a stochastic approach in side channel analysis in the
play

A Stochastic Approach in Side-Channel Analysis in the Presence of - PowerPoint PPT Presentation

Sep 25, 2023 •980 likes •1.13k views

FIRST TALK A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt f r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Barcelona, May 22, 2007 Power attacks on a block cipher

  1. FIRST TALK A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt f ü r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Barcelona, May 22, 2007

  2. Power attacks on a block cipher implementation protected by masking r (Classical) template attacks: most powerful attack, but gigantic workload (= # of measurements) for profiling Second order DPA: no profiling, but only little r efficient W. Schindler May 22, 2007 Slide 2

  3. The Stochastic Approach (Example: Power attack on AES) x ∈ {0,1} 8 (known) part or the plaintext or ciphertext z ∈ {0,1} 8 masking value k ∈ {0,1} 8 subkey t time I t (x,z;k) = h t (x,z;k) + R t Time t: Random variable deterministic part Random variable (depends on x,z,k) (depends on x,z,k) E(R t ) = 0 quantifies the random- Noise ness of the side-channel signal at time t W. Schindler May 22, 2007 Slide 3

  4. 1 st Profiling Step: Estimation of h t (.,.,.) Na ï ve Approach: Estimate h t (x,z;k) = E (I t (x,z;k)) r independently for each triple (x,z;k) ∈ {0,1} 8 × {0,1} 8 × {0,1} 8 for all t ∈ { t 1 ,t 2 , … ,t m } (relevant instants) Drawback: Gigantic number of measurements r W. Schindler May 22, 2007 Slide 4

  5. More efficient procedure r For any fixed subkey k interpret the function h t;k ( · , · ): {0,1} 8 × {0,1} 8 → R, h t;k ( · , · ) = h t ( · , · ;k), as an element of a real vector space F . r Approximate h t;k ( · , · ) by its image h* t;k under the orthogonal projection onto a suitably chosen low- dimensional vector subspace F u;t h t;k geometric . * h t;k visualization F u;t W. Schindler May 22, 2007 Slide 5

  6. r (clou) The image h* t;k minimizes a functional on the vector subspace F u;t h* t;k can be determined without knowing h (.,.,.k) r (Qualitative) conjectures on the reasons for the leakage signal → subspace F u;t r Typical vector space dimensions ( → Example) r dim( F ) = 2 16 r dim( F u;t ) = 9 or 17 W. Schindler May 22, 2007 Slide 6

  7. Comparison with Template Attacks Non-masking case: r introduced by Schindler, Lemke, Paar (CHES 2005) r extensive experimental studies by Gierlichs, Lemke, Paar (CHES 2006) r Compared to template attacks: reduces the number of measurements in the profiling phase up to factor 50 Masking case: The advantages of the stochastic approach are even by an order of magnitude larger than in the non- masking case. W. Schindler May 22, 2007 Slide 7

  8. Summary The stochastic approach r reduces the profiling workload by order(s) of magnitude r combines engineer ’ s insight into the reasons for the leakage ( → suitability of the subspace F u;t ) with precise stochastic methods ( → optimal approximator in F u;t ) r identifies and quantifies those properties that have significant impact on the side-channel signal r supports constructively the design of security implementations W. Schindler May 22, 2007 Slide 8

  9. Contact Bundesamt f ü r Sicherheit in der Informationstechnik (BSI) Werner Schindler Godesberger Allee 185-189 53175 Bonn Tel: +49 (0)3018-9582-5652 Fax: +49 (0)3018-10-9582-5652 Werner.Schindler@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de W. Schindler May 22, 2007 Slide 9

  10. SECOND TALK A Stochastic Model for Particular Designs of Physical RNGs with Robust Entropy Estimators Wolfgang Killmann 1 , Werner Schindler 2 1 T-Systems GEI GmbH 2 Bundesamt f ü r Sicherheit in Bonn, Germany der Informationstechnik (BSI) Bonn, Germany Barcelona, May 22, 2007

  11. Generic Design r n (random bit) r n+1 = r n + sw(n+1) (mod 2) # switches in time period n+1 W. Schindler May 22, 2007 Slide 11

  12. Summary r Goal: Determine the conditional entropy H(R n+1 | R 1 , ...,R n ) r We formulated and analysed a stochastic model of the noise source. r We derived robust entropy estimators, yielding practically useful lower entropy bounds. Practical experiments: 10 5 random bits / sec (limitations by the USB interface) entropy / random bit > 1 - 10 -5 W. Schindler May 22, 2007 Slide 12

  13. Contact Wolfgang Killmann T-Systems, GEI GmbH, Bonn, Germany wolfgang.killmann@t-systems.com Werner Schindler Bundesamt f ü r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Werner.Schindler@bsi.bund.de W. Schindler May 22, 2007 Slide 13

