understanding the reasons for the side channel leakage is
play

Understanding the Reasons for the Side-Channel Leakage is - PowerPoint PPT Presentation

Aug 20, 2023 •187 likes •799 views

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012 Outline Introduction and motivation

  1. Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012

  2. Outline � Introduction and motivation � Goals of a security evaluation � The Stochastic Approach � basics in a nutshell � How to obtain relevant design information � Conclusions Schindler September 13, 2012 Slide 2

  3. � Side-channel analysis has been a hot topic in academia and industry for the last 15 years. � In the early years the applied mathematical methods often wasted a lot of information. � In the meanwhile the mathematical methods have become much more efficient. � The time has been ripe for systematic methods! Schindler September 13, 2012 Slide 3

  4. How I came in touch with side-channel analysis (I) � In 1999 I gave a course “Selected Topics in Modern Cryptography” at Darmstadt Technical University. � I had to bridge a “gap” of one and a half 90 minute lectures. I remembered a timing attack from Jean- Jacques Quisquater and his research group (CARDIS 1998). � I studied the paper and was quickly convinced that the attack could be improved significantly. Schindler September 13, 2012 Slide 4

  5. How I came in touch with side-channel analysis (II) � I contacted Jean-Jacques and proposed a new decision strategy. � For the same hardware the number of traces per attack dropped down from 200000 – 300000 to 5000, which is an increase of efficiency by factor ≈ 50 (Schindler, Koeune, Quisquater, 2001). � New stochastic methods made this improvement possible. � I thought it might be a good idea to write one paper on this topic… Schindler September 13, 2012 Slide 5

  6. Security evaluations (I) � The resistance of smart cards, or more generally, of security implementations, against power attacks has been an important aspect of many security evaluations. � It is very important for evaluators and designers to know the strongest attacks. � Usually several side-channel attacks are applied (e.g. different DPA or CPA attacks). The target device is considered secure if it withstands all these attacks. Schindler September 13, 2012 Slide 6

  7. Security evaluations (II) � A successful attack shows that the device is vulnerable. � But … � What are the consequences (countermeasures, limitation of the number of operations, re-design)? � What is the conclusion if all attacks have been ineffective? Do stronger attacks exist? Schindler September 13, 2012 Slide 7

  8. Security evaluations (III) � It is clearly desirable � to have reliable security evaluations � to get more than a one-bit information (successful attack is known / is not known). � Reliable and trustworthy evaluation methods are needed! � Ideally, a security evaluation should disclose potential weaknesses, allowing target-oriented re- design if necessary (constructive side-channel analysis). Schindler September 13, 2012 Slide 8

  9. DPA / CPA � DPA and CPA are the „classics“ in power analysis. � DPA and CPA are correlation attacks � + easy to apply, no profiling � - exploit only a fraction of the available information Schindler September 13, 2012 Slide 9

  10. Template attacks � exploit power information from several time instants t 1 <…<t m � electrical current vectors are interpreted as realizations of m-dimensional random vectors with unknown probability distribution. � These random vector may depend on � (x,k): part of the plaintext / ciphertext x, subkey k � (x,z,k): part of the plaintext / ciphertext x, masking value z, and subkey k � f(x,k): e.g., f(x,k):= ham(x ⊕ k) (model-based templates) Schindler September 13, 2012 Slide 10

  11. Template attacks (II) � profiling phase (training device): � estimation of a probability density for each (x,k), resp. for each (x,z,k), resp. for each f(x,k) (templates) � attack (target device) � substitution of the measured current values into the templates ( → maximum likelihood principle) Schindler September 13, 2012 Slide 11

  12. A successful template attack shows that the target implementation is vulnerable but it does not explain how to fix the problem. Schindler September 13, 2012 Slide 12

  13. The stochastic approach � target: block cipher � exploits power measurements at several time instants t 1 < t 2 < ... < t m � The measurement values are interpreted as values that are assumed by random variables. � The stochastic approach combines engineers’ expertise with efficient stochastic methods from multivariate statistics. Schindler September 13, 2012 Slide 13

