protection of arithmetic circuits against physical attacks
play

Protection of Arithmetic Circuits against Physical Attacks Arnaud - PowerPoint PPT Presentation

Feb 18, 2024 •121 likes •594 views

Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP Lyon, 2018.11.09 Summary Introduction Physical Attacks Arithmetic Circuits Protections Conclusion and References Arnaud

  1. Protection of Arithmetic Circuits against Physical Attacks Arnaud Tisserand CNRS, Lab-STICC LIP Lyon, 2018.11.09

  2. Summary • Introduction • Physical Attacks • Arithmetic Circuits • Protections • Conclusion and References Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 2/28

  3. Introduction Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 3/28

  4. Applications with Security Requirements • medical devices • home automation • digital administration • e-commerce • transports • communications: cell. phones, Internet, industrial networks. . . • IOT • WSN • embedded systems • cloud computing • RFID tags • smart { grids | cities | buildings | . . . } • . . . Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 4/28

  5. Security and Embedded Systems Integrated circuits perform security tasks, somewhere in the system. . . Cases where a close access is difficult: Cases where a close access can be possible: Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 5/28

  6. Physical Attacks Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 6/28

  7. Attacks Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 7/28

  8. Attacks Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 7/28

  9. Attacks software theoretical social engineering Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 7/28

  10. Attacks timing analysis power analysis observation EMR analysis software fault injection perturbation reverse engineering theoretical physical probing social engineering invasive EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 7/28

  11. Attacks Types of attacks (non-exhaustive): timing analysis power analysis observation EMR analysis software fault injection perturbation reverse engineering theoretical physical probing social engineering invasive EMR = Electromagnetic radiation Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 7/28

  12. Observation Attacks Question : what can/should be measured? Answer : everything that can “enter” and/or “get out” in/from the device • computation time • power consumption • electromagnetic radiation • temperature • sound • number of cache misses • number and type of error messages • ... The measured parameters may provide informations on: • global behavior (temperature, power, sound...) • local behavior (microprobe, # cache misses...) Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 8/28

  13. Power Consumption Analysis General principle: 1. measure the current i ( t ) in the cryptosystem 2. use those measurements to “deduce” secret informations crypto. secret key = 962571. . . i ( t ) R V DD traces Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 9/28

  14. Differences & External Signature An algorithm : r = 0 for i from 1 to n do if k i = 0 then r = r + a else r = r × b Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 10/28

  15. Differences & External Signature An algorithm has a current signature : r = 0 for i from 1 to n do if k i = 0 then r = r + a else r = r × b I t i 1 2 3 4 5 6 7 8 I + I × k i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 10/28

  16. Differences & External Signature An algorithm has a current signature and a time signature: r = 0 for i from 1 to n do if k i = 0 then r = r + a else r = r × b T t T + T × I t i 1 2 3 4 5 6 7 8 I + I × k i 0 1 1 0 1 0 0 1 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 10/28

  17. Observation Attacks Source: [9] Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 11/28

  18. Observation Attacks Source: [9] Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 11/28

  19. Perturbation or Fault Injection Attacks Typical techniques : • perturbation in the power supply voltage • perturbation of the clock signal • temperature (over/under-heating the chip) • radiation or electromagnetic (EM) disturbances • exposing the chip to intense lights or beams • etc Accuracy : • time: part of clock cycle, clock cycle, code block (instruction sequence) • space: gate, block, unit, core, chip, package • value: set to a specific value, bit flip, stuck-at 0 or 1, random modification Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 12/28

  20. Perturbation on the External Clock Principle : voltage CLK time • Normal clock (at a given frequency, duty cycle ≈ 50%) Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 13/28

  21. Perturbation on the External Clock Principle : voltage MCLK CLK time • Normal clock (at a given frequency, duty cycle ≈ 50%) • Clock with a modified duty cycle Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 13/28

  22. Perturbation on the External Clock Principle : voltage glitches GCLK MCLK CLK time • Normal clock (at a given frequency, duty cycle ≈ 50%) • Clock with a modified duty cycle • Glitched clock • Etc. Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 13/28

  23. Clock Glitch Attack Example Source : paper [1] presented at FDTC 2011 conference Setup : AVR ATMega 163 microcontroller @ 1MHz mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 EOR R15,R5 0010 0100 1111 0101 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 14/28

