randomness as countermeasures against side channel attacks
play

Randomness as countermeasures against Side Channel Attacks Nadia El - PowerPoint PPT Presentation

May 07, 2023 •525 likes •900 views

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

  1. Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH’2019, April 17, 2019

  2. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Presentation given here Randomness and SCA Nadia El Mrabet 1 / 24

  3. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life What could be vulnerable ? Randomness and SCA Nadia El Mrabet 2 / 24

  4. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life Existing attacks Randomness and SCA Nadia El Mrabet 3 / 24

  5. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life Existing attacks Randomness and SCA Nadia El Mrabet 4 / 24

  6. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures In real life ◮ Industrials are building teams to protect their product (Apple, Google, Wawai...) Randomness and SCA Nadia El Mrabet 5 / 24

  7. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Attacks on Device Randomness and SCA Nadia El Mrabet 6 / 24

  8. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – High level explanation of SCA Randomness and SCA Nadia El Mrabet 7 / 24

  9. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – Selection according to guesses on the key Randomness and SCA Nadia El Mrabet 8 / 24

  10. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The most important point Figure – Real curve attack Randomness and SCA Nadia El Mrabet 9 / 24

  11. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The Countermeasures ◮ Physical Randomness and SCA Nadia El Mrabet 10 / 24

  12. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The Countermeasures ◮ Physical ◮ Algorithmic ◮ Arithmetical Randomness and SCA Nadia El Mrabet 10 / 24

  13. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Physical countermeasures Duplication of the circuit Dual rail technology Randomness and SCA Nadia El Mrabet 11 / 24

  14. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures Physical countermeasures Protection of the circuit Shield Randomisation of the circuit Randomness and SCA Nadia El Mrabet 12 / 24

  15. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Double and add algorithm Data: r = ( r N . . . r 0 ) 2 , P ∈ E Result: rP T ← P ; for i = N − 1 to 0 do T ← [ 2 ] T ; if r i = 1 then T ← T + P ; end end return T = [ r ] P Figure – SPA Algorithm 1: Double and add Randomness and SCA Nadia El Mrabet 13 / 24

  16. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T ← P ; for i = N − 1 to 0 do T ← 2 T ; if r i = 1 then T ← T + P ; else U ← T + P ; end return T = rP Algorithm 2: Double and add always Randomness and SCA Nadia El Mrabet 14 / 24

  17. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T ← P ; for i = N − 1 to 0 do T ← 2 T ; if r i = 1 then T ← T + P ; else U ← T + P ; end return T = rP Algorithm 4: Double and add always FAULT ATTACK STRIKES Randomness and SCA Nadia El Mrabet 14 / 24

  18. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Handle the leakages T 0 ← P , T 1 ← 2 P ; T ← P ; for i = N − 1 to 0 do for i = N − 1 to 0 do if r i = 1 then T ← 2 T ; T 0 ← T 0 + T 1 , T 1 ← 2 T 1 if r i = 1 then else T ← T + P ; T 1 ← T 0 + T 1 , T 0 ← 2 T 0 else U ← T + P ; end end end return T = rP return T 0 Algorithm 6: Double and add Montgomery Algorithm 7: always ladder FAULT ATTACK STRIKES Randomness and SCA Nadia El Mrabet 14 / 24

  19. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures The Montgomery ladder is not sufficient ◮ Goubin’s attack : uses a special point (several variants, same method). ◮ Walter’s attack : uses leakage from the conditional branch. ◮ Correlation collision attack (vertical and horizontal). Template, deep learning attacks... Generic protection ◮ Constant time implementation : necessary but not sufficient. ◮ The less conditional branches is the better. Randomness and SCA Nadia El Mrabet 15 / 24

  20. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Behind Montgomery ladder ◮ Joye’s double-add ◮ Add-Only ◮ Square Only (Remember Thomas presentation) ◮ Zero-less signed digit expansion ◮ Atomic block Randomness and SCA Nadia El Mrabet 16 / 24

