seminar 6 side channel attacks
play

Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University - PowerPoint PPT Presentation

Nov 03, 2023 •203 likes •382 views

MTAT.07.006 Research Seminar in Cryptography Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University aivanov@math.ut.ee MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 1

  1. MTAT.07.006 Research Seminar in Cryptography Seminar 6: Side-Channel Attacks Aleksei Ivanov Tartu University aivanov@math.ut.ee MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 1

  2. Overview of the Lecture • Types of Information Leakage • Attacks • Countermeasures MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 2

  3. Types of information leakage • Execution time leakage • Power consumption leakage • Electromagnetic radiation leakage • Error message leakage • Combining side-channels MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 3

  4. Types of attacks • Passive attacks Attacker eavesdrops on some side-channel information, which is analysed afterwords to reveal some secret information • Active attacks Attacker takes active part in the attack: assuming the attacker is able to deviate the device from its normal behaviour, and tries to gain addi- tional information by analysing its reactions MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 4

  5. Timing Attacks • Cryptanalysis of a Simple Modular Exponentiator • Montgomery Multiplication and the CRT MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 5

  6. Simple Modular Exponentiator • R = y x mod n • known values to the attacher y, n , computation time • x stays the same (unknown to the attacker) • attacker knows the design of the target system (information can be obtained via observing system behaviour) • attack can be done passively listening on a channel MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 6

  7. Montgomery Multiplication and the CRT mod n makes usually the most difference in time (Montgomey elim- • inates the operation) • Chinese Reminder Theorem (CRT) is often used for optimization • y mod p and y mod q are computed first • if y < p then no operation, else some operations might be done and the time differs MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 7

  8. Power Consumption Attacks • Simple Power Analysis (SPA) • Differential Power Analysis (DPA) MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 8

  9. Simple Power Analysis (SPA) • power consumed varies on microprocessor instruction being executed • only visual analysis MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 9

  10. Differential Power Analysis (DPA) • consists of visual, statistical and error-correction statistical analysis (also noise filtering) • little or no information is needed about the target implementation • attacker observes n encryption operations and records k power sam- ples and cipher text for each (no plain text is needed). • it is possible to find DES keys in less than 15 traces for most smart cards MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 10

  11. Fault Attacks • Spike Attacks • Glitch Attacks • Optical Attacks • Differential Fault Analysis(DFA) MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 11

  12. Countermeasures • General data-independent calculations • Blinding • Avoiding conditional branching and secret intermediates • Licensing modified algorithms MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 12

  13. Countermeasures against timing attacks • Adding delays • Time equalization of multiplication and squaring • Making every computation take fixed amount of time • Making every operation constant time • Making entire transaction fixed-time MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 13

  14. Countermeasures against power analysis attacks • Power consumption balancing • Reduction of signal size • Adding noise • Shielding • Modification of the algorithms design MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 14

  15. Countermeasures against fault attacks • Running the encryption twice • Checking the output • Randomization MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 15

  16. Conclusion • Smart cards are in most danger of side channel attacks • Servers are easier to protect against side channel attacks • The subject needs more research MTAT.07.006 Research Seminar in Cryptography, 24.10.2005 Seminar 6: Side-Channel Attacks, Aleksei Ivanov 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&amp;P), 2019 (Dustin)

726 views • 44 slides
Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

1.55k views • 111 slides
Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security

Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security

Side-Channel &amp; Fault Attacks Ruggero Susella System Research &amp; Applications Security Rodmap STMicroelectronics 2018/12/06 2 ST Who are we ? STMicroelectronics 3 A global semiconductor leader 2017 revenues of $8.35B

1.32k views • 107 slides
Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research

Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research

Partial Key Exposure: Generalized Framework to Attack RSA Santanu Sarkar Cryptology Research Group Indian Statistical Institute, Kolkata 12 December 2011 Santanu Sarkar Partial Key Exposure: Generalized Framework to Attack RSA Outline of the

478 views • 24 slides
Concurrent Fault Detection for Secure QDI Asynchronous Circuits Konrad J. Kulikowski, Mark G.

Concurrent Fault Detection for Secure QDI Asynchronous Circuits Konrad J. Kulikowski, Mark G.

Concurrent Fault Detection for Secure QDI Asynchronous Circuits Konrad J. Kulikowski, Mark G. Karpovsky, Alexander Taubin, Zhen Wang, Adrian Kulikowski Boston University Reliable Computing Laboratory 6/27/2008 Outline Side Channel

293 views • 18 slides
Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information Security Agency) Saturday, December 20 th , 2014 Introduction| Side Channel Attacks (SCA)| Fault Attacks (FA)| Combined Attacks| Protections|

817 views • 71 slides
Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt,

Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt,

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI &amp; Security Contact-based Fault Injections and Power Analysis on RFID Tags Michael Hutter, Jrn-Marc Schmidt, Thomas Plos ECCTD 2009 Institute for Applied

514 views • 16 slides
Differentially-Private Network Trace Analysis Frank McSherry and Ratul Mahajan Microsoft

Differentially-Private Network Trace Analysis Frank McSherry and Ratul Mahajan Microsoft

Differentially-Private Network Trace Analysis Frank McSherry and Ratul Mahajan Microsoft Research Overview . 1 Overview Question : Is it possible to conduct network trace analyses in a way that provides strict formal differential

496 views • 20 slides
How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron

How Earthquake Risk Depends on the Closeness to a Fault: Symmetry-Based Geometric Analysis Aaron Velasco 1 , Solymar Ayala Cortez 1 Olga Kosheleva 2 , and Vladik Kreinovich 3 1 Department of Geological Sciences 2 Department of Teacher Education 3

562 views • 23 slides
SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 ,

Motivations Design of SPAE Security of the scheme Performances SPAE A Single Pass Authenticated Encryption scheme Philippe Elbaz-Vincent 1 , Cyril Hugounenq 1 , Sbastien Riou 2 1 Univ. Grenoble Alpes / Institut Fourier,

519 views • 27 slides

More recommend