Introduction Problem: side-channel attacks Countermeasures: hiding, - PowerPoint PPT Presentation

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017

www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . Reduce overhead of countermeasures A SCON , K ETJE /K EYAK , PRIMATES, SCREAM, . . . 1 / 21

www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . Reduce overhead of countermeasures A SCON , K ETJE /K EYAK , PRIMATES, SCREAM, . . . Can we do more? LR and MR AE [Ber+16] I SAP 1 / 21

www.iaik.tugraz.at I SAP Authenticated encryption scheme Following requirements of CAESAR call No assumptions on choice of the nonce Provides protection against DPA for: Encryption Decryption Solely based on sponges Limits the attack surface against SPA 2 / 21

www.iaik.tugraz.at SPA and DPA Simple Power Analysis (SPA) Observe device processing the same or a few inputs Techniques directly interpreting measurements Differential Power Analysis (DPA) Observe device processing many different inputs Allows for the use of statistical techniques 3 / 21

www.iaik.tugraz.at Is DPA Still a Threat? A. Moradi and T. Schneider Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series COSADE 2016 E. Ronen, C. O’Flynn, A. Shamir, and A.-O. Weingarten IoT Goes Nuclear: Creating a ZigBee Chain Reaction Cryptology ePrint Archive, Report 2016/1047, 2016 4 / 21

www.iaik.tugraz.at What to do Against DPA? Implementation Hiding Masking Threshold implementations Scheme Fresh re-keying Leakage resilient cryptography 5 / 21

www.iaik.tugraz.at Fresh Re-keying [Med+10] N g g K K K ∗ K ∗ C E − 1 P E P Tag Reader 6 / 21

www.iaik.tugraz.at Fresh Re-keying [Med+11] N b N a g g K K K ∗ K ∗ C E − 1 P E P Party 1 Party 2 7 / 21

www.iaik.tugraz.at What About Storage? N g K Storage K ∗ C P E Device Encryption still fine Decryption causes problems 8 / 21

www.iaik.tugraz.at How to Protect Decryption? Solely rely on implementation countermeasures Costly Makes re-keying for encryption kind of obsolete Limit to one decryption Keep track of the nonce Re-encrypt data Time consuming Damaging 9 / 21

www.iaik.tugraz.at Multiple Decryption Retain principles of fresh re-keying allowing multiple decryption 10 / 21

www.iaik.tugraz.at Multiple Decryption Retain principles of fresh re-keying allowing multiple decryption DPA protection in storage settings A. Moradi and T. Schneider Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series COSADE 2016 DPA protection in unidirectional/broadcast settings E. Ronen, C. O’Flynn, A. Shamir, and A.-O. Weingarten IoT Goes Nuclear: Creating a ZigBee Chain Reaction Cryptology ePrint Archive, Report 2016/1047, 2016 10 / 21

www.iaik.tugraz.at Priciple of I SAP ’s Decryption “Bind” the session key to the data that is decrypted 11 / 21

www.iaik.tugraz.at Priciple of I SAP ’s Decryption “Bind” the session key to the data that is decrypted H N g g K K N � C MAC T C Dec P 11 / 21

www.iaik.tugraz.at Priciple of I SAP ’s Decryption “Bind” the session key to the data that is decrypted H N g g K K N � C MAC T C Dec P 11 / 21

www.iaik.tugraz.at I SAP ’s Authentication/Verification N C 1 C t K A y g IV p p p K ∗ IV A N C 1 C t T IV p p p p IV 12 / 21

www.iaik.tugraz.at I SAP ’s Authentication/Verification K A y K ∗ A g N C 1 C t T IV p p p p IV 12 / 21

www.iaik.tugraz.at I SAP ’s Authentication/Verification Use suffix MAC instead of hash-then-MAC N � IV 1 C 1 C t K A T y K ∗ A r 1 r 1 k g k k p a p a p a p a c 1 c 1 12 / 21