  21. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures First arithmetical countermeasures Behind Montgomery ladder ◮ Joye’s double-add [ Still safe ] ◮ Add-Only [ Correlation collision attacks ] ◮ Square Only (Remember Thomas presentation) [ Correlation collision attacks ] ◮ Zero-less signed digit expansion [ Still safe ] ◮ Atomic block [ Horizontal correlation collision attacks ] Randomness and SCA Nadia El Mrabet 16 / 24

  22. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves ◮ Huff model, Hessian curves ◮ Jacobi curves Randomness and SCA Nadia El Mrabet 17 / 24

  23. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves [ Template attacks ] ◮ Huff model, Hessian curves ◮ Jacobi curves Randomness and SCA Nadia El Mrabet 17 / 24

  24. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : representation of the curve ◮ Edwards curves, inverted Edwards curves [ Template attacks ] ◮ Huff model, Hessian curves ◮ Jacobi curves ECC : representation of the points ◮ Unified formulaes for Weieirstrass ⇒ Goubin’s, Izu-Takagi’s attacks (special point) ⇒ Amiel et al’s attack : uses SCA to distinguish a S from a M ⇒ Horizontal attacks Randomness and SCA Nadia El Mrabet 17 / 24

  25. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure ◮ Exponentiation splitting ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP ◮ Regular representation of the scalar ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) ◮ Chevallier-Mames Self-Randomised Exponentiation Randomness and SCA Nadia El Mrabet 18 / 24

  26. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure [ Big attack ] ◮ Exponentiation splitting [ Big Mac attack ] ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP [ Still safe ] ◮ Regular representation of the scalar [ Correlation collision attacks ] ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) [ Big Mac attack ] ◮ Chevallier-Mames Self-Randomised Exponentiation [ Still safe ] Randomness and SCA Nadia El Mrabet 18 / 24

  27. Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical counter measures The property of the cryptosystem ECC : randomisation of the scalar ◮ Coron’s countermeasure [ Big attack ] ◮ Exponentiation splitting [ Big Mac attack ] ◮ Trichina-Bellezza’s countermeasure : kP = ( kr − 1 ) rP [ Still safe ] ◮ Regular representation of the scalar [ Correlation collision attacks ] ◮ Euclidien chain (Remember Christophe, Jean-Marc, Nicolas presentations) [ Big Mac attack ] ◮ Chevallier-Mames Self-Randomised Exponentiation [ Still safe ] ECC : A lot of counter measures, but much more attacks ! Randomness and SCA Nadia El Mrabet 18 / 24

Recommend

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 ,

Physical Attacks New Attacks on Classical Countermeasures Extended Countermeasures On the Need of Randomness in Fault Attack Countermeasures Application to AES Victor LOMNE 1 , Thomas ROCHE 1 , Adrian THILLARD 1 1 ANSSI (French Network and

358 views • 25 slides
Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com Outline Motivation & general mechanisms Side-channel countermeasures Fault countermeasures Conclusions 2 Design and Security of

549 views • 40 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Introduction Countermeasures Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran

2.22k views • 189 slides
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures Dahmun Goudarzi, Matthieu Rivain, Srinivas Vivek, and Damien Vergnaud Background 2 Secure Software S-box Implementations Higher-Order

636 views • 25 slides
HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel Power Resistance for Encryption Algo- rithms using Dynamic Partial Reconfiguration or SPREAD As a countermeasure to DPA, CPA and other types of

689 views • 10 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

1.01k views • 55 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi

MOBILE DATA CHARGING: NEW ATTACKS NEW ATTACKS AND COUNTERMEASURES AND COUNTERMEASURES Chunyi Peng Chunyi Peng , Chi-Yu Li, Guan-Hua Tu, Songwu Lu, Lixia Zhang University of California, Los Angeles ACM CCS12 ACM CCS'12 C Peng (UCLA)

480 views • 27 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

673 views • 42 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision

channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision

Practicing the art and science of side channel and fault attacks Jasper van Woudenberg @jzvw January 10, 2019 1 Our vision certificate recommendations countermeasures 2 Where we are today Science Art Bit of both certificate 2 weeks

998 views • 41 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks & Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic constant-time Gilles Barthe Benjamin Grgoire Vincent Laporte CSF18, 2018-07-12 Vincent Laporte et alii Provably secure compilation of

501 views • 25 slides

More recommend