a simple power analysis attack on the twofish key schedule
play

A Simple Power Analysis Attack on the TwoFish Key Schedule Jose - PowerPoint PPT Presentation

A Simple Power Analysis Attack on the TwoFish Key Schedule Jose Javier Gonzalez Ortiz May 5, 2016 University of Michigan Introduction Cryptography Basics securely communicate Cryptography allows us to information with other parties.


  1. A Simple Power Analysis Attack on the TwoFish Key Schedule Jose Javier Gonzalez Ortiz May 5, 2016 University of Michigan

  2. Introduction

  3. Cryptography Basics securely communicate Cryptography allows us to information with other parties. Credit : Randall Munroe https://xkcd.com/538/ Cryptography involves using protocols that ensure data confidentiality, data integrity and authentication. 1

  4. Encryption Systems Alice C M Bob K b D Eve K a E M Types of encryption Cryptographic Algorithms are designed using mathematical constructs and are publicly available. Security relies on keys, secret pieces of information that dictate the output of the algorithm • Symmetric Key - Shared secret key between agents • Asymmetric Key - Public and Private Key. 2

  5. Side Channel Attacks Power M E K a Alice Eve D K b Bob M C Consumption A side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem. Electromagnetic Execution Sound Radiation Time Visible Error Messages Heat Faulty Light Outputs 3

  6. Embedded Devices I What percent of computing devices are embedded? A. 14% B. 56% C. 87% D. 98% 4

  7. Embedded Devices I What percent of computing devices are embedded? A. 14% B. 56% C. 87% D. 98% 5

  8. Embedded Devices II As of 2015 • 98% percent of computing devices are embedded 1 • 15 billion connected devices in 2015 2 In 2020 There will be over 30 billion connected devices 3 1 G. Borriello and R. Want. Embedded Computation meets the World Wide Web . Commum. ACM 2 John Gantz. The Embedded Internet: Methodology and Findings 3 Gartner Says Personal Worlds and the Internet of Everything Are Colliding to Create New Markets 6

  9. Types of Power attacks I Differential Power Attacks Black Box Statistical Analysis from large sample of power traces Credit : Frank Kagan : Side Channel Attack Secure Cryptographic Accelerators 7

  10. Types of Power attacks II Simple Power Attacks Focuses on particular vulnerabilities of the algorithm that could leak information from the message or the key. Figure 1: Hamming weight power trace leakage 8

  11. AES Contest I But where did all these cryptographic protocols come from? • DES - Designed by IBM and approved by NSA. Standard for 20 years (1977-1997) • AES - Chosen by selection process over numerous contestants. 9 Credit : A Stick Figure Guide to the Advanced Encryption Standard (AES)

  12. AES Contest II hardware performance performance Rijndael was chosen as AES. Contestants were evaluated in several metrics, including and smart card Credit : A Stick Figure Guide to the Advanced Encryption Standard (AES) 10

  13. State-of-the-art Known Simple Power Attacks for AES contest finalists 1. Rijndael 4 (AES) 2. Serpent 5 3. Twofish 4. Mars 5. RC6 Known attacks describe how to recover the secret key from a single power reading. 4 Joel VanLaven, Mark Brehob, and Kevin J. Compton. A computationally feasible SPA attack on AES via optimized search 5 Kevin J. Compton, Brian Timm, and Joel VanLaven. A simple power analysis attack on the serpent key schedule 11

  14. Attack Description

  15. Encryption Plaintext (128 bit) K K K2 K 3 Input whitening 0 1 g <<<1 MDS K 2r+8 S-box 0 PHT S-box 1 TwoFish can S-box 2 use 128,192 or S-box 3 256-bit keys. One round g MDS S-box 0 Encryption is S-box 1 <<<8 S-box 2 performed via K 2r+9 >>>1 S-box 3 16 feistel rounds and ... 15 more rounds requires the Undo last swap generation of 40 subkeys. K4 K5 K6 K7 Output whitening Ciphertext (128 bits) 12

  16. Key Schedule Keys are generated in even and odd pairs. Each byte of the secret key is used 20 times. 13

  17. Attack Description I m 9 i m 2 m 10 i m 8 m 0 i m 1 i m 11 m 3 We want to infer the key from the power reading. Each row is independent, and we know the values of w and the hamming weights of v . v i , 3 , 2 w i , 3 , 2 v i , 3 , 1 w i , 3 , 1 v i , 3 , 0 w i , 3 , 0 q 0 q 0 q 1 v i , 2 , 2 w i , 2 , 2 v i , 2 , 1 w i , 2 , 1 v i , 2 , 0 w i , 2 , 0 q 1 q 0 q 0 v i , 1 , 2 w i , 1 , 2 v i , 1 , 1 w i , 1 , 1 v i , 1 , 0 w i , 1 , 0 q 0 q 1 q 1 v i , 0 , 2 w i , 0 , 2 v i , 0 , 1 w i , 0 , 1 v i , 0 , 0 w i , 0 , 0 q 1 q 1 q 0 There are 20 values for i , so we can solve for the bytes of the key m . We solve one round at a time from left to right. 14