www.iaik.tugraz.at Possible g to Absorb Key K A Modular multiplication y K ∗ A [Med+10] g p a p a LPL and LWE [Dzi+16] Sponges [TS14] 13 / 21

www.iaik.tugraz.at Absorbing the Key Idea: Reduce rate to a minimum [TS14] Related to the classical GGM construction [GGM86] y 1 y 2 y w K ∗ K A � IV 2 A r 2 r 2 r 2 k p c p c p b p b c 2 c 2 c 2 14 / 21

www.iaik.tugraz.at I SAP ’s En-/Decryption C 1 C v K E � IV 3 N 1 N u P 1 P v r 2 r 2 r 3 r 3 p c p b p c p c p c c 2 c 2 c 3 15 / 21

www.iaik.tugraz.at Benefits of Sponges Well-studied and analyzed Allows to implement a wide range of primitives No inverse building blocks (permutation) needed No key schedule, key is injected once 16 / 21

www.iaik.tugraz.at Sponges and Side-channel Leakage ℓ i ℓ i +1 r r p p c 17 / 21

www.iaik.tugraz.at Sponges and Side-channel Leakage ℓ i ℓ i +1 ℓ i + ℓ i +1 r r r r p p p p c c ′ c ′ = c − ( ℓ i + ℓ i + 1 ) 17 / 21

www.iaik.tugraz.at Instances K ECCAK - p [400, n r ] as permutation [Ber+14] Security level Bit size of Rounds Name k r 1 r 2 r 3 a b c I SAP -128 128 144 1 144 20 12 12 T RUMPF -128 128 144 1 144 16 1 8 18 / 21

www.iaik.tugraz.at Implementation One round per cycle Area Initialization Runtime per Block Function [kGE] [cycles] [ µ s] [cycles] [ µ s] I SAP -128 14.0 3 401 20.1 36 0.20 T RUMPF -128 14.0 564 3.3 28 0.16 19 / 21

www.iaik.tugraz.at Conclusion AE scheme following requirements of CAESAR call Provides protection against DPA Encryption Decryption Enables several use-cases Multiple decryption of stored data Unidirectional/Broadcast communication 20 / 21

www.iaik.tugraz.at Thank you http://eprint.iacr.org/2016/952 21 / 21

www.iaik.tugraz.at References I [Ber+14] G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, and R. Van Keer Ketje Submission to the CAESAR competition: http://competitions.cr.yp.to , 2014 [Ber+16] F. Berti, F. Koeune, O. Pereira, T. Peters, and F.-X. Standaert Leakage-Resilient and Misuse-Resistant Authenticated Encryption Cryptology ePrint Archive, Report 2016/996, 2016 [Dzi+16] S. Dziembowski, S. Faust, G. Herold, A. Journault, D. Masny, and F. Standaert Towards Sound Fresh Re-keying with Hard (Physical) Learning Problems CRYPTO 2016

www.iaik.tugraz.at References II [GGM86] O. Goldreich, S. Goldwasser, and S. Micali How to construct random functions J. ACM 33:4, 1986 [Med+10] M. Medwed, F.-X. Standaert, J. Großsch¨ adl, and F. Regazzoni Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices AFRICACRYPT 2010 [Med+11] M. Medwed, C. Petit, F. Regazzoni, M. Renauld, and F.-X. Standaert Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks CARDIS 2011 [MS16] A. Moradi and T. Schneider Improved Side-Channel Analysis Attacks on Xilinx Bitstream Encryption of 5, 6, and 7 Series COSADE 2016

www.iaik.tugraz.at References III [Ron+16] E. Ronen, C. O’Flynn, A. Shamir, and A.-O. Weingarten IoT Goes Nuclear: Creating a ZigBee Chain Reaction Cryptology ePrint Archive, Report 2016/1047, 2016 [TS14] M. M. I. Taha and P . Schaumont Side-channel countermeasure for SHA-3 at almost-zero area overhead HOST 2014