Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
side channel analysis and embedded systems impact and

Side Channel Analysis and Embedded Systems Impact and - PowerPoint PPT Presentation

Jan 15, 2024 •248 likes •674 views

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

  1. Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007

  2. Agenda • Advances in Embedded Systems Security – From USB stick to game console – Current attacks – Cryptographic devices • Side Channels explained – Principles – Listening to your hardware – Types of analysis • Attacks and Countermeasures – Breaking a key – Countermeasures theory – Practical implementations Black Hat USA 2007

  3. Security in embedded systems Black Hat USA 2007

  4. Trends in embedded hardware security • Preventing debug access – Fuses, Secure access control • Protecting buses and memory components – Flash memories with security, DRAM bus scrambling • Increase in code integrity – Boot loader ROM in CPU, Public key signature checking • Objectives: – Prevent running unauthorized code – Prevent access to confidential information � Effective against most “conventional” attacks Black Hat USA 2007

  5. Popular ‘hardware’ attacks Black Hat USA 2007

  6. Towards cryptographic devices • Smart cards represent the ultimate cryptographic device: – Operate in a hostile environment – Perform cryptographic operations on data – Harnessing both the cryptographic operation and the key – Tamper resistant • General purpose processors are incorporating more and more smart card style security • Why not use a smart card? – Also adds complexity – How to communicate securely with it? – Some do (PayTV, TPM etc) Black Hat USA 2007

  7. Agenda • Advances in Embedded Systems Security – From USB stick to game console – Current attacks – Cryptographic devices • Side Channels explained – Principles – Listening to your hardware – Types of analysis • Attacks and Countermeasures – Breaking a key – Countermeasures theory – Practical implementations Black Hat USA 2007

  8. Side Channel Analysis • What? – read ‘hidden’ signals • Why? – retrieve secrets • How? – Attack channels – Methods – Tools Black Hat USA 2007

  9. Attack Channels • Time • Power consumption • Electro-Magnetic radiation • Light emission • Sound Black Hat USA 2007

  10. Passive versus active attacks • Passive attacks – Only observing the target – Possibly modifying it to execute a specific behavior to observe – Examples : time, power or EM measurements • Active attacks – Manipulating the target or its environment outside of its normal behavior – Uncovering cryptographic keys through ‘fault injection’ – Changing program flow (eg. circumvent code integrity checks) – Examples : Voltage or clock glitching, laser pulse attacks Black Hat USA 2007

  11. Principle of timing analysis Start Decision Process 1 Process 2 t = 10ms t = 20ms End Black Hat USA 2007

  12. Principle of power analysis • Semiconductors use current while switching • Shape of power consumption profile reveals activity • Comparison of profiles reveals processes and data • Power is consumed when switching from 1 → 0 or 0 → 1 Black Hat USA 2007

  13. Principle of electromagnetic analysis • Electric and Magnetic field are related to current • Probe is a coil for magnetic field • Generally the near field (distance << λ ) is most suitable • Adds dimension position compared to the one dimensional power measurement Black Hat USA 2007

  14. Side channel analysis tools • Probes – Power: Intercept power circuitry with small resistor – EM: Coil with low noise amplifier • Digital storage oscilloscope • High bandwidth amplifier • Computer with analysis and control software Black Hat USA 2007

  15. XY table for EM analysis Black Hat USA 2007

  16. Localization with EM • Scanning chip surface with XY table • Display intensity per frequency • Search for optimal location: – CPU frequency – Crypto engine clock – RAM bus driver Black Hat USA 2007

  17. Demo equipment • CPU: Ti OMAP 5910 150Mhz Black Hat USA 2007

  18. Listening to your hardware - demo digitized signal analog signal Oscilloscope amplifier EM probe sensor trigger CPU I/O Analysis Embedded Software system Black Hat USA 2007

  19. Simple Power/EM Analysis • Recover information by inspection of single or averaged traces • Can also be useful for reverse engineering algorithms and implementations Black Hat USA 2007

  20. Differential Power/EM Analysis • Recover information by inspection difference between traces with different (random) inputs • Use correlation to retrieve information from noisy signals Black Hat USA 2007

