Side-Channel Countermeasures Dissection and the Limits of Closed - - PowerPoint PPT Presentation
Introduction Countermeasures Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran¸ cois-Xavier Standaert CHES 2020, Online
Olivier Bronchain Side-Channel Countermeasures’ Dissection 1 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 2 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ?
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition ◮ Signal reduction
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition ◮ Signal reduction
◮ However it may not be enough to provide high protection
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition ◮ Signal reduction
◮ However it may not be enough to provide high protection
◮ Noise is not a parameter giving exponential security
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition ◮ Signal reduction
◮ However it may not be enough to provide high protection
◮ Noise is not a parameter giving exponential security
◮ Exploit ”noise amplification” based on mathematical analysis
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How to reach high security levels ? ◮ Side-channel attacks are a physical problem ◮ Let’s solve it based on physical solutions
◮ Noise addition ◮ Signal reduction
◮ However it may not be enough to provide high protection
◮ Noise is not a parameter giving exponential security
◮ Exploit ”noise amplification” based on mathematical analysis
◮ Requires additional hypothesis (e.g., independence for masking)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 3 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ?
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
◮ Closed approach
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
◮ Closed approach
◮ Evaluator gets restricted knowledge/control of the target
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
◮ Closed approach
◮ Evaluator gets restricted knowledge/control of the target
◮ Harder verification of physical assumptions
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
◮ Closed approach
◮ Evaluator gets restricted knowledge/control of the target
◮ Harder verification of physical assumptions ◮ In contradiction with Kerckhoff’s principle
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
What approaches exist in embedded security evaluation ? ◮ Open approach
◮ Evaluator gets all knowledge/control of the target
◮ Eased verification of physical assumptions
◮ More privileged in academic research (but no only)
◮ Closed approach
◮ Evaluator gets restricted knowledge/control of the target
◮ Harder verification of physical assumptions ◮ In contradiction with Kerckhoff’s principle
◮ In part encouraged by some certification practices (e.g., CC)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 4 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al., 2016)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al., 2019)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al., 2019) Once (huge) reverse engineering done, attacks are straightforward.
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al., 2019) Once (huge) reverse engineering done, attacks are straightforward. ◮ These examples are however not reflective of certified products
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al., 2019) Once (huge) reverse engineering done, attacks are straightforward. ◮ These examples are however not reflective of certified products ◮ We lack practically relevant examples of ”sound combinations of countermeasures”
Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !!
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Worst-case analysis in two phases:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Worst-case analysis in two phases:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 CurrentWorst-case analysis in two phases:
◮ Algorithm/Implementation knowledge
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 CurrentWorst-case analysis in two phases:
◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 Currentx=0x00 x=0x0f x=0xff
Worst-case analysis in two phases:
◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 Currentx=0x00 x=0x0f x=0xff
Worst-case analysis in two phases:
◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 Currentx=0x00 x=0x0f x=0xff
Worst-case analysis in two phases:
◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness)
◮ Extract information from leakage
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
k0 k1 . . . k15 p0 p1 p15 Sbox Sbox Sbox x0 x1 x15 Linear Layer
15 20 25 30 35 40 45 time 2000 1000 1000 2000 3000 4000 5000 Currentx=0x00 x=0x0f x=0xff
Worst-case analysis in two phases:
◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness)
◮ Extract information from leakage ◮ Processing for secret recovery
Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 8 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra ◮ Requires alternative Sbox table pre-computation
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra ◮ Requires alternative Sbox table pre-computation
◮ Shuffled execution
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra ◮ Requires alternative Sbox table pre-computation
◮ Shuffled execution
◮ One permutation for the 16 Sboxes
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra ◮ Requires alternative Sbox table pre-computation
◮ Shuffled execution
◮ One permutation for the 16 Sboxes ◮ Another permutation for the 4 MixColumns
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
At a high level: ◮ Affine masking on bytes
◮ Multiplicative mask rm (same for all the 16-bytes) ◮ Additive mask ra ◮ Requires alternative Sbox table pre-computation
◮ Shuffled execution
◮ One permutation for the 16 Sboxes ◮ Another permutation for the 4 MixColumns ◮ Both are pre-computed
Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
rm, rin, rout
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns Multiplicative Pre-Computation
rm, rin, rout Sbox′
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns Multiplicative Pre-Computation
rm, rin, rout Sbox′ seed1 seed2 seed′
1
seed′
2
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Template
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Template
Optimal but rapidly
reach:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Template
Optimal but rapidly
reach: ◮ One template per randomness combination
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Template
Optimal but rapidly
reach: ◮ One template per randomness combination ◮ Sum over all the possible randomness
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as
f[ l|x] ∝
rm
l|rm, ra, c, o1, o2]
Template
Optimal but rapidly
reach: ◮ One template per randomness combination ◮ Sum over all the possible randomness = ⇒ Hypotheses needed
Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect
◮ Reduce it to a small factor, ideally of 1.