  18. Attack Description II H H H H For each byte m l we have a 20 restrictions. We can do a first meets all search through the 2 8 = 256 possible bytes.  [ ] = d 0 , j , k , 0 ⊕ x l , 0 + d 0 , j , k , 1 ⊕ x l , 1 + . . . + d 0 , j , k , 7 ⊕ x l , 7 v 0 , j , ( k − 1 )    [ ] = d 2 , j , k , 0 ⊕ x l , 0 + d 2 , j , k , 1 ⊕ x l , 1 + . . . + d 2 , j , k , 7 ⊕ x l , 7  v 2 , j , ( k − 1 )     [ ] = d 4 , j , k , 0 ⊕ x l , 0 + d 4 , j , k , 1 ⊕ x l , 1 + . . . + d 4 , j , k , 7 ⊕ x l , 7 v 4 , j , ( k − 1 )   · · ·      [ ]  = d 38 , j , k , 0 ⊕ x l , 0 + d 38 , j , k , 1 ⊕ x l , 1 + . . . + d 38 , j , R , 7 ⊕ x l , 7 v 38 , j , ( k − 1 ) Key Size Accuracy Avg. Runtime 128 100% 3 . 75 ms 192 100% 5 . 7 ms 256 100% 7 . 39 ms 15

  19. Presence of Noise The attack so far is not perfect since it does not account for noise. Power Traces have a non-negligible amount of noise superimposed. If the equipment is correctly tuned, noise will be gaussian and have zero mean. 16

  20. Least Mean Square Correction I m 9 m 1 Let's try again m 2 m 10 i m 8 m 0 i i i m 3 m 11 Due to the noise the system of equations may not have a solution. Using the hamming weights of w we can transform the XORs to linear restrictions. v i , 3 , 2 w i , 3 , 2 v i , 3 , 1 w i , 3 , 1 v i , 3 , 0 w i , 3 , 0 q 0 q 0 q 1 v i , 2 , 2 w i , 2 , 2 v i , 2 , 1 w i , 2 , 1 v i , 2 , 0 w i , 2 , 0 q 1 q 0 q 0 v i , 1 , 2 w i , 1 , 2 v i , 1 , 1 w i , 1 , 1 v i , 1 , 0 w i , 1 , 0 q 0 q 1 q 1 v i , 0 , 2 w i , 0 , 2 v i , 0 , 1 w i , 0 , 1 v i , 0 , 0 w i , 0 , 0 q 1 q 1 q 0 17

  21. Least Mean Square Correction II In order to solve the system we can use Least Minimum Squares. Finally, map the values to { 0 , 1 } by comparing to 0 . 5.  ( ) [ ] H ∗ − H = a 0 , j , k , 0 · x l , 0 + a 0 , j , k , 1 · x l , 1 + . . . + a 0 , j , k , 7 · x l , 7 v 0 , j , ( k − 1 ) w 0 , j , k ϵ    ( ) [ ]  H ∗ − H = a 2 , j , k , 0 · x l , 0 + a 2 , j , k , 1 · x l , 1 + . . . + a 2 , j , k , 7 · x l , 7  v 2 , j , ( k − 1 ) w 2 , j , k  ϵ   ( ) [ ] H ∗ − H = a 4 , j , k , 0 · x l , 0 + a 4 , j , k , 1 · x l , 1 + . . . + a 4 , j , k , 7 · x l , 7 v 4 , j , ( k − 1 ) w 4 , j , k ϵ   · · ·      ( ) [ ] − H = a 38 , j , k , 0 · x l , 0 + a 38 , j , k , 1 · x l , 1 + . . . + a 38 , j , R , 7 · x l , 7  H ∗ v 38 , j , ( k − 1 ) w 38 , j , k ϵ 18

  22. Correction masks Can we do better? h M 000000000 000000001 000000010 000000100 Mistakes are being made when estimating single bytes. Mistakes are propagated to the following 000001000 rounds. . . . Not all mistakes are equally likely, we are most 000000011 probably estimating incorrectly, one or two bits. 000000101 We can flip individual bits and minimize the 000001001 error to the hamming weights. . . . 111111111 19

  23. Summary of Noise Correction m l Round to nearest integer the whole power trace For each byte m l of the key A. Solve equations with Least Mean Squares B. Map real valued solutions R → { 0 , 1 } to get ˆ C. Find the mask h M = 0 . . . 255 that minimizes the hamming distance to the measurements of inputs and outputs of the S-boxes. ˆ l = ˆ m l ⊕ h M m ∗ 20

  24. Simulation & Results

  25. Results Accuracies 128-bit key Applying noise correction techniques we can recover the key 99% of the time with σ < 1 . 0. For each σ , mask size and key size combination 1000 simulations were run. (a) One Reading (b) Five Readings 21

  26. Implications Known Simple Power Attacks for AES contest finalists 1. Rijndael 2. Serpent 3. Twofish 4. Mars 5. RC6 This attack can be performed in any implementation of TwoFish due to the byte nature of the S-boxes. 22

  27. Summary Further Work • Embedded Systems are increasing by number everyday and carry large amounts of personal private information. • Current cryptographic protocols do not have secure implementations for most embedded devices. • TwoFish has a noise resistant simple power attack for all of its implementations (8, 32, 64-bit C and ASM .) • Are Mars and RC6 secure against SPA? • Need to devise new algorithms or implementations of current algorithms that are not susceptible to SPA 23

  28. Thank you! 23

Recommend


More recommend