Cryptographic Approach to Enhance the Security Against Recent Threats Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity becomes the first step of good collaboration between Taiwan and Japan researchers.
Outline This talk Cryptographic Approach to Enhance the Security Against Recent Real Threats. 1. Information Security for Cloud Computing 2. Public key cryptosystems 1. Elliptic Curve Cryptosystems (ECC) 2.Dominant factor of ECC, security & efficiency 3. Scalar Multiplication 4. Side Channel Attack, real recent threats 5. Approach to Achieve a Secure and Efficient cryptosystems (our new results) 6. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 2/22
Information Security for Cloud Computing Customers are both excited and nervous at the prospects of Cloud Computing. Why?: Customers are also very concerned about the risks of Cloud Computing if not properly secured. Cloud Security Alliance, Top Threats to Cloud Computing V1.0 How to reduce the risk? Confidentiality: Protect a data from an outsider. Integrity: Guarantee a data consistency. Access control: Control data for users without right. Information security Encryption, Signature (Authentication) Public Key Cryptosystems In this talk, we focus on public key cryptosystems. @atsuko miyaji NSC-JST workshop / 2012.11 28 3/22
Outline 2 1. Information Security for Cloud Computing 1. Information Security for Cloud Computing 1. Information Security for Cloud Computing 2. Public key cryptosystems 1. Elliptic Curve Cryptosystems (ECC) 2.Dominant factor of ECC, security & efficiency 3. Scalar Multiplication 4. Side Channel Attack, real recent threats 5. Approach to Achieve a Secure and Efficient cryptosystems (our new results) 6. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 4/22
Principle of Public Key Cryptosystems Main Features ・ Encryption key ≠ Decryption key ⇒ Encryption/Decryption key is published/ kept secretly ( public key/secret key) ⇒ encryption (confidentiality) + signature (integrity/access control) + are achieved. Server Alice Integrity Access signature control verification decrypt Confidentiality encrypt secret public Solve key key difficult Security Bases Integer Factorization Problem (IF, ‘78) Discrete Logarithm Problem (DLP, ‘85) Elliptic Curve Discrete Logarithm Problem (ECDLP, ’86) @atsuko miyaji NSC-JST workshop / 2012.11 28 5/22
Security Comparison between IF, DLP, and ECDLP •DLP&IF: a sub-exponential time faster than exhaustive search O(exp{(loglogp) 2/3 (log p) 1/3 }) •ECDLP: a square-root time (exhaustive search), O(p 1/2 ) (more and more) ECDLP is more efficient than DLP/IF. Key size for IF, DLP, ECDLP to achieve a security level. [key length(bits)] 3,500 3072 2010- 3,000 2048 2,500 1536 2,000 IF 1024 1,500 DLP 1/6 1/9 1,000 256 192 224 ECDLP 160 500 0 10^12 10^16 10^20 10^24 [MIPS・year] Security level 10 2 MIPS PC × 10 10 year @atsuko miyaji NSC-JST workshop / 2012.11 28 6/22
What is Elliptic Curve Cryptosystems -Elliptic Curve Discrete Logarithm Problem- A non-degenerate cubic curve E: y 2 = x 3 + ax + b (a, b ∈ F p (p>3) , 4a 3 +27b 2 ≠ 0) y Easily-executed addition is defined. E is a group. ∞ =( ∞ , ∞ ) is a zero. A + B = (x 3 , y 3 ) (A ≠ B) x 3 = ((y 2 -y 1 )/(x 2 -x 1 )) 2 - x 1 -x 2 y 3 = (y 2 -y 1 )(x 2 -x 1 )(x 1 -x 3 )-y 1 Finite abelian group. E(F p ), F p -rational points, G ={(x,y) ∈ F p × F p | y 2 = x 3 + ax + b } ∪ { ∞ } x-times For given G, Y ∈ E(F p ), find x such Secret key ECDLP that Y = G + ・・・ +G = xG Y=xG ECC (Elliptic Curve Cryptosystems) is Public key based on ECDLP. @atsuko miyaji NSC-JST workshop / 2012.11 28 7/22
Dominant Computation of ECC ・ Dominant security/computation of ECC is a scalar multiplication of kP for a secret k and given P. Y encryption kP signature x public secret key key x Y=xP @atsuko miyaji NSC-JST workshop / 2012.11 28 8/22
Outline 3 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 9/22
