Test Apparatus for Side-Channel Resistance Compliance Testing - - PowerPoint PPT Presentation

Institute for Applied Information Processing and Communications (IAIK) 1

TU Graz/Computer Science/IAIK/VLSI/Name Project

1

TU Graz/Computer Science/IAIK/SEnSE NIAT 2011 Nara, 27.09.2011

Test Apparatus for Side-Channel Resistance Compliance Testing

Michael Hutter, Mario Kirschbaum, Thomas Plos, Jörn-Marc Schmidt

NIAT Workshop 2011

Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology

Institute for Applied Information Processing and Communications (IAIK) 2

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

What is this talk about?

Challenge

How to quantify side-channel resistance? How to estimate the security level? How to perform SCA compliance testing?

Proposal

Non-invasive attack testing apparatus

Institute for Applied Information Processing and Communications (IAIK) 3

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

ISO/IEC 10373-6

Institute for Applied Information Processing and Communications (IAIK) 4

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The Classical SCA Setup

meas

1 GND1 GND

Institute for Applied Information Processing and Communications (IAIK) 5

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The Proposed Apparatus

Institute for Applied Information Processing and Communications (IAIK) 6

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

What are the Advantages?

• 1. Reduction of noise
• 2. Higher measurement

sensitivity

Institute for Applied Information Processing and Communications (IAIK) 7

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The AT89S8253 Apparatus

Institute for Applied Information Processing and Communications (IAIK) 8

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The ATmega128 Apparatus

Institute for Applied Information Processing and Communications (IAIK) 9

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The GRANDESCA Apparatus

Institute for Applied Information Processing and Communications (IAIK) 10

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Institute for Applied Information Processing and Communications (IAIK) 11

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Institute for Applied Information Processing and Communications (IAIK) 12

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Attack Scenarios

• 1. White-box evaluation
• Target: MOV operation
• 2. Black-box evaluation
• Target: 1st S-box output of an AES-128 encryption (round 1)
• IC1: random input
• IC2: zero input

Institute for Applied Information Processing and Communications (IAIK) 13

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Results of Attacks

Reference Attack Difference Attack

σ = 0.67 σ = 0.96

Institute for Applied Information Processing and Communications (IAIK) 14

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

AES Results

Institute for Applied Information Processing and Communications (IAIK) 15

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Summary

Using two devices improves attack Less noise Better acquisition resolution Can be used for

Device characterization, profiling, countermeasure evaluation, SCA-resistance tests, compliance testing, attacks, …

Michael Hutter

IAIK – Graz University of Technology michael.hutter@iaik.tugraz.at www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) 16

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

The Wheatstone Bridge

Institute for Applied Information Processing and Communications (IAIK) 17

TU Graz/Computer Science/IAIK/SEnSE Nara, 27.09.2011 NIAT 2011

Signal-to-Noise Ratio

Reference Attack Difference Attack