  21. Data/signal correlation Black Hat USA 2007

  22. Agenda • Advances in Embedded Systems Security – From USB stick to game console – Current attacks – Cryptographic devices • Side Channels explained – Principles – Listening to your hardware – Types of analysis • Attacks and Countermeasures – Breaking a key – Countermeasures theory – Practical implementations Black Hat USA 2007

  23. Black Hat USA 2007 Secure CPUs

  24. Breaking a key - demo • Example breaking a DES key with a differential attack • Starting a measurement • Explaining DES analysis • Showing results Black Hat USA 2007

  25. DES 16 rounds • Input and output are 64 bits • Key K is 56 bits round keys are 48 bits • Cipher function F mixes input and round key Black Hat USA 2007

  26. F- function S box 1 Round key S box 2 E P permutation permutation 48 32 → 48 32 → 32 S box 8 8 * (6 → 4) Black Hat USA 2007

  27. DPA on DES Round key Bit 1 6 S box i Bit 4 E • Simulate DES algorithm based on input bits and permutation hypotheses k. 48 32 → 48 • Select one S-Box, and one output bit x . Bit x depends on only 6 key bits. • Calculate differential trace for the 64 different values of k. • Incorrect guess will show noise, correct guess will show peaks. Black Hat USA 2007

  28. Black Hat USA 2007 DPA on DES results

  29. Countermeasures • Decrease leakage – Balance processing of values – Limit number of operations per key • Increase noise – Introduce timing variations in processing – Use hardware means Black Hat USA 2007

  30. Countermeasures concepts • Passive Side channel attacks: – Hiding: Break relation between processed value and power consumption – Masking / Blinding: Break relation between algorithmic value and processed value Measured value Masking Hiding Algorithmic Processed value value (at guessed position) Black Hat USA 2007

  31. Countermeasure examples • Change the crypto protocol to use key material only for a limited amount of operations. For instance, use short lived session keys based on a hash of an initial key. Example: Source: Kocher, P. Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks Black Hat USA 2007

  32. Countermeasure examples • Remove any execution time dependence on data and key. Do not forget cache timing and branch prediction. Also remove conditional execution that depends on the key. • Randomly insert instructions with no effect on the algorithm. Use different instructions that are hard to recognize in a trace default MOV XOR ADD INC CMP random MOV NOP XOR ADD NOP INC NOP CMP random MOV XOR NOP ADD INC CMP Black Hat USA 2007

  33. Countermeasure examples • Shuffling: Changing the order of independent operations (for instance S-box calculations) per round. This reduces correlation with a factor equal to the number of shuffled operations Sbox Sbox Sbox Sbox Sbox Sbox Sbox Sbox default 1 2 3 4 5 6 7 8 Sbox Sbox Sbox Sbox Sbox Sbox Sbox Sbox random 4 8 1 3 6 5 2 7 • Implement a masked version of the cryptographic algorithm. Examples can be found in research literature for common algorithms (RSA, AES). Black Hat USA 2007

  34. Countermeasure demos • Simple analysis of unprotected trace • Effect of randomly inserting NOP instructions • Effect of making RSA square-multiply constant Black Hat USA 2007

  35. SPA attack on RSA Key bits revealed signal processing to high-light dips variation of interval between dips 1 0 1 0 1 0 0 1 0 key bits revealed Black Hat USA 2007

  36. RSA implementations • Algorithm for M=c d , with d i is exponent bits (0 ≤ i ≤ t ) – M := 1 – For i from t down to 0 do: • M := M * M • If d i = 1, then M := M*C • Algorithm for M=c d , with d i group of exponent bits (0 ≤ i ≤ t ) – Precompute multipliers C i – M := 1 – For i from t down to 0 do: • For j = 1 to groupSize: M := M * M • M := M* C i Black Hat USA 2007

  37. Example: RSA message blinding Normal encryption: M = C d mod n under condition: • – n = p·q – e·d = 1 mod lcm( p -1, q -1) Choose a random r, then C r = C r e mod n • d mod n = C d r mod n • Perform RSA: M r = C r • M = M r r -1 mod n • During the RSA operation itself the operations with exponent d do not depend on C Black Hat USA 2007

Recommend

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German

CHANNEL ALLOCATION Channel Language Translation Channel Translation Language Channel 1 German Kanal 1 Deutsch Channel 2 English Channel 2 English Channel 3 Italian Canale 3 Italiano Channel 4 Spanish Canal 4 Espaol Channel 5

