side channel analysis countermeasures
play

Side Channel Analysis & Countermeasures Begl Bilgin 27 Dec. - PowerPoint PPT Presentation

Sep 14, 2022 •268 likes •1.45k views

Side Channel Analysis & Countermeasures Begl Bilgin 27 Dec. 2014 - IAM Alumni Meeting Adversary Models 2 Adversary Models 2 Adversary Models Black-box Gray-box White-box 3 Adversary Models Black-box Gray-box White-box Key

  1. Differential Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 )&1 1234… 1 abcd… 0 8aef… 0 0354... 1 7791… 1 c80d… 0 7e9e... 1 11 [courtesy: B.Gierlichs]

  2. Differential Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 )&1 1234… 1 abcd… 0 8aef… 0 0354... 1 7791… 1 c80d… 0 7e9e... 1 11 [courtesy: B.Gierlichs]

  3. Differential Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 )&1 1234… 1 abcd… 0 8aef… 0 0354... 1 7791… 1 c80d… 0 7e9e... 1 Take means 11 [courtesy: B.Gierlichs]

  4. Differential Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 )&1 1234… 1 abcd… 0 8aef… 0 0354... 1 7791… 1 c80d… 0 7e9e... 1 Take means Take difference 11 [courtesy: B.Gierlichs]

  5. Differential Power Analysis pt 1234… abcd… 8aef… 0354... 7791… c80d… 7e9e... 12 [courtesy: B.Gierlichs]

  6. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 8aef… 0 0354... 0 7791… 0 c80d… 1 7e9e... 1 12 [courtesy: B.Gierlichs]

  7. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 8aef… 0 0354... 0 7791… 0 c80d… 1 7e9e... 1 12 [courtesy: B.Gierlichs]

  8. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 8aef… 0 0354... 0 7791… 0 c80d… 1 7e9e... 1 Take means 12 [courtesy: B.Gierlichs]

  9. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 8aef… 0 0354... 0 7791… 0 c80d… 1 7e9e... 1 Take means Take difference 12 [courtesy: B.Gierlichs]

  10. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 8aef… 0 0354... 0 7791… 0 c80d… 1 7e9e... 1 Take means Take difference 12 [courtesy: B.Gierlichs]

  11. Differential Power Analysis key 1 =2b pt S(pt 1 ⊕ key 1 )&1 1234… 0 abcd… 1 s n a e M f 8aef… 0 o e c n e r e f f i 0354... 0 D 7791… 0 c80d… 1 7e9e... 1 Take means Take difference 12 [courtesy: B.Gierlichs]

  12. Differential Power Analysis Correlation Power Analysis pt 1234… abcd… 8aef… 0354... 7791… c80d… 7e9e... 13

  13. Differential Power Analysis Correlation Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 ) 1234… 82 abcd… 62 8aef… 7e 0354... 7b 7791… f6 c80d… e8 7e9e... f3 13

  14. Differential Power Analysis Correlation Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 ) 1234… 82 abcd… 62 8aef… 7e 0354... 7b 7791… f6 c80d… e8 7e9e... f3 Corr. 13

  15. Differential Power Analysis Correlation Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 ) 1234… 82 abcd… 62 8aef… 7e 0354... 7b 7791… f6 c80d… e8 7e9e... f3 Corr. 13

  16. Differential Power Analysis Correlation Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 ) 1234… 82 abcd… 62 8aef… 7e 0354... 7b 7791… f6 c80d… e8 7e9e... f3 Corr. 13

  17. Differential Power Analysis Correlation Power Analysis key 1 =00 pt S(pt 1 ⊕ key 1 ) 1234… 82 abcd… 62 8aef… 7e 0354... 7b 7791… f6 c80d… e8 7e9e... f3 13

  18. Differential Power Analysis Correlation Power Analysis key 1 =00 key 1 =2b pt S(pt 1 ⊕ key 1 ) S(pt 1 ⊕ key 1 ) 1234… 82 12 abcd… 62 cd 8aef… 7e 32 0354... 7b 34 7791… f6 4a c80d… e8 11 7e9e... f3 fc 13

  19. Differential Power Analysis Correlation Power Analysis key 1 =00 key 1 =2b pt S(pt 1 ⊕ key 1 ) S(pt 1 ⊕ key 1 ) 1234… HW(82) HW(12) abcd… HW(62) HW(cd) 8aef… HW(7e) HW(32) 0354... HW(7b) HW(34) 7791… HW(f6) HW(4a) c80d… HW(e8) HW(11) 7e9e... HW(f3) HW(fc) 13

  20. Differential Power Analysis Correlation Power Analysis key 1 =00 key 1 =2b pt S(pt 1 ⊕ key 1 ) S(pt 1 ⊕ key 1 ) 1234… HW(82) HW(12) abcd… HW(62) HW(cd) 8aef… HW(7e) HW(32) 0354... HW(7b) HW(34) 7791… HW(f6) HW(4a) c80d… HW(e8) HW(11) 7e9e... HW(f3) HW(fc) Better leakage model → better attack 13

