [ Still safe ] ◮ Regular representation of the scalar [ Correlation collision attacks ] ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) [ Big Mac attack ] ◮ Chevallier-Mames Self-Randomised Exponentiation [ Still safe ] ECC : A lot of counter measures, but much more attacks ! Randomness and SCA Nadia El Mrabet 18 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

Physical Attacks New Attacks on Classical Countermeasures Extended Countermeasures On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 , Thomas ROCHE 1 , Adrian THILLARD 1 1 ANSSI (French Network and

358 views • 25 slides
Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com Outline Motivation & general mechanisms Side-channel countermeasures Fault countermeasures Conclusions 2 Design and Security of

549 views • 40 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Introduction Countermeasures Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran

2.22k views • 189 slides
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures Dahmun Goudarzi, Matthieu Rivain, Srinivas Vivek, and Damien Vergnaud Background 2 Secure Software S-box Implementations Higher-Order

636 views • 25 slides
HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel Power Resistance for Encryption Algo- rithms using Dynamic Partial Reconfiguration or SPREAD As a countermeasure to DPA, CPA and other types of

689 views • 10 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

1.01k views • 55 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
Jan$Novk$$ Derek$Nowrouzezahrai$ Carsten$Dachsbacher$ Wojciech$Jarosz $

Jan$Novk$$ Derek$Nowrouzezahrai$ Carsten$Dachsbacher$ Wojciech$Jarosz $

Jan$Novk$$ Derek$Nowrouzezahrai$ Carsten$Dachsbacher$ Wojciech$Jarosz $ h$p://mev.fopf.mipt.ru" Diego"Gu<errez" Wojciech"Jarosz" 2" Surface$illumina=on$ Surface$Illumina=on$ Single$sca?ering$

691 views • 37 slides
An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve

An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve

An Analytical Model for Tim e-Driven Cache Attacks Kris Tiri Onur Ac imez Michael Neve Flemming Andersen Outline Motivation Cache attacks: origins, time-driven attack Strength of an implementation Analytical model of

685 views • 19 slides
SCA Tools 2.1.0 (Helios) Release Review Planned Review Date: June 11, 2010 Communication Channel:

SCA Tools 2.1.0 (Helios) Release Review Planned Review Date: June 11, 2010 Communication Channel:

SCA Tools 2.1.0 (Helios) Release Review Planned Review Date: June 11, 2010 Communication Channel: eclipse.stp.sca-tools forum Stphane Drapeau (Obeo) SCA Tools Overview The purpose of the Eclipse SCA Tools project is to develop a set of

465 views • 17 slides
fremfor sektortnkning! Katherine Richardson, Professor Leader, Sustainability Science Centre

fremfor sektortnkning! Katherine Richardson, Professor Leader, Sustainability Science Centre

Bredygtig organisationsstruktur fremmer system- fremfor sektortnkning! Katherine Richardson, Professor Leader, Sustainability Science Centre Professor Katherine Richardson www.sustainability.ku.dk Professor Katherine Richardson ,

600 views • 18 slides
Learning when to stop Ileana Buhan @ileanabuhan Our story.. 2020 2017 2005 1997 1941 2

Learning when to stop Ileana Buhan @ileanabuhan Our story.. 2020 2017 2005 1997 1941 2

Learning when to stop Ileana Buhan @ileanabuhan Our story.. 2020 2017 2005 1997 1941 2 Its 1941 3 Its 1997 4 Its 2005 5 SCA (non-profiled) AES(k) closed sample 6 SCA (non-profiled) AES(k) AES

633 views • 30 slides
The Evolu*on of Erup*ve Filaments at Great Distances Una Schneck Tim

The Evolu*on of Erup*ve Filaments at Great Distances Una Schneck Tim

The Evolu*on of Erup*ve Filaments at Great Distances Una Schneck Tim Howard Southwest Research Ins7tute July 29, 2015 Solar corona is the outer por7on

237 views • 21 slides
Multiscale Finite Elements Basic methodology and theory for periodic coefficients for second-order

Multiscale Finite Elements Basic methodology and theory for periodic coefficients for second-order

Multiscale Finite Elements Basic methodology and theory for periodic coefficients for second-order elliptic equations Markus Kollmann October 18th, 2011 Motivation Introduction to MsFEM Analysis in 2D Reducing boundary effects

335 views • 31 slides
Lecture 19: Motion Sparse stereo matching Indexing scenes Indexing scenes Tuesday, Nov

Lecture 19: Motion Sparse stereo matching Indexing scenes Indexing scenes Tuesday, Nov

11/20/2007 Review Problem set 3 Dense stereo matching Lecture 19: Motion Sparse stereo matching Indexing scenes Indexing scenes Tuesday, Nov 20 Sources of error in Effect of window size correspondences Low-contrast /

459 views • 10 slides

More recommend