711 views • 34 slides
ANNUAL ACCOUNTS PRESS CONFERENCE CHANNEL ALLOCATION. Channel Language Translation Channel

ANNUAL ACCOUNTS PRESS CONFERENCE CHANNEL ALLOCATION. Channel Language Translation Channel

ANNUAL ACCOUNTS PRESS CONFERENCE CHANNEL ALLOCATION. Channel Language Translation Channel Translation Language Channel 1 German Channel 1 Deutsch Channel 2 English Channel 2 English Channel 3 French Canal 3 Franais Channel 4

870 views • 84 slides
Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe

Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe

Channel Assignment and Channel Hopping in IEEE 802.11 Operating Channels for 802.11b Europe (ETSI) channel 1 channel 7 channel 13 2400 2412 2442 2472 2483.5 [MHz] 22 MHz US (FCC)/Canada (IC) channel 1 channel 6 channel 11 2400

574 views • 44 slides
EMBEDDED EMBEDDED REAL TIME SYSTEMS REAL TIME SYSTEMS EMBEDDED EMBEDDED REAL TIME SYSTEMS

EMBEDDED EMBEDDED REAL TIME SYSTEMS REAL TIME SYSTEMS EMBEDDED EMBEDDED REAL TIME SYSTEMS

EMBEDDED EMBEDDED REAL TIME SYSTEMS REAL TIME SYSTEMS EMBEDDED EMBEDDED REAL TIME SYSTEMS REAL TIME SYSTEMS

1.37k views • 26 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Channel design Channel coverage Intensive Selective Exclusive Channel

Channel design Channel coverage Intensive Selective Exclusive Channel

PLANNING A B2B MARKETING CHANNEL STRATEGY Channel design Channel coverage Intensive Selective Exclusive Channel management decisions Selecting suitable channel partners Managing and motivating channel partners

565 views • 29 slides
ANNUAL ACCOUNTS PRESS CONFERENCE LANGUAGE CHANNELS. Channel Language Channel (translation)

ANNUAL ACCOUNTS PRESS CONFERENCE LANGUAGE CHANNELS. Channel Language Channel (translation)

ANNUAL ACCOUNTS PRESS CONFERENCE LANGUAGE CHANNELS. Channel Language Channel (translation) Language (translation) Channel 1 German Kanal 1 Deutsch Channel 2 English Channel 2 English Channel 3 French Canal 3 Franais Channel 4

1.03k views • 54 slides
SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1

SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1

1 SCHISM numerical formulation Joseph Zhang Horizontal grid: hybrid 2 3 Side 2 4 3 Side 1 Side 2 Side 1 Side 3 Side 4 1 2 2 1 Side 3 3 2 1 Counter-clockwise convention 1 2 3 3 y s 2 2 x s 1 2 i i 1 N i 1 2 N i i

652 views • 53 slides
Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T.

Higher-Order Side Channel Security and Mask Refreshing J.-S. Coron,E. Prouff, M. Rivain and T. Roche thomas.roche@ssi.gouv.fr FSE 2013 March 2013 T. Roche, ANSSI Higher-Order Side Channel Security and Mask Refreshing Side Channel Analysis

1.15k views • 75 slides
1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future

1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future

EUROPEAN AFFAIRS COMMITTEE The Future of Health in the European Union Brussels, November 15th, 2018 #AIM20yearsBxl #FutureHealthEU 1 Simultaneous interpretation EN channel 1 FR channel 2 ES channel 3 DE channel 4 2 The Future of Health in

303 views • 9 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

616 views • 22 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.23k views • 188 slides
Platform Convergence Journey Windows Embedded Standard 7 Windows Embedded Standard 8 Converged

Platform Convergence Journey Windows Embedded Standard 7 Windows Embedded Standard 8 Converged

Platform Convergence Journey Windows Embedded Standard 7 Windows Embedded Standard 8 Converged OS kernel Windows Embedded 8.1 Windows Embedded 8 Converged app model Windows 10 Windows Embedded 8.1 Windows Embedded 8 Handheld Handheld

794 views • 29 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

536 views • 41 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

402 views • 26 slides
Embedded Embedded Architecture Architecture Systems Systems Jakob Engblom, PhD Jakob