  21. Differential Power Analysis (Notes & Assumptions) 14

  22. Differential Power Analysis (Notes & Assumptions) • Knowledge about the algorithm 14

  23. Differential Power Analysis (Notes & Assumptions) • Knowledge about the algorithm • Timing of the intermediate value computation 14

  24. Differential Power Analysis (Notes & Assumptions) • Knowledge about the algorithm • Timing of the intermediate value computation • Perfectly aligned traces 14

  25. Differential Power Analysis (Notes & Assumptions) • Knowledge about the algorithm • Timing of the intermediate value computation • Perfectly aligned traces • No countermeasures 14

  26. Differential Power Analysis (Notes & Assumptions) • Knowledge about the algorithm • Timing of the intermediate value computation • Perfectly aligned traces • No countermeasures • # of traces increase with noise 14

  27. Countermeasures Against DPA 15

  28. Countermeasures 16

  29. Countermeasures • Limit number of encryptions per key 16

  30. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult 16

  31. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms 16

  32. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop 16

  33. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop • Decrease Signal-to-Noise Ratio (SNR) 16

  34. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop • Decrease Signal-to-Noise Ratio (SNR) - Decreasing signal (~constant power imp., special cells) 16

  35. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop • Decrease Signal-to-Noise Ratio (SNR) - Decreasing signal (~constant power imp., special cells) - Increasing noise (dummy operations, shuffling) 16

  36. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop • Decrease Signal-to-Noise Ratio (SNR) - Decreasing signal (~constant power imp., special cells) - Increasing noise (dummy operations, shuffling) • Breaking the correlation 16

  37. Countermeasures • Limit number of encryptions per key - Distribution of key is difficult - Leakage resilient algorithms - Performance drop • Decrease Signal-to-Noise Ratio (SNR) - Decreasing signal (~constant power imp., special cells) - Increasing noise (dummy operations, shuffling) • Breaking the correlation - Masking 16

  38. Boolean Masking S (x ,y ,z , ... ) (a ,b ,c , ... ) 17

  39. Boolean Masking 18

  40. Boolean Masking (x 1 ,y 1 ,z 1 , ... ) 18

  41. Boolean Masking (x 1 ,y 1 ,z 1 , ... ) ⊕ (x 2 ,y 2 ,z 2 , ... ) = (x, y, z , ... ) 18

  42. Boolean Masking S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) = (x, y, z , ... ) 18

  43. Boolean Masking S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) = = (x, y, z , ... ) (a, b, c , ... ) 18

  44. Boolean Masking S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) = = (x, y, z , ... ) (a, b, c , ... ) Random input/output shares ➡ Random intermediate values 18

  45. Boolean Masking S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) = = (x, y, z , ... ) (a, b, c , ... ) Random input/output shares ➡ Random intermediate values unshared shares mean var 0,0=0 0 0 1,5 1,5 1,5 1,5 1,1=3 0,1=1 1 1 1,5 1,5 0.5 0.5 1,0=2 18

  46. Boolean Masking S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) = = (x, y, z , ... ) (a, b, c , ... ) Random input/output shares ➡ Random intermediate values unshared shares mean var 0,0=0 0 0 1,5 1,5 1,5 1,5 1,1=3 0,1=1 1 1 1,5 1,5 0.5 0.5 1,0=2 18

Recommend

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

673 views • 42 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations

Introduction Countermeasures Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran

2.22k views • 189 slides
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures Dahmun Goudarzi, Matthieu Rivain, Srinivas Vivek, and Damien Vergnaud Background 2 Secure Software S-box Implementations Higher-Order

636 views • 25 slides
HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel Power Resistance for Encryption Algo- rithms using Dynamic Partial Reconfiguration or SPREAD As a countermeasure to DPA, CPA and other types of

689 views • 10 slides
Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

1.01k views • 55 slides
Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic constant-time Gilles Barthe Benjamin Grgoire Vincent Laporte CSF18, 2018-07-12 Vincent Laporte et alii Provably secure compilation of

501 views • 25 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com Outline Motivation & general mechanisms Side-channel countermeasures Fault countermeasures Conclusions 2 Design and Security of

549 views • 40 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

633 views • 47 slides
A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1

A Comprehensive Study of Deep Learning for Side-Channel Analysis A Comprehensive Study of Deep Learning for Side-Channel Analysis c Masure 1,3 ecile Dumas 1 Emmanuel Prouff 2, 3 Lo C 1 Univ. Grenoble Alpes, CEA, LETI, DSYS, CESTI, F-38000

1.39k views • 86 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks & Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium

Introduction to Side-Channel Analysis Franois-Xavier Standaert UCL Crypto Group, Belgium Summer school on real-world crypto, 2016 Outline Link with linear cryptanalysis Standard Differential Power Analysis Noise-based security (is

1.17k views • 92 slides
Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to the basics!! details on power / EM leakage (low/high noise scenario) how/where to attack AES? di ff erent attacker models overview of

1.28k views • 74 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt

A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt

FIRST TALK A Stochastic Approach in Side-Channel Analysis in the Presence of Masking W. Schindler Bundesamt f r Sicherheit in der Informationstechnik (BSI), Bonn, Germany Barcelona, May 22, 2007 Power attacks on a block cipher

1.13k views • 13 slides

More recommend