Scalar Multiplications –how to efficient & secure- kP = P + ・・・ + P ECC consists of scalar multiplication kP. k times Performance of ECC: depends on (memory, comp) of kP efficient scalar multiplication is needed! Security of ECC: also depends on a secrecy of k in kP <Theoretically> Solve k from kP means “solve ECDLP”. <Practically> (side channel attack) Solve k during execution of kP by side channel information. secure scalar multiplication is needed! @atsuko miyaji NSC-JST workshop / 2012.11 28 10/22
General Approach to compute kP kP = 1 0 1 1 0 0 ・・・ 1 P (in binary) Scalar Multiplication Left-to-Right binary Alg Right-to-Left binary Alg L R L R Addition k = 27 = 1 1 0 1 1 k = 27 = 1 1 0 1 1 chains ((P + 2P) + 2 3 P) + 2 4 P 2(2(2(2P + P) )+P) +P Repeat:2 ・ 2 j P, Y=Y+2 j P Repeat: Y=2Y+P Addition Addition (Add), Doubling (Dbl) formulae Field Multiplication (M), Inversion (S) Arithmetic @atsuko miyaji NSC-JST workshop / 2012.11 28 11/22
Layered Model for Scalar Multiplication Addition-chains Binary, Signed binary, window method # Dbl + # Add is different Addition formulae Dbl Add Coordinates Affine (A) Jacobian (J) #M+#I+#I is different. Field arithmetic Square (S) Computation cost Multiplication (M) Inversion (I) I ≫ M > S All layers have different methods with different computational cost. We investigate secure and efficient scalar multiplication. @atsuko miyaji NSC-JST workshop / 2012.11 28 12/22
Outline 4 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 4. Scalar Multiplication 4. Scalar Multiplication 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 13/22
Scalar Multiplication Left-to-Right binary algorithm Input P, k=(k n-1 , ・・・ , k 0 ), Output kP R 0 = P, R 2 = P For i = n-2 to 0 R 0 = 2R 0 if k i = 1 then R 0 = R 0 + R 2 Add only if k i =1 Output R 0 Binary algorithm has branch instruction depends on secret-key bit k. It is subject to side-channel attacks. @atsuko miyaji NSC-JST workshop / 2012.11 28 14/22
Side Channel Attack Side channel attack Obtain the secret of k by observing side channel info: Computing time, power consumption traces, etc. SPA (Single Power Analysis) : Obtain the secret of k by observing the single power analysis. regular execution without branch for a condition of k. Safe error attack : Obtain the secret by inducing a fault during the execution of kP and checking whether the targeted instruction is fake. execution without dummy operation @atsuko miyaji NSC-JST workshop / 2012.11 28 15/22
Simple Power Analysis (SPA) Use an instruction dependent of a secret k during kP Eliminate any branch instruction of kP. Binary algorithm double-and-add-always algorithm E, E(F p ) ∋ P x, k: secret key R 0 = P, R 2 = P R 0 = P, R 2 = P For i = n-2 to 0 For i = n-2 to 0 R 0 = 2R 0 R 0 = 2R 0 R = kP =(R x , R y ) m if k i = 1 then R 0 = R 0 + R 2 b = c k i ; R b = R b + R 2 s = (m + x R x )/k Output R 0 Output R 0 Signature generation If power consumption is measured, then branch instruction reveals the corresponding secret-key bit. Branch instruction dependent on each secret-key bit. D D D D A D A k = 1 0 0 0 1 0 1 @atsuko miyaji NSC-JST workshop / 2012.11 28 16/22
Safe Error Attach (SEA) ・ One of fault attacks. Give just 1 fault. ・ Distinguish the target bit = 0 or 1 by checking the output is correct or not . double-and-add-always algorithm Addition in k i =0 is dummy. secure against SPA. k i =0 R 0 = P, R 2 = P R 0 = 2R 0 For i = n-2 to 0 Safe R 1 = R 1 + R 2 R 0 = 2R 0 Insert error Output R 0 b = c k i ; R b = R b + R 2 1 error Output R 0 k i =1 Dummy instruction R 0 = 2R 0 becomes safe error Real R 0 = R 0 + R 2 for 1 fault. error Output R 0 @atsuko miyaji NSC-JST workshop / 2012.11 28 17/22
Outline 5 1. Information Security for Cloud 1. Information Security for Cloud 1. Information Security for Cloud Computing Computing Computing 2. Public key cryptosystems 2. Public key cryptosystems 2. Public key cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 3. Elliptic Curve Cryptosystems 4. Scalar Multiplication 4. Scalar Multiplication 4. Scalar Multiplication 5. Side Channel Attack 5. Side Channel Attack 5. Side Channel Attack 6. Approach to Achieve a Secure and Efficient cryptosystems 7. Conclusion @atsuko miyaji NSC-JST workshop / 2012.11 28 18/22
Recommend
More recommend