power consumption analysis and hardware security
play

Power Consumption Analysis and Hardware Security Arnaud Tisserand - PowerPoint PPT Presentation

May 30, 2023 •125 likes •763 views

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017 Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage,

  1. Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017

  2. Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage, RFID tags, WSN, smart grids. . . Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 2/26

  3. Cryptographic Features Objectives : Cryptographic primitives : • Confidentiality • Encryption • Integrity • Digital signature • Authenticity • Hash function • Non-repudiation • Random numbers generation • . . . • . . . Implementation issues in hardware : • Performances: speed, delay, throughput, latency • Cost: device (memory, size, weight), low power/energy consumption, design • Security: protection against physical attacks Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 3/26

  4. Square and Multiply Algorithm for RSA input : a , b , n where b = ( b t − 1 b t − 2 . . . b 1 b 0 ) 2 output : a b mod n r = 1 for i from 0 to t − 1 do b i = 1 then i f r = r · a mod n endif a = a 2 mod n endfor return r This is the right to left version (there exists a left to right one) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 4/26

  5. Attacks attack Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26

  6. Attacks observation attack perturbation invasive Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26

  7. Attacks timing analysis power analysis EMR analysis observation attack perturbation fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26

  8. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26

  9. Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering advanced algorithms probing optimized programming EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26

  10. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 6/26

  11. Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) “Old style” side channel attacks : + good value clic clac bad value Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 6/26

  12. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 7/26

  13. Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k measure attack k , M ??? E General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 7/26

  14. What Should be Measured? Answer : everything that can “enter” and/or “get out” in/from the device • power consumption • electromagnetic radiation • temperature • sound • computation time • number of cache misses • number and type of error messages • ... The measured parameters may provide informations on: • global behavior (temperature, power, sound...) • local behavior (EMR, # cache misses...) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 8/26

  15. Power Consumption Analysis General principle: 1. measure the current i ( t ) in the cryptosystem 2. use those measurements to “deduce” secret informations crypto. secret key = 962571. . . i ( t ) R V DD traces Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 9/26

  16. Simple Power Analysis (SPA) Source: [4] Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 10/26

  17. Simple Power Analysis (SPA) Source: [4] Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 10/26

  18. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26

  19. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26

  20. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26

  21. Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Answer : use statistics over several traces Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26

  22. Differential Power Analysis (DPA) cryptosystem Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  23. Differential Power Analysis (DPA) cryptosystem internal state Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  24. Differential Power Analysis (DPA) cryptosystem internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  25. Differential Power Analysis (DPA) cryptosystem implementation internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  26. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  27. Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  28. Differential Power Analysis (DPA) cryptosystem implementation internal state measures power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  29. Differential Power Analysis (DPA) cryptosystem implementation internal state measures power model select bit b to attack power( H b =1 ) b = 1 comparison power( H b =0 ) b = 0 correct hypothesis Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26

  30. Side Channel Attack on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26

  31. Side Channel Attack on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26

  32. Side Channel Attack on ECC protocol level DBL DBL DBL DBL DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26

  33. Side Channel Attack on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26

Recommend

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

ChipWhisperer Lite Modeling Power Consumption Every device requires power to run (static Dynamic

Open source tool for research on hardware attacks Side Channel Power Analysis Glitching Attacks Essentially an oscilloscope attached to a target chip ChipWhisperer Lite Modeling Power Consumption Every device requires power to run

175 views • 14 slides
On-Device Power Analysis Across Hardware Security Domains Colin OFlynn , Alex Dewar Dalhousie

On-Device Power Analysis Across Hardware Security Domains Colin OFlynn , Alex Dewar Dalhousie

On-Device Power Analysis Across Hardware Security Domains Colin OFlynn , Alex Dewar Dalhousie University CHES 2019 - Atlanta, Georgia 1 What am I doing for next 17 mins (in 42 slides)? Introduction Remote & Cross-Domain Attacks

674 views • 43 slides
Hardware Parametric Energy Consumption Analysis - Joint TACLe EACO Workshop on Analysis

Hardware Parametric Energy Consumption Analysis - Joint TACLe EACO Workshop on Analysis

Hardware Parametric Energy Consumption Analysis - Joint TACLe EACO Workshop on Analysis Techniques for Energy-Aware Computing - Marko van Eekelen Paolo Parisen Toldin, Rody Kersten, Bernard van Gastel Marc Schoolderman, Jascha Neutelings,

446 views • 21 slides
1 QoS depends on Transmitter Power Control depends on Transmitter Power Control QoS Related

1 QoS depends on Transmitter Power Control depends on Transmitter Power Control QoS Related

The Last Issue The Last Issue Power Consumption Issues Standy/PowerON Processing Power Consumption Wireless Multimedia System Transmitting Power Consumption Routing Power Consumptions Dr. Eric Wu

890 views • 12 slides
Today Power management Hardware capabilities Software management strategies Power and

Today Power management Hardware capabilities Software management strategies Power and

Today Power management Hardware capabilities Software management strategies Power and Energy Review Energy is power integrated over time 1 Watt == 1 Joule / second Heat depends on power consumption Battery life depends

