Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017
Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage, RFID tags, WSN, smart grids. . . Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 2/26
Cryptographic Features Objectives : Cryptographic primitives : • Confidentiality • Encryption • Integrity • Digital signature • Authenticity • Hash function • Non-repudiation • Random numbers generation • . . . • . . . Implementation issues in hardware : • Performances: speed, delay, throughput, latency • Cost: device (memory, size, weight), low power/energy consumption, design • Security: protection against physical attacks Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 3/26
Square and Multiply Algorithm for RSA input : a , b , n where b = ( b t − 1 b t − 2 . . . b 1 b 0 ) 2 output : a b mod n r = 1 for i from 0 to t − 1 do b i = 1 then i f r = r · a mod n endif a = a 2 mod n endfor return r This is the right to left version (there exists a left to right one) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 4/26
Attacks attack Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26
Attacks observation attack perturbation invasive Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26
Attacks timing analysis power analysis EMR analysis observation attack perturbation fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26
Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering probing EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26
Attacks timing analysis power analysis EMR analysis observation attack perturbation theoretical fault injection invasive reverse engineering advanced algorithms probing optimized programming EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 5/26
Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 6/26
Side Channel Attacks (SCAs) (1/2) Attack : attempt to find, without any knowledge about the secret: • the message (or parts of the message) • informations on the message • the secret (or parts of the secret) “Old style” side channel attacks : + good value clic clac bad value Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 6/26
Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 7/26
Side Channel Attacks (SCAs) (2/2) E D E k ( M ) D k ( E k ( M )) = M M A B k k measure attack k , M ??? E General principle: measure external parameter(s) on running device in order to deduce internal informations Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 7/26
What Should be Measured? Answer : everything that can “enter” and/or “get out” in/from the device • power consumption • electromagnetic radiation • temperature • sound • computation time • number of cache misses • number and type of error messages • ... The measured parameters may provide informations on: • global behavior (temperature, power, sound...) • local behavior (EMR, # cache misses...) Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 8/26
Power Consumption Analysis General principle: 1. measure the current i ( t ) in the cryptosystem 2. use those measurements to “deduce” secret informations crypto. secret key = 962571. . . i ( t ) R V DD traces Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 9/26
Simple Power Analysis (SPA) Source: [4] Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 10/26
Simple Power Analysis (SPA) Source: [4] Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 10/26
Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26
Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26
Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26
Limits of the SPA Example of behavior difference: (activity into a register) t 0000000000000000 0000000000000000 t + 1 1111111111111111 0000000000000001 Important : a small difference may be evaluated has a noise during the measurement traces cannot be distinguished Question : what can be done when differences are too small? Answer : use statistics over several traces Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 11/26
Differential Power Analysis (DPA) cryptosystem Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem internal state Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem implementation internal state select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack b = 1 b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem implementation internal state power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem implementation internal state measures power model select bit b to attack power( H b =1 ) b = 1 power( H b =0 ) b = 0 Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Differential Power Analysis (DPA) cryptosystem implementation internal state measures power model select bit b to attack power( H b =1 ) b = 1 comparison power( H b =0 ) b = 0 correct hypothesis Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 12/26
Side Channel Attack on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26
Side Channel Attack on ECC protocol level encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26
Side Channel Attack on ECC protocol level DBL DBL DBL DBL DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26
Side Channel Attack on ECC protocol level DBL DBL DBL ADD DBL ADD DBL DBL encryption signature etc [ k ] P curve level Scalar multiplication operation ADD ( P , Q ) DBL ( P ) for i from 0 to t − 1 do if k i = 1 then Q = ADD ( P , Q ) P = DBL ( P ) field level . . . x ± y x × y Arnaud Tisserand. CNRS – Lab-STICC. Power Consumption Analysis and Hardware Security 13/26
Recommend
More recommend