understanding the reasons for the side channel leakage is
play

Understanding the Reasons for the Side-Channel Leakage is - PowerPoint PPT Presentation

Aug 20, 2023 •187 likes •799 views

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012 Outline Introduction and motivation

  1. Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012

  2. Outline � Introduction and motivation � Goals of a security evaluation � The Stochastic Approach � basics in a nutshell � How to obtain relevant design information � Conclusions Schindler September 13, 2012 Slide 2

  3. � Side-channel analysis has been a hot topic in academia and industry for the last 15 years. � In the early years the applied mathematical methods often wasted a lot of information. � In the meanwhile the mathematical methods have become much more efficient. � The time has been ripe for systematic methods! Schindler September 13, 2012 Slide 3

  4. How I came in touch with side-channel analysis (I) � In 1999 I gave a course “Selected Topics in Modern Cryptography” at Darmstadt Technical University. � I had to bridge a “gap” of one and a half 90 minute lectures. I remembered a timing attack from Jean- Jacques Quisquater and his research group (CARDIS 1998). � I studied the paper and was quickly convinced that the attack could be improved significantly. Schindler September 13, 2012 Slide 4

  5. How I came in touch with side-channel analysis (II) � I contacted Jean-Jacques and proposed a new decision strategy. � For the same hardware the number of traces per attack dropped down from 200000 – 300000 to 5000, which is an increase of efficiency by factor ≈ 50 (Schindler, Koeune, Quisquater, 2001). � New stochastic methods made this improvement possible. � I thought it might be a good idea to write one paper on this topic… Schindler September 13, 2012 Slide 5

  6. Security evaluations (I) � The resistance of smart cards, or more generally, of security implementations, against power attacks has been an important aspect of many security evaluations. � It is very important for evaluators and designers to know the strongest attacks. � Usually several side-channel attacks are applied (e.g. different DPA or CPA attacks). The target device is considered secure if it withstands all these attacks. Schindler September 13, 2012 Slide 6

  7. Security evaluations (II) � A successful attack shows that the device is vulnerable. � But … � What are the consequences (countermeasures, limitation of the number of operations, re-design)? � What is the conclusion if all attacks have been ineffective? Do stronger attacks exist? Schindler September 13, 2012 Slide 7

  8. Security evaluations (III) � It is clearly desirable � to have reliable security evaluations � to get more than a one-bit information (successful attack is known / is not known). � Reliable and trustworthy evaluation methods are needed! � Ideally, a security evaluation should disclose potential weaknesses, allowing target-oriented re- design if necessary (constructive side-channel analysis). Schindler September 13, 2012 Slide 8

  9. DPA / CPA � DPA and CPA are the „classics“ in power analysis. � DPA and CPA are correlation attacks � + easy to apply, no profiling � - exploit only a fraction of the available information Schindler September 13, 2012 Slide 9

  10. Template attacks � exploit power information from several time instants t 1 <…<t m � electrical current vectors are interpreted as realizations of m-dimensional random vectors with unknown probability distribution. � These random vector may depend on � (x,k): part of the plaintext / ciphertext x, subkey k � (x,z,k): part of the plaintext / ciphertext x, masking value z, and subkey k � f(x,k): e.g., f(x,k):= ham(x ⊕ k) (model-based templates) Schindler September 13, 2012 Slide 10

  11. Template attacks (II) � profiling phase (training device): � estimation of a probability density for each (x,k), resp. for each (x,z,k), resp. for each f(x,k) (templates) � attack (target device) � substitution of the measured current values into the templates ( → maximum likelihood principle) Schindler September 13, 2012 Slide 11

  12. A successful template attack shows that the target implementation is vulnerable but it does not explain how to fix the problem. Schindler September 13, 2012 Slide 12

  13. The stochastic approach � target: block cipher � exploits power measurements at several time instants t 1 < t 2 < ... < t m � The measurement values are interpreted as values that are assumed by random variables. � The stochastic approach combines engineers’ expertise with efficient stochastic methods from multivariate statistics. Schindler September 13, 2012 Slide 13

  14. Literature � Pioneer work: Schindler, Lemke, Paar (2005), � Theoretical foundations and attack efficiency : Schindler, Lemke, Paar (2005), Lemke, Gierlichs, Paar (2006), Lemke-Rust, Paar (2007), Schindler (2008), Standaert, Koeune, Schindler (2009), Heuser, Kasper, Schindler, Stöttinger (2012) � Design aspects: Kasper, Schindler, Stöttinger (2010), Heuser, Kasper, Schindler, Stöttinger (2011 + 2012) Schindler September 13, 2012 Slide 14