534 views • 28 slides
Analysis of the Influences on Server Power Consumption and Energy Efficiency for CPU-Intensive

Analysis of the Influences on Server Power Consumption and Energy Efficiency for CPU-Intensive

Analysis of the Influences on Server Power Consumption and Energy Efficiency for CPU-Intensive Workloads Jakim v. Kistowski, Hansfried Block, John Beckett, Klaus-Dieter Lange, Jeremy A. Arnold, Samuel Kounev University of Wrzburg, Fujitsu,

404 views • 26 slides
An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual

An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual

An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual Technical Gernot Heiser Conference UNSW Presented by Prasanth B L Aakash Arora Objective To determine where and how the power is used in the

602 views • 46 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
ICT for Green: High Frequency Sensing and Analysis of Residential Power Consumption Ubiquitous

ICT for Green: High Frequency Sensing and Analysis of Residential Power Consumption Ubiquitous

ICT for Green: High Frequency Sensing and Analysis of Residential Power Consumption Ubiquitous Computing Seminar 10.03.2015 Presentation by Tino Burri Supervisor: Christian Beckel Importance of context information in households Reduce the

579 views • 26 slides
An Analysis of Power Consumption in a Smartphone Wei Wang ECE Dept. Worcester Polytechnic Institute

An Analysis of Power Consumption in a Smartphone Wei Wang ECE Dept. Worcester Polytechnic Institute

An Analysis of Power Consumption in a Smartphone Wei Wang ECE Dept. Worcester Polytechnic Institute (WPI) Introduction Energy efficiency of the smartphones is very important, which needs a effective energy management. The core requirement

361 views • 20 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Today Power and Energy Review Power management Energy is power integrated over time

Today Power and Energy Review Power management Energy is power integrated over time

Today Power and Energy Review Power management Energy is power integrated over time Hardware capabilities 1 Watt == 1 Joule / second Software management strategies Heat depends on power consumption Battery life depends

282 views • 5 slides
CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar

CONTACTLESS POWER TRANSFER SYSTEM- HARDWARE ANALYSIS Presentation By Dr. Praveen Kumar Associate Professor Department of Electronics & Communication Engineering Overview 2 Introduction Computation of mutual inductance for square

967 views • 65 slides
Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we

Who we are Eshard - Embedded Security Company Software & Hardware Security What do we do: @eshardNews Tools: Side Channel / Code Analysis Consultancy https://www.eshard.com Audit contact@eshard.com Training

752 views • 54 slides
Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor

Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor

Digital IC Design Digital IC Design Design Trade-offs Speed (throughput and clock frequency) Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor wall and Dept. of Electrical and Infomation

844 views • 15 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us)

Hardware Group NSF Workshop on the Science of Power Management Hardware (Synopsis: Fund Us) Tradeoffs: Power vs performance vs reliability (Also: thermals & variability) Need models to reason about designs at many levels:

431 views • 10 slides
nanoPOWER extreme low power solutions nanoPOWER brings the power consumption down to a

nanoPOWER extreme low power solutions nanoPOWER brings the power consumption down to a

nanoPOWER extreme low power solutions nanoPOWER brings the power consumption down to a fraction of normally achieved Addressing a key challenge facing IoT projects: Need to install and forget - especially industrial applications depend on

602 views • 22 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
How the analysis of electrical current consumption of embedded systems could lead to code

How the analysis of electrical current consumption of embedded systems could lead to code

How the analysis of electrical current consumption of embedded systems could lead to code reversing ? Code extraction via Power analysis Focus on Embedded systems Yann ALLAIN / Julien MOINARD AGENDA Who we are Research

979 views • 71 slides
BER and Power Consumption Estimation Based on Hierarchical Modeling of a 2.4 GHz Power Amplifier

BER and Power Consumption Estimation Based on Hierarchical Modeling of a 2.4 GHz Power Amplifier

BER and Power Consumption Estimation Based on Hierarchical Modeling of a 2.4 GHz Power Amplifier Lucas Alves da Silva, William Tatinian, Gilles Jacquemod LEAT - UMR CNRS UNS 6071 IEEE Behavioral Modeling and Simulation Conference September 23 rd

572 views • 19 slides
MDT FE Power Consumption M. Fras, 06 June 2019 ASD Power Depending on Voltage ASD Supply [V]

MDT FE Power Consumption M. Fras, 06 June 2019 ASD Power Depending on Voltage ASD Supply [V]

MDT FE Power Consumption M. Fras, 06 June 2019 ASD Power Depending on Voltage ASD Supply [V] ASD Current [mA] ASD Power [mW] 3.3 121 399 3.0 102 306 2.7 87 235 No signal on ASD analog inputs. ASD default power-on

596 views • 6 slides
13-Feb-19 Economics of Power Generation Economics of Power Generation Electricity consumption

13-Feb-19 Economics of Power Generation Economics of Power Generation Electricity consumption

13-Feb-19 Economics of Power Generation Economics of Power Generation Electricity consumption per capita is the index of living standard of people of that In whatever we do, energy plays an important role. country. There can be

131 views • 12 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides

More recommend