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect
◮ Reduce it to a small factor, ideally of 1.
◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares)
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect
◮ Reduce it to a small factor, ideally of 1.
◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares)
◮ ց attack time complexity because terms are removed
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Assuming ⊥ leakages on secret:
f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect
◮ Reduce it to a small factor, ideally of 1.
◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares)
◮ ց attack time complexity because terms are removed ◮ ց number of templates because not joint on all randomness
Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 13 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz
Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz
Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz
Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz
How to extract information in ?
Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 23000
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2PCA Training
3000
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2PCA Training PCA
3000 3000
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3 3000
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3 3000
f [ lo1|o1 = 0]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 0.00 0.05 0.10SNR
seed′ 1 seed′ 2PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3 3000
f [ lo1|o1 = 0] f [ lo1|o1 = 1]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training
3000
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Pr[o1 = 0| lo1] Pr[o1 = 1| lo1]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Pr[o1 = 0| lo1] Pr[o1 = 1| lo1] f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Pr[o1 = 0| lo1] Pr[o1 = 1| lo1] f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Pr[o1 = 0| lo1] Pr[o1 = 1| lo1] f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
98%
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
time[s]
×10−3 −0.01 0.00 0.01 0.02 0.03Signal[mV ]
PCA Training PCA
3000
−10 −5 5 10 15 l0 −5 5 10 15 20 l1 −15 −10 −5 5 l2 0.000 0.025 0.050 0.075 0.100 0.125 0.150 0.175 0.200 f[l2|seed′ 1]3
Pr[o1 = 0| lo1] Pr[o1 = 1| lo1] f[ l|x] ∝
rm Pr[rm|
lrm] ·
ra
·
lra|ra, o1] · Pr[o1| lo1]
lc|c, o2] · Pr[o2| lo2]
98%
(Almost) Perfect Dissection Ineffective permutations and rm
Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 17 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
Attacker should at least:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling: ◮ No permutation
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling: ◮ No permutation ◮ 2-bit seeded permutations
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling: ◮ No permutation ◮ 2-bit seeded permutations ◮ 16-bit seeded permutations
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling: ◮ No permutation ◮ 2-bit seeded permutations ◮ 16-bit seeded permutations ◮ All permutations can be enumerated
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
P) ⊕ Ra AddRoundKey rin Sbox′ rout ShiftRows ShiftRows MixColumns MixColumns p
C
p
C
p
C
p′
p
Ra
p′
Multiplicative Pre-Computation
rm, rin, rout Sbox′
{0, . . . , 15} Computation p
C, p Ra
seed1 seed2
16 16
{0, 1, 2, 3} Computation p′
seed′
1
seed′
2 2 2
Inputs Pre-computation Encryption
◮ Get information rm ◮ Get information ra and c Uneven shuffling: ◮ No permutation ◮ 2-bit seeded permutations ◮ 16-bit seeded permutations ◮ All permutations can be enumerated ◮ We focus on the 2-bit seeded permutation
Olivier Bronchain Side-Channel Countermeasures’ Dissection 18 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Divide & Conquer:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average
Divide & Conquer:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average
Divide & Conquer:
◮ Entropy ց with measurements
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average 1 2 3 4 5
Number of measurements
×103 211 226 241 256 271 286 2101 2116
Rank of the correct key
232 20
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average 1 2 3 4 5
Number of measurements
×103 211 226 241 256 271 286 2101 2116
Rank of the correct key
232 20
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
◮ Entropy ց with measurements
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average 1 2 3 4 5
Number of measurements
×103 211 226 241 256 271 286 2101 2116
Rank of the correct key
232 20
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
◮ Entropy ց with measurements ◮ Less than a bit with 4, 000 traces
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average 1 2 3 4 5