  15. The stochastic model (basic variant) target algorithm: block cipher (e.g., AES; no masking) x ∈ {0,1} p (known) part of the plaintext or ciphertext k ∈ {0,1} s subkey [AES: (typically) s = 8 ] t time instant I t (x,k) = h t (x,k) + R t deterministic part random variable random variable = leakage function (depends on x and k) E(R t ) = 0 (depends on x and k) quantifies the random- noise (centered) ness of the side-channel signal at time t Schindler September 13, 2012 Slide 15

  16. The stochastic model (masking) x ∈ {0,1} p (known) part of the plaintext or ciphertext z ∈ M masking value k ∈ {0,1} s subkey [AES: (typically) s = 8 ] t ∈ {t 1 ,t 2 ,...,t m } time instant I t (x,z;k) = h t (x,z;k) + R t deterministic part random variable random variable = leakage function (depends on x,z,k) E(R t ) = 0 (depends on x,z,k) quantifies the random- noise (centered) ness of the side-channel signal at time t Schindler September 13, 2012 Slide 16

  17. Note � The leakage functions h t1 ( ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ),h t2 ( ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ ,), ... , h tm ( ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ ) ⋅ and � the probability distribution of the random vector (R t1 ,R t2 , ..., R tm ) („noise vector“) are unknown and have to be estimated with a training device. Schindler September 13, 2012 Slide 17

  18. Profiling, Step 1 (I) � Fix a subkey k ∈ {0,1} s . � The unknown function h t;k : ∈ {0,1} p × M × {k} → R, h t;k (x,z;k):= h t (x,z;k) is interpreted as an element of a high-dimensional real vector space � k . In particular, dim( � k ) = 2 p |M| . � Goal: Approximate h t;k by its image h* t;k under the orthogonal projection onto a suitably selected low- dimensional vector subspace � u,t;k Schindler September 13, 2012 Slide 18

  19. Geometric illustration h t;k k fixed orthogonal projection . h t;k * � u,t;k subspace The image h* t,k is the best approximator of h t;k in � u,t;k Schindler September 13, 2012 Slide 19

  20. Profiling, Step 1 (II) (masking case) with basis functions g j,t;k : {0,1} p × M × {k} → R The basis g 0,t;k ,…,g u-1,t;k shall be selected under consideration of the attacked device. The estimation of h* t,k can completely be moved to the low-dimensional subspace � u,t;k , which reduces the number of measurements to a small fraction. Schindler September 13, 2012 Slide 20

  21. Example: AES implementation on an FPGA (final round) „Difference“ in register R6: R6 (new) ⊕ R6 (old) Schindler September 13, 2012 Slide 21

  22. AES implementation on an FPGA (I) Target: Key byte k (2) ∈ {0,1} 8 in round 10 R (x) value of register x after round 10 9-dimensional subspace: g 0,t;k(2) ((R (2) ,R (6) ),k (2) ) = 1 g j,t;k(2) ((R (2) ,R (6) ),k (2) ) = (R (6) ⊕ S -1 (R (2) ⊕ k (2) )) j for 1 ≤ j ≤ 8 Schindler September 13, 2012 Slide 22

  23. AES implementation on an FPGA (II) Target: Key byte k (2) ∈ {0,1} 8 in round 10 R (x) value of register x after round 10 2-dimensional subspace: g 0,t;k(2) ((R (2) ,R (6) ),k (2) ) = 1 g’ 1,t;k(2) ((R (2) ,R (6) ),k (2) ) = ham(R (6) ⊕ S -1 (R (2) ⊕ k (2) )) This 2-dimensional subspace potentially contains less leakage information than the 9-dimensional subspace defined on the previous slide. Schindler September 13, 2012 Slide 23

  24. Profiling, Step 1 (I) − u 1 ∑ = β h g * * (best approximator of h t;k in � u,t;k ) t k j t k j t k ; , ; , ; = j 0 � Task: Estimate the unknown coefficients β * 0,t;k , …, β * (u-1),t;k � N 1 measurement values from the training device i t (x 1 ,z 1 ,k), … i t (x N_1 ,z N_1 ,k) � Least-square estimation: Schindler September 13, 2012 Slide 24