  14. Literature � Pioneer work: Schindler, Lemke, Paar (2005), � Theoretical foundations and attack efficiency : Schindler, Lemke, Paar (2005), Lemke, Gierlichs, Paar (2006), Lemke-Rust, Paar (2007), Schindler (2008), Standaert, Koeune, Schindler (2009), Heuser, Kasper, Schindler, Stöttinger (2012) � Design aspects: Kasper, Schindler, Stöttinger (2010), Heuser, Kasper, Schindler, Stöttinger (2011 + 2012) Schindler September 13, 2012 Slide 14

  15. The stochastic model (basic variant) target algorithm: block cipher (e.g., AES; no masking) x ∈ {0,1} p (known) part of the plaintext or ciphertext k ∈ {0,1} s subkey [AES: (typically) s = 8 ] t time instant I t (x,k) = h t (x,k) + R t deterministic part random variable random variable = leakage function (depends on x and k) E(R t ) = 0 (depends on x and k) quantifies the random- noise (centered) ness of the side-channel signal at time t Schindler September 13, 2012 Slide 15

  16. The stochastic model (masking) x ∈ {0,1} p (known) part of the plaintext or ciphertext z ∈ M masking value k ∈ {0,1} s subkey [AES: (typically) s = 8 ] t ∈ {t 1 ,t 2 ,...,t m } time instant I t (x,z;k) = h t (x,z;k) + R t deterministic part random variable random variable = leakage function (depends on x,z,k) E(R t ) = 0 (depends on x,z,k) quantifies the random- noise (centered) ness of the side-channel signal at time t Schindler September 13, 2012 Slide 16

  17. Note � The leakage functions h t1 ( ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ),h t2 ( ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ ,), ... , h tm ( ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ , ⋅ ⋅ ⋅ ⋅ ⋅ ) ⋅ and � the probability distribution of the random vector (R t1 ,R t2 , ..., R tm ) („noise vector“) are unknown and have to be estimated with a training device. Schindler September 13, 2012 Slide 17

  18. Profiling, Step 1 (I) � Fix a subkey k ∈ {0,1} s . � The unknown function h t;k : ∈ {0,1} p × M × {k} → R, h t;k (x,z;k):= h t (x,z;k) is interpreted as an element of a high-dimensional real vector space � k . In particular, dim( � k ) = 2 p |M| . � Goal: Approximate h t;k by its image h* t;k under the orthogonal projection onto a suitably selected low- dimensional vector subspace � u,t;k Schindler September 13, 2012 Slide 18

  19. Geometric illustration h t;k k fixed orthogonal projection . h t;k * � u,t;k subspace The image h* t,k is the best approximator of h t;k in � u,t;k Schindler September 13, 2012 Slide 19

  20. Profiling, Step 1 (II) (masking case) with basis functions g j,t;k : {0,1} p × M × {k} → R The basis g 0,t;k ,…,g u-1,t;k shall be selected under consideration of the attacked device. The estimation of h* t,k can completely be moved to the low-dimensional subspace � u,t;k , which reduces the number of measurements to a small fraction. Schindler September 13, 2012 Slide 20

  21. Example: AES implementation on an FPGA (final round) „Difference“ in register R6: R6 (new) ⊕ R6 (old) Schindler September 13, 2012 Slide 21

  22. AES implementation on an FPGA (I) Target: Key byte k (2) ∈ {0,1} 8 in round 10 R (x) value of register x after round 10 9-dimensional subspace: g 0,t;k(2) ((R (2) ,R (6) ),k (2) ) = 1 g j,t;k(2) ((R (2) ,R (6) ),k (2) ) = (R (6) ⊕ S -1 (R (2) ⊕ k (2) )) j for 1 ≤ j ≤ 8 Schindler September 13, 2012 Slide 22