Recommend

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high security solutions Rohde & Schwarz SIT GmbH Stuttgart/Germany Dr. Torsten Schtze Workshop on Applied Cryptography Lightweight

595 views • 15 slides
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Introduction / Motivation Symbolic Method Experiments Conclusion Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS In` es Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz

271 views • 25 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

633 views • 47 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

1.39k views • 86 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium Summer school on real-world crypto, 2016 Outline Link with linear cryptanalysis Standard Differential Power Analysis Noise-based security (is

1.17k views • 92 slides
Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to the basics!! details on power / EM leakage (low/high noise scenario) how/where to attack AES? di ff erent attacker models overview of

1.28k views • 74 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas

Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas

Background Correlation Analysis Results Conclusion Side-channel analysis of six SHA-3 candidates in HMAC scheme Olivier Beno t and Thomas Peyrin CHES 2010 Workshop Santa Barbara - August 18, 2010 Background Correlation Analysis

1.1k views • 36 slides
Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

Conference on Cryptographic Hardware and Embedded Systems (CHES) 2020 Strength in Numbers: Improving Generalization with Ensembles in Machine Learning-based Profiled Side-Channel Analysis Guilherme Perin , Lukasz Chmielewski, Stjepan Picek In

468 views • 25 slides
Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages

Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages

Confusing Information: How Confusion Improves Side-Channel Analysis for Monobit Leakages Cryptarchi 2018 June 17-19, 2018 Guidel-Plage, France Eloi de Chrisey, Sylvain Guilley & Olivier Rioul Tlcom ParisTech, Universit

559 views • 34 slides
Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam

Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam

Mind The Portability A Warriors Guide through Realistic Profiled Side-channel Analysis Shivam Bhasin 1 , Dirmanto Jap 1 , Anupam Chattopadhyay 1 , Stjepan Picek 2 , Annelie Heuser 3 , and Ritu Ranjan Shrivastwa 4 1 NTU, Singapore 2 TU Delft,

335 views • 22 slides
State-of-the-art of international standardisation of side-channel analysis test methodologies and

State-of-the-art of international standardisation of side-channel analysis test methodologies and

State-of-the-art of international standardisation of side-channel analysis test methodologies and calibration of acquisition tools Sylvain GUILLEY sylvain.guilley@TELECOM-ParisTech.fr September 10, 2015, PARIS 1/18 Overview on the workshop

836 views • 25 slides
Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong

Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong

Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong assumptions Kerckhoffs Principle The system is completely known to the attacker. This includes e ncryption & decryption algorithms,

1.25k views • 85 slides
(ISSTAC) Side Channel Analysis Corina Pasareanu (CMU&NASA Ames) Project team members

(ISSTAC) Side Channel Analysis Corina Pasareanu (CMU&NASA Ames) Project team members

Integrated Symbolic Execution for Space-Time Analysis of Code (ISSTAC) Side Channel Analysis Corina Pasareanu (CMU&NASA Ames) Project team members Corina Pasareanu Teme Kahsai Kasper Luckow Quoc-Sang

458 views • 23 slides
Hardware Random Recoding Redundant Representations of Numbers, Side Channel Analysis, Elliptic

Hardware Random Recoding Redundant Representations of Numbers, Side Channel Analysis, Elliptic

Hardware Random Recoding Redundant Representations of Numbers, Side Channel Analysis, Elliptic Curve Cryptography Thomas Chabrier, Danuta Pamula, Arnaud Tisserand IRISA Laboratory, CAIRN Research Team 1/20 Plan Context Redundant

512 views • 20 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T. Roche thomas.roche@ssi.gouv.fr FSE 2013 March 2013 T. Roche, ANSSI Higher-Order Side Channel Security and Mask Refreshing Side Channel Analysis

1.14k views • 75 slides
Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik

Side Channel Analysis Using a Model Counting Constraint Solver and Symbolic Execution Tevfik Bultan Computer Science Department University of California, Santa Barbara (UCSB) Joint work with: Abdulbaki Aydin, Lucas Bang, UCSB Corina

1.1k views • 91 slides
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu

Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu

8 + Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis Matthieu Rivain 1 , 2 , Emmanuelle Dottax 1 & Emmanuel Prouff 1 Oberthur Card Systems University of Luxembourg February 11, 2008 M. Rivain, E.

812 views • 64 slides
Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet

Side-Channel Analysis on Blinded Regular Scalar Multiplications Benoit Feix Mylne Roussellet Alexandre Venelli Thales Communications & Security Target of our paper 2 / 2 / Elliptic Curve Cryptosystems (ECC) implemented on

471 views • 46 slides

More recommend