Number of measurements
×103 211 226 241 256 271 286 2101 2116
Rank of the correct key
232 20
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
◮ Entropy ց with measurements ◮ Less than a bit with 4, 000 traces ◮ About 1, 100 with post-processing
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
1 2 3 4 5
Number of measurements
×103 20 21 22 23 24 25 26 27 28
GE
Column 0 Column 1 Column 2 Column 3 average 1 2 3 4 5
Number of measurements
×103 211 226 241 256 271 286 2101 2116
Rank of the correct key
232 20
Divide & Conquer:
◮ Entropy ց with measurements ◮ Less than a bit with 3, 000 traces ◮ One ”harder” byte per column
◮ Entropy ց with measurements ◮ Less than a bit with 4, 000 traces ◮ About 1, 100 with post-processing
Olivier Bronchain Side-Channel Countermeasures’ Dissection 19 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 20 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ?
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target ◮ If it helps, worrying for long term security:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target ◮ If it helps, worrying for long term security:
◮ Adversary with a better strategy can be more powerful than the evaluator
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target ◮ If it helps, worrying for long term security:
◮ Adversary with a better strategy can be more powerful than the evaluator
Experiments with machine learning:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target ◮ If it helps, worrying for long term security:
◮ Adversary with a better strategy can be more powerful than the evaluator
Experiments with machine learning: ◮ Representative of closed approach since able to deal with unknown countermeasures
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
How the knowledge of the target helps in a worst-case evaluation ? ◮ Evaluators do not always have full control on the target ◮ If it helps, worrying for long term security:
◮ Adversary with a better strategy can be more powerful than the evaluator
Experiments with machine learning: ◮ Representative of closed approach since able to deal with unknown countermeasures ◮ We instantiate MLP classifiers in simulated settings
Olivier Bronchain Side-Channel Countermeasures’ Dissection 21 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on: ◮ Two shares
Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on: ◮ Two shares ◮ Hamming weight + Gaussian noise
Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on: ◮ Two shares ◮ Hamming weight + Gaussian noise Affine Masking with leakage on:
(x ⊗ rm) ⊕ r r ← {0, . . . , 255} rm ← {1, . . . , 255} HW (·) HW (·) + + η1 η2 l1 l2 l3 Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on: ◮ Two shares ◮ Hamming weight + Gaussian noise Affine Masking with leakage on: ◮ Two shares + Multiplicative mask
(x ⊗ rm) ⊕ r r ← {0, . . . , 255} rm ← {1, . . . , 255} HW (·) HW (·) + + η1 η2 l1 l2 l3 Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
x ⊕ r r ← {0, . . . , 255} 1 HW (·) HW (·) + + η1 η2 l1 l2 l3
Boolean Masking with leakage on: ◮ Two shares ◮ Hamming weight + Gaussian noise Affine Masking with leakage on: ◮ Two shares + Multiplicative mask ◮ Hamming weight + Gaussian noise
(x ⊗ rm) ⊕ r r ← {0, . . . , 255} rm ← {1, . . . , 255} HW (·) HW (·) + + η1 η2 l1 l2 l3 Olivier Bronchain Side-Channel Countermeasures’ Dissection 22 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102
number of traces
20 21
GE
boolean MLP boolean gT affine MLP affine gT
3-bit
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102
number of traces
20 21
GE
boolean MLP boolean gT affine MLP affine gT
3-bit For : For :
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102
number of traces
20 21
GE
boolean MLP boolean gT affine MLP affine gT
3-bit For : ◮ Schemes are equivalent For : ◮ Schemes are not equivalent
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102
number of traces
20 21
GE
boolean MLP boolean gT affine MLP affine gT
3-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102 103
number of traces
20 21 22 23
GE
boolean MLP boolean gT affine MLP affine gT
4-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102 103
number of traces
20 21 22 23 24 25
GE
boolean MLP boolean gT affine MLP affine gT
6-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102 103 104
number of traces
20 21 22 23 24 25 26 27
GE
boolean MLP boolean gT affine MLP affine gT
8-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
◮ Harder with ր field size
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102 103 104
number of traces
20 21 22 23 24 25 26 27
GE
boolean MLP boolean gT affine MLP affine gT
8-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
