introduction to physical attacks
play

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC - PowerPoint PPT Presentation

Dec 12, 2023 •415 likes •993 views

Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018 Summary Introduction Side Channel Attacks Fault Injection Attacks Conclusion and References Arnaud Tisserand. CNRS Lab-STICC. Introduction

  1. Introduction to Physical Attacks Arnaud Tisserand CNRS, Lab-STICC 25th October 2018

  2. Summary • Introduction • Side Channel Attacks • Fault Injection Attacks • Conclusion and References Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 2/24

  3. Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage, RFID tags, WSN, smart grids. . . Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 3/24

  4. Attacks attack Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  5. Attacks observation attack perturbation invasive Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  6. Attacks timing analysis power analysis EMR analysis observation attack perturbation fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  7. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  8. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering advanced algorithms probing optimized programming EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 4/24

  9. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 5/24

  10. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) “Old style” side channel attacks : + good value clic clac bad value Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 5/24

  11. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 6/24

  12. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k measure attack k , M ??? E General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 6/24

  13. What Should be Measured? Answer : everything that can “enter” and/or “get out” in/from the device • power consumption • electromagnetic radiation • temperature • sound • computation time • number of cache misses • number and type of error messages • ... The measured parameters may provide informations on: • global behavior (temperature, power, sound...) • local behavior (EMR, # cache misses...) Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 7/24

  14. Power Consumption Analysis General principle: 1. measure the current i ( t ) in the cryptosystem 2. use those measurements to “deduce” secret informations crypto. secret key = 962571. . . i ( t ) R V DD Crypto/server-dell traces Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 8/24

  15. Differences & External Signature An algorithm : r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  16. Differences & External Signature An algorithm has a current signature : r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 I t 1 2 3 4 5 6 7 8 i I + I × a i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  17. Differences & External Signature An algorithm has a current signature and a time signature: r = c 0 for i from 1 to n do if a i = 0 then r = r + c 1 else r = r × c 2 T t T + T × I t 1 2 3 4 5 6 7 8 i I + I × a i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 9/24

  18. Simple Power Analysis (SPA) Source: [2] Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 10/24

  19. Simple Power Analysis (SPA) Source: [2] Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 10/24

  20. SPA on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  21. SPA on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  22. SPA on ECC protocol level DBL DBL DBL DBL DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  23. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  24. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc 0 0 0 1 1 0 [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) • simple power analysis (& variants) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  25. SPA on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc 0 0 0 1 1 0 [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) • simple power analysis (& variants) field level . . . x ± y x × y • differential power analysis (& variants) • horizontal/vertical/templates/. . . attacks Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 11/24

  26. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  27. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  28. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  29. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Answer : use statistics over several traces Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 12/24

  30. Differential Power Analysis (DPA) cryptosystem Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  31. Differential Power Analysis (DPA) cryptosystem internal state Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  32. Differential Power Analysis (DPA) cryptosystem internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  33. Differential Power Analysis (DPA) cryptosystem implementation internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  34. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

  35. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Introduction to Physical Attacks 13/24

Recommend

An Introduction to Physical Attacks Application to Secret Specifications Algorithms

An Introduction to Physical Attacks Application to Secret Specifications Algorithms

An Introduction to Physical Attacks Application to Secret Specifications Algorithms Christophe Clavier GEMALTO Security Labs SSTIC Rennes May 30, 2007 Christophe Clavier SSTIC 07 Rennes Physical Attacks Against

708 views • 23 slides
Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon RASTIKIAN Arnaud TISSERAND 2 = 3 PLAN Introduction Elliptic Curve Cryptography Side Channel Attacks

473 views • 33 slides
Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP Lyon, 2018.11.09 Summary Introduction Physical Attacks Arithmetic Circuits Protections Conclusion and References Arnaud

594 views • 46 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information

Introdution to Physical Cryptanalysis ASK 2014 Victor LOMNE ANSSI (French Network and Information Security Agency) Saturday, December 20 th , 2014 Introduction| Side Channel Attacks (SCA)| Fault Attacks (FA)| Combined Attacks| Protections|

817 views • 71 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova,

Threshold Implementations (Efficient TI on AES) Begl Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen Introduction Physical Attacks Active Passive (Fault Attacks) (Observing Attacks) Side Channel Attacks

644 views • 45 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo Why do Physical-space Threats Concern for SmartPhones? Why do Physical-space Threats

318 views • 31 slides
Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems

Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices to appear in IEEE/ACM International Conference Cyber-Physical Systems (ICCPS 2019) Nicola Paoletti Royal Holloway, University of London Joint work with: Scott A Smolka, Shan Lin,

406 views • 36 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Cheap & Cheerful A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and Cryptographic Engineering (PACE), Nanyang Technological University, Singapore SPACE 2016,

667 views • 31 slides
Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks

Vulnerability Analysis Of Optimal Power Flow Problem Under Cyber-Physical Security Attacks Devendra Shelar and Saurabh Amin Massachusetts Institute of Technology INFORMS November 15 th , 2016 Vulnerable Electricity Networks: Key issues Two

391 views • 7 slides
M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas

M&M: Masks and Macs against Physical Attacks CHES 2019 Lauren De Meyer, Victor Arribas Svetla Nikova, Ventzislav Nikov, Vincent Rijmen B ACK TO THE 90 S Differential Power Analysis (DPA) Paul Kocher et al. 1999 [KJJ99]

322 views • 28 slides
CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor

CAPA: the spirit of Beaver against physical attacks Oscar Reparaz, Lauren De Meyer, Victor Arribas, Begul Bilgin, Svetla Nikova, Venzi Nikov, Nigel Smart COSIC KU Leuven University of Bristol NXP Semiconductors Problem statement 2 (Johann

563 views • 37 slides
Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is as old as the trade of hacking Common Characteristics: Physical access (at least within transmission range of EM/Accoustic signals). Seemingly

252 views • 22 slides
Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems

Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems

Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias Schulz, Adrian Loch, Matthias Hollick Practical Known-Plaintext Attacks against Physical Layer Security in Wireless MIMO Systems Matthias

607 views • 22 slides
PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan,

PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan,

PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan, Korea Bruno Robisson, Hlne Le Bouder Secure Architecture and Systems Laboratory Joint team between CEA and Ecole des Mines de Saint-Etienne

883 views • 28 slides
Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content

Physical Attacks on Deep Learning Systems Ivan Evtimov Collaborators and slide content contributions: Earlence Fernandes, Kevin Eykholt, Chaowei Xiao, Amir Rahmati, Florian Tramer, Bo Li, Atul Prakash, Tadayoshi Kohno, Dawn Song Deep Learning

556 views • 44 slides
Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas

Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas

www.iaik.tugraz.at S C I E N C E P A S S I O N T E C H N O L O G Y Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas Unterluggauer, Mario Werner

621 views • 57 slides
Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J. RUBIO-HERNAN and J. GARCIA-ALFARO Agenda Introduction State of the Art Physical-layer Failure Detection Mechanisms Conclusion & Future

465 views • 28 slides
Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka Savola Introduction Describes a view of ISP backbone network attacks Lots of folks in IETF and elsewhere had quite different ideas whats out

529 views • 9 slides
Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia Laguna, Sardinia (Italy) 19 October 2015 Introduction to Fault Attacks 19 October 2015 What are fault attacks? Active attacks against

571 views • 27 slides

More recommend