  24. Clock Glitch Attack Example Source : paper [1] presented at FDTC 2011 conference Setup : AVR ATMega 163 microcontroller @ 1MHz mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 EOR R15,R5 0010 0100 1111 0101 glitch 59 ns i + 1 NOP 0000 0000 0000 0000 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 14/28

  25. Clock Glitch Attack Example Source : paper [1] presented at FDTC 2011 conference Setup : AVR ATMega 163 microcontroller @ 1MHz mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 EOR R15,R5 0010 0100 1111 0101 glitch 59 ns i + 1 NOP 0000 0000 0000 0000 mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 SER R18 1110 1111 0010 1111 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 14/28

  26. Clock Glitch Attack Example Source : paper [1] presented at FDTC 2011 conference Setup : AVR ATMega 163 microcontroller @ 1MHz mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 EOR R15,R5 0010 0100 1111 0101 glitch 59 ns i + 1 NOP 0000 0000 0000 0000 mode glitch period cycle instruction opcode (bin) normal - 0000 0000 0000 0000 i NOP normal - i + 1 SER R18 1110 1111 0010 1111 glitch 61 ns i + 1 LDI R18,0xEF 1110 1110 0010 1111 glitch 60 ns i + 1 0000 1000 0010 1111 SBC R12,R15 glitch 59 ns i + 1 NOP 0000 0000 0000 0000 Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 14/28

  27. Arithmetic Circuits Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 15/28

  28. Example of Crypto-Processor Architecture key mng. code register external interface CTRL mem. file interconnect FU 1 FU 2 FU 3 Functional Units : ± , × , ÷ in finite fields F p or F 2 m with 20 – 8000 bits elements and (small) vectors/matrices Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 16/28

  29. Protections Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 17/28

  30. Protections Principles for preventing attacks : • embed additional protection blocks • modify the original circuit into a secured version • application levels: circuit, architecture, algorithm, protocol. . . Arnaud Tisserand. CNRS – Lab-STICC. Protection of Arithmetic Circuits against Physical Attacks 18/28

Recommend

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon

Protection of cryptographic keys recodings against physical attacks Supervisor: Author: Simon RASTIKIAN Arnaud TISSERAND 2 = 3 PLAN Introduction Elliptic Curve Cryptography Side Channel Attacks

473 views • 33 slides
lecture 4 Combinational logic 2 - ROM - arithmetic circuits - arithmetic logic unit (ALU)

lecture 4 Combinational logic 2 - ROM - arithmetic circuits - arithmetic logic unit (ALU)

lecture 4 Combinational logic 2 - ROM - arithmetic circuits - arithmetic logic unit (ALU) January 20, 2016 Last lecture: truth tables, logic gates & circuits Recall multiplexor (selector) if S Y = B else Y = A We will

356 views • 31 slides
Unit 11 Adders & Arithmetic Circuits 11.2 Learning Outcomes I understand what gates are

Unit 11 Adders & Arithmetic Circuits 11.2 Learning Outcomes I understand what gates are

11.1 Unit 11 Adders & Arithmetic Circuits 11.2 Learning Outcomes I understand what gates are used to design half and full adders I can build larger arithmetic circuits from smaller building blocks 11.3 ADDERS 11.4 Adder Intro

472 views • 32 slides
Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are

Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are

12.1 Unit 12 Adders & Arithmetic Circuits 12.2 Learning Outcomes I understand what gates are used to design half and full adders I can build larger arithmetic circuits from smaller building blocks 12.3 ADDERS 12.4 Adder Intro

771 views • 40 slides
Protection of flows Protection of flows under targeted attacks under targeted attacks Jannik

Protection of flows Protection of flows under targeted attacks under targeted attacks Jannik

Protection of flows Protection of flows under targeted attacks under targeted attacks Jannik Matuschke Tom McCormick Gianpaolo Oriolo TU Berlin UBC Vancouver Tor Vergata Britta Peis Martin Skutella RWTH Aachen TU Berlin Robust flows

531 views • 28 slides
Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam Solomon Harvard University 1 Outline Arithmetic circuits and algebraic complexity classes Polynomial identity testing (PIT) Hardness vs