  23. AES implementation on an FPGA (II) Target: Key byte k (2) ∈ {0,1} 8 in round 10 R (x) value of register x after round 10 2-dimensional subspace: g 0,t;k(2) ((R (2) ,R (6) ),k (2) ) = 1 g’ 1,t;k(2) ((R (2) ,R (6) ),k (2) ) = ham(R (6) ⊕ S -1 (R (2) ⊕ k (2) )) This 2-dimensional subspace potentially contains less leakage information than the 9-dimensional subspace defined on the previous slide. Schindler September 13, 2012 Slide 23

  24. Profiling, Step 1 (I) − u 1 ∑ = β h g * * (best approximator of h t;k in � u,t;k ) t k j t k j t k ; , ; , ; = j 0 � Task: Estimate the unknown coefficients β * 0,t;k , …, β * (u-1),t;k � N 1 measurement values from the training device i t (x 1 ,z 1 ,k), … i t (x N_1 ,z N_1 ,k) � Least-square estimation: Schindler September 13, 2012 Slide 24

  25. Profiling, Step 2 (only relevant for attacks) (I t_1 (x,z,k) – h* t_1;k (x,z,k), … , I t_m (x,z,k) – h* t_m (x,z,k)) ≈ (I t_1 (x,z,k) – h t_1 (x,z,k), … , I t_m (x,z,k) – h t_m (x,z,k)) = (R t_1 , … , R t_m ) ~ N(0,C) � Estimate the covariance matrix C (multivariate normal distribution), possibly with PCA � → prob. density f x,z;k ( ⋅ ) for I t (x,z,k) Schindler September 13, 2012 Slide 25

Recommend

Analyzing Side-Channel Leakage of RFID-Suitable Lightweight

Analyzing Side-Channel Leakage of RFID-Suitable Lightweight

Ins$tute for Applied Informa$on Processing and Communica$ons (IAIK) Analyzing Side-Channel Leakage of RFID-Suitable Lightweight ECC Hardware

244 views • 23 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015 Tobias Schneider &amp; Amir Moradi Ruhr-Universitt Bochum Embedded Security Group Outline Motivation Statistical Background Testing

461 views • 43 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed, F.-X. Standaert , A. Joux NXP &amp; UCL Crypto Group &amp; Univ. Versailles CHES 2012, Leuven, Belgium SCA security (implementation level) 1 SCA

857 views • 70 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th , 2015 Motivation Security Evaluation Leakage Assessment Methodology | CHES 2015 | Tobias Schneider 2

1.15k views • 81 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks &amp; Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 ,

Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 ,

Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 , 2 and Kerstin Lemke-Rust 1 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universitt Bochum 2 Germany November 29, 2017 Bonn-Rhein-Sieg

464 views • 33 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to

Introduction to (profiled) side-channel analysis Annelie Heuser In this talk back to the basics!! details on power / EM leakage (low/high noise scenario) how/where to attack AES? di ff erent attacker models overview of

1.28k views • 74 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
www.reasons.org 855-REASONS www.reasons.org 855-REASONS ESO ESO www.reasons.org 855-REASONS

www.reasons.org 855-REASONS www.reasons.org 855-REASONS ESO ESO www.reasons.org 855-REASONS

www.reasons.org 855-REASONS www.reasons.org 855-REASONS ESO ESO www.reasons.org 855-REASONS Habitability for the Redemption of Billions NASA NASA NASA/Hubble/STScI/AURA Some Earth features needed for billions to be redeemed 1. end of a

781 views • 38 slides
Unifying Leakage Models on a Rnyi Day Dahmun Goudarzi 2 Ange Marnelli 3 Alain Passelgue 1

Unifying Leakage Models on a Rnyi Day Dahmun Goudarzi 2 Ange Marnelli 3 Alain Passelgue 1

Unifying Leakage Models on a Rnyi Day Dahmun Goudarzi 2 Ange Marnelli 3 Alain Passelgue 1 Thomas Prest 2 LSIT, 31/05/2019 Side-channel aacks in cryptography Power analysis aacks [KJJ99] Electromagnec aacks [Eck85, GMO01]

437 views • 27 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp, Adam Lackorzynski * , Jrmie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Verssimo * Kernkonzept GmbH and University of

289 views • 28 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides

More recommend