  25. Profiling, Step 2 (only relevant for attacks) (I t_1 (x,z,k) – h* t_1;k (x,z,k), … , I t_m (x,z,k) – h* t_m (x,z,k)) ≈ (I t_1 (x,z,k) – h t_1 (x,z,k), … , I t_m (x,z,k) – h t_m (x,z,k)) = (R t_1 , … , R t_m ) ~ N(0,C) � Estimate the covariance matrix C (multivariate normal distribution), possibly with PCA � → prob. density f x,z;k ( ⋅ ) for I t (x,z,k) Schindler September 13, 2012 Slide 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Analyzing Side-Channel Leakage of RFID-Suitable Lightweight

Analyzing Side-Channel Leakage of RFID-Suitable Lightweight

Ins$tute for Applied Informa$on Processing and Communica$ons (IAIK) Analyzing Side-Channel Leakage of RFID-Suitable Lightweight ECC Hardware

244 views • 23 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015 Tobias Schneider &amp; Amir Moradi Ruhr-Universitt Bochum Embedded Security Group Outline Motivation Statistical Background Testing

461 views • 43 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed, F.-X. Standaert , A. Joux NXP &amp; UCL Crypto Group &amp; Univ. Versailles CHES 2012, Leuven, Belgium SCA security (implementation level) 1 SCA

857 views • 70 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th , 2015 Motivation Security Evaluation Leakage Assessment Methodology | CHES 2015 | Tobias Schneider 2

1.15k views • 81 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks &amp; Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 ,

Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 ,

Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 , 2 and Kerstin Lemke-Rust 1 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universitt Bochum 2 Germany November 29, 2017 Bonn-Rhein-Sieg

464 views • 33 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to the basics!! details on power / EM leakage (low/high noise scenario) how/where to attack AES? di ff erent attacker models overview of

1.28k views • 74 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
CCA2 Key-Privacy for Code-Based Encryption in the Standard Model Yusuke Yoshida with Kirill

CCA2 Key-Privacy for Code-Based Encryption in the Standard Model Yusuke Yoshida with Kirill

CCA2 Key-Privacy for Code-Based Encryption in the Standard Model Yusuke Yoshida with Kirill Morozov and Keisuke Tanaka from Tokyo Institute of Technology, Japan 1 Contents Contents Key-Privacy for PKE Indistinguishability of keys (IK) 2

598 views • 58 slides
Teens and Taxes Teenagers dont owe taxes He makes too little to owe taxes Does a Teenager Owe

Teens and Taxes Teenagers dont owe taxes He makes too little to owe taxes Does a Teenager Owe

Common Misconceptions Teens and Taxes Teenagers dont owe taxes He makes too little to owe taxes Does a Teenager Owe Taxes? Shes just babysitting The IRS doesnt know because hes paid in Presented by Carol Topp, CPA cash

243 views • 3 slides
Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Defining Encryption (ctd.) Lecture 3 SIM &amp; IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

619 views • 20 slides
6/26/2017

6/26/2017

6/26/2017

233 views • 8 slides
Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of

Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of

Pseudo-random Functions Debdeep Mukhopadhyay IIT Kharagpur We have seen the construction of PRG (pseudo-random generators) being constructed from any one-way functions. Now we shall consider a related concept: Pseudo-random

829 views • 15 slides
The CPAs Law Reform Lecture 2019 Is There a Need to Reform the Law of Blights? Thursday 30 th

The CPAs Law Reform Lecture 2019 Is There a Need to Reform the Law of Blights? Thursday 30 th

The CPAs Law Reform Lecture 2019 Is There a Need to Reform the Law of Blights? Thursday 30 th April 2019 Bryan Cave Leighton Paisner LLP Welcome &amp; Introduction by the Conference Chairman Rebecca Clutten CPA Vice Chair Barrister,

280 views • 23 slides
The CP -construction: A Category of Classical and Quantum Channels Aleks Kissinger Bob

The CP -construction: A Category of Classical and Quantum Channels Aleks Kissinger Bob

The CP -construction: A Category of Classical and Quantum Channels Aleks Kissinger Bob Coecke Chris Heunen November 4, 2015 A category for protocols Fix a category V . Think of the objects as state spaces, morphisms as pure state

348 views • 18 slides
RNA-seq: filtering, quality control and visualisation COMBINE RNA-seq Workshop QC and

RNA-seq: filtering, quality control and visualisation COMBINE RNA-seq Workshop QC and

RNA-seq: filtering, quality control and visualisation COMBINE RNA-seq Workshop QC and visualisation (part 1) Slide taken from COMBINE RNAseq workshop on 23/09/2016 RNA-seq of Mouse mammary gland Virgin n=2 Basal Pregnant n=2 cells

318 views • 27 slides

More recommend