1.8k views • 145 slides
Memoization Attacks and Memoization Attacks and Copy Protection in Copy Protection in

Memoization Attacks and Memoization Attacks and Copy Protection in Copy Protection in

Memoization Attacks and Memoization Attacks and Copy Protection in Copy Protection in Partitioned Applications Partitioned Applications Charles W. ODonnell 1 , G. Edward Suh 2 Marten van Dijk 1 , Srinivas Devadas 1 1 Massachusetts Institute

336 views • 32 slides
1. Basic combinational building blocks 2. Logic for arithmetic Common combinational circuits:

1. Basic combinational building blocks 2. Logic for arithmetic Common combinational circuits:

1. Basic combinational building blocks 2. Logic for arithmetic Common combinational circuits: encoders, decoders, multiplexers, adders, Arithmetic Logic Unit (printed together, separate sets of slides online) But first Recall: sum of

276 views • 13 slides
Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf

Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf

Arithmetic circuits with locally low algebraic rank Mrinal Kumar Joint work with Shubhangi Saraf Plan for the talk Plan for the talk Depth four arithmetic circuits. Plan for the talk Depth four arithmetic circuits. The problem we

1.23k views • 106 slides
Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

712 views • 33 slides
On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion University Lecture Plan MPC & Our Results Garbled Circuits Yao and BMR Our Techniques and Constructions What is secure multiparty

492 views • 27 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

ROKs Efforts to Strengthen Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear non-proliferation and Control Legal Framework APPRE (Act on Physical Protection & Radiological Emergency) Act for physical

684 views • 13 slides
Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical &

Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical &

Functional Verification of Arithmetic Circuits Maciej Ciesielski Department of Electrical & Computer Engineering University of Massachusetts, Amherst ciesiel@ecs.umass.edu Outline Introduction Hardware verification methods, focus on

1.02k views • 82 slides
Proof complexity and arithmetic circuits Pavel Hrube Institute of Mathematics, Prague F a fixed

Proof complexity and arithmetic circuits Pavel Hrube Institute of Mathematics, Prague F a fixed

Proof complexity and arithmetic circuits Pavel Hrube Institute of Mathematics, Prague F a fixed underlying field. Arithmetic circuit: computes a polynomial f F [ x 1 , . . . , x n ] . It starts from variables and field elements and computes

685 views • 49 slides
Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13 17 November 2017 Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76) Session: Physical Protection Regime

321 views • 17 slides
Lattice-Based zero-knowledge SNARGs for Arithmetic Circuits Anca Nitulescu Outline C The

Lattice-Based zero-knowledge SNARGs for Arithmetic Circuits Anca Nitulescu Outline C The

Lattice-Based zero-knowledge SNARGs for Arithmetic Circuits Anca Nitulescu Outline C The SNARG Definitions Construction END Background Option for SNARGs Security s Proof Systems Roadmap and Tools Framework Conclusions Motivation

1.03k views • 66 slides
Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

SMT Attack : Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on Cryptographic Hardware and Embedded Systems 2019 ( CHES 2019 ) Kimia Zamiri Azar , Hadi Mardani Kamali, Houman

701 views • 69 slides
Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

1.55k views • 111 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks

Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks

Analysis of Control, Data separation in ForCES protocol for protection against DoS attacks Hormuzd Khosravi Shashidhar Lakkavalli Lily Yang 60 th IETF Meeting, San Diego 1 Problem Statement Requirements RFC 3654 Protection against

629 views • 7 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Generalizing Homomorphic MACs for Arithmetic Circuits Dario Catalano Dario Fiore Universit di

Generalizing Homomorphic MACs for Arithmetic Circuits Dario Catalano Dario Fiore Universit di

Generalizing Homomorphic MACs for Arithmetic Circuits Dario Catalano Dario Fiore Universit di Catania IMDEA Software Institute Italy Spain Rosario Gennaro Luca Nizzardo * CUNY Universit di Milano-Bicocca USA Italy *work done while

1.11k views • 65 slides
Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity

Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity

Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity Michael Forbes Mrinal Kumar Ramprasad Saptharishi Princeton University Rutgers University T el Aviv University Computational Complexity

1.35k views • 107 slides

More recommend