◮ Harder with ր field size ◮ Profiling cost of such a closed evaluation will be prohibitive
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
100 101 102 103 104
number of traces
20 21 22 23 24 25 26 27
GE
boolean MLP boolean gT affine MLP affine gT
8-bit For : ◮ Schemes are equivalent ◮ No need to learn multiplications For : ◮ Schemes are not equivalent ◮ Need to learn multiplications based
◮ Harder with ր field size ◮ Profiling cost of such a closed evaluation will be prohibitive ◮ While comes for free in withe box
Olivier Bronchain Side-Channel Countermeasures’ Dissection 23 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 24 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
◮ Inherent to low noise on the platform and not to optimized shuffling
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
◮ Inherent to low noise on the platform and not to optimized shuffling
Knowledge needed to reproduce on other targets :
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
◮ Inherent to low noise on the platform and not to optimized shuffling
Knowledge needed to reproduce on other targets : ◮ Source code and randomness knowledge during profiling
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
◮ Inherent to low noise on the platform and not to optimized shuffling
Knowledge needed to reproduce on other targets : ◮ Source code and randomness knowledge during profiling ◮ Sufficient understanding of countermeasures
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
This analysis of mixed countermeasures shows: ◮ Online attack in less than a minute with:
◮ With old state-of-the-art pdf estimation tools ◮ Some equations depending on the countermeasures ◮ Sounded hypotheses
◮ Preliminary leakage assessment found no weakness with 100,000 traces ◮ Difficulty to protect 32-bit software:
◮ Inherent to low noise on the platform and not to optimized shuffling
Knowledge needed to reproduce on other targets : ◮ Source code and randomness knowledge during profiling ◮ Sufficient understanding of countermeasures ◮ Not so much time !
Olivier Bronchain Side-Channel Countermeasures’ Dissection 25 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online
Scrolling Twitter
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online
Code Available
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it
Entering Hacker Mode
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it
Finding MCU
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it
Removing Capacitors
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it
Engraving EM Probe
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready
Entering Hacker Mode
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery
Really Happy
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery
Entering Hacker Mode
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks
Really Happy
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks
Entering Hacker Mode
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks Day 11: Key enumeration
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks Day 11: Key enumeration
Really Happy
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks Day 11: Key enumeration
Entering Hacker Mode
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks Day 11: Key enumeration Day 15: Full attack
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
Day 0: Code is Online Day 1: Start looking at it Day 5: Setup ready Day 6: Multiplicative mask recovery Day 10: First attacks Day 11: Key enumeration Day 15: Full attack
Really Happy
Olivier Bronchain Side-Channel Countermeasures’ Dissection 26 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
ANSSI’s implementation was a stimulating first step:
Olivier Bronchain Side-Channel Countermeasures’ Dissection 27 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
ANSSI’s implementation was a stimulating first step: ◮ Nice research challenge to design/evaluate more secure implementations
Olivier Bronchain Side-Channel Countermeasures’ Dissection 27 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
ANSSI’s implementation was a stimulating first step: ◮ Nice research challenge to design/evaluate more secure implementations ◮ Possibly dealing with limited physical noise
Olivier Bronchain Side-Channel Countermeasures’ Dissection 27 / 27
Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion
ANSSI’s implementation was a stimulating first step: ◮ Nice research challenge to design/evaluate more secure implementations ◮ Possibly dealing with limited physical noise
Twitter: @BronchainO email: olivier.bronchain@uclouvain.be
Olivier Bronchain Side-Channel Countermeasures’ Dissection 27 / 27