320 likes | 556 Views
2IF03 Seminar Information Security Technology Round 2 SIDE-CHANNEL ANALYSIS. Attacks on protocols. Passive attacks eavesdropping & cryptanalysis traffic analysis Active attacks masquerade replay modification of messages denial of service man-in-the-middle.
E N D
2IF03SeminarInformation Security TechnologyRound 2SIDE-CHANNELANALYSIS
Attacks on protocols • Passive attacks • eavesdropping & cryptanalysis • traffic analysis • Active attacks • masquerade • replay • modification of messages • denial of service • man-in-the-middle even when everything is encrypted, knowing who is communicating with whom can already be informative e.g., `chess grandmaster’ attack: how an amateur can increase his ELO-rating by playing against two grandmasters at the same time (in correspondence/internet chess)
Network/computer security vs. cryptography • Breach of security: techniques for breaking theimplementation of cryptographic schemes • try to get direct access to the secret key rather than breaking the cryptography • try to bypass the cryptography altogether • try to influence/break random number generation • e.g., viruses, Trojan horses, Denial of Service, buffer overflows, password sniffing, radiation ("van Eck phreaking") • In between: side-channel attacks such as Kocher’s Differential Power Analysis (usually for smart cards)
Traditional Cryptanalysis What can we observe? 0110 1001 1011 0010 1110 1001 1011 0110 0010 1110 Cryptographic Algorithm Input Output
Side-Channel Analysis What can we observe? 1001 0000 0110 0100 1110 Power Consumption EM Emissions Faulty Outputs 0110 1001 1011 0010 1110 1001 1011 0110 0010 1110 Cryptographic Algorithm Input Output Design Details Timing Sound Heat
Power Consumption • Usually easy to obtain, non-invasive Power consumption while running DES (source: TNO-TPD).
Invasive vs. non-invasive • Non-invasive: • no tampering with the hardware • may be active attack, e.g. message replay • Invasive: • hardware is attacked • etching, ion beams, liquid nitrogen, föhn, power glitching, ...
Some side-channel attacks • Paul Kocher et al. introduced • Timing attacks (CRYPTO ’96) • Differential Power analysis (CRYPTO ’99) • Differential fault analysis (Eurocrypt ’97) • induce a fault and “see what happens