Embedded Embedded Architecture Architecture Systems Systems Jakob Engblom, PhD Jakob

Embedded Systems Systems Embedded Computer Computer Embedded Embedded Architecture Architecture Systems Systems Jakob Engblom, PhD Jakob Engblom, PhD Uppsala Unive University rsity &amp; Virtutech Inc. &amp; Virtutech Inc. Uppsala

601 views • 21 slides
Cycles, Cells and Platters: An Empirical Analysis of Hardware Failures on a Million Consumer

Cycles, Cells and Platters: An Empirical Analysis of Hardware Failures on a Million Consumer

Cycles, Cells and Platters: An Empirical Analysis of Hardware Failures on a Million Consumer PCs Edmund B. Nightingale, John R. Douceur Vince Orgovan Microsoft Research Microsoft Corporation Presentation by Rafa Rawicki

532 views • 17 slides
Dram Shop Liability: Bar, Restaurant and Individual Exposure for Over-Serving Customers and

Dram Shop Liability: Bar, Restaurant and Individual Exposure for Over-Serving Customers and

Presenting a live 90-minute webinar with interactive Q&amp;A Dram Shop Liability: Bar, Restaurant and Individual Exposure for Over-Serving Customers and Guests WEDNESDAY , AUGUST 7, 2019 1pm Eastern | 12pm Central | 11am Mountain

790 views • 77 slides
Hybrid Memory Platform Kenneth Wright, Sr. D ire ctor Rambus / Emerging Solutions Division Join

Hybrid Memory Platform Kenneth Wright, Sr. D ire ctor Rambus / Emerging Solutions Division Join

Hybrid Memory Platform Kenneth Wright, Sr. D ire ctor Rambus / Emerging Solutions Division Join the Conversation #OpenPOWERSummit 1 Outline The problem / The opportunity Project goals Roadmap - Sub-projects/Tracks Performance

545 views • 16 slides
Rethinking DRAM Power Modes for Energy Proportionality Krishna Malladi 1 , Ian Shaeffer 2 , Liji

Rethinking DRAM Power Modes for Energy Proportionality Krishna Malladi 1 , Ian Shaeffer 2 , Liji

Rethinking DRAM Power Modes for Energy Proportionality Krishna Malladi 1 , Ian Shaeffer 2 , Liji Gopalakrishnan 2 , David Lo 1 , Benjamin Lee 3 , Mark Horowitz 1 Stanford University 1 , Rambus Inc 2 , Duke University 3 ktej@stanford.edu Main

813 views • 43 slides
Large Scale DRAM Model DRAM Engineers DRAM Engineers Team: Abdulrahman Alqahtani,

Large Scale DRAM Model DRAM Engineers DRAM Engineers Team: Abdulrahman Alqahtani,

Large Scale DRAM Model DRAM Engineers DRAM Engineers Team: Abdulrahman Alqahtani, Demetria Shepherd, Colby Weber, Jinming Yang, Zeyu Zhang Client: Daniel Eichenberger, Microns Test Engineer/Recruiter Capstone Mentor: Ashwija

308 views • 8 slides
Multi-label Classification Charmgil Hong cs3750 (Presented on Nov 11, 2014) Goals of the talk

Multi-label Classification Charmgil Hong cs3750 (Presented on Nov 11, 2014) Goals of the talk

Multi-label Classification Charmgil Hong cs3750 (Presented on Nov 11, 2014) Goals of the talk 1.To understand the geometry of different approaches for multi-label classification 2.To appreciate how the Machine Learning techniques further

1.14k views • 74 slides
Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015

Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015

Target Risk vs. Target Date Funds in 401(k) Plans: Maybe the answer is both January 14, 2015 Outline What are Target Risk Funds? What are Target Retirement Date (TRD) Funds? Plan Adoption Trends: Target Risk vs. TRD Are Target Risk

354 views • 10 slides
Some advantages and disadvantages of smart water metering for single and multi - unit

Some advantages and disadvantages of smart water metering for single and multi - unit

Some advantages and disadvantages of smart water metering for single and multi - unit developments Dr Cara Beal IPIQ Seminar &amp; Expo Urban Brisbane Hotel, Spring Hill, November 29 th , 2013 Presentation outline Background on our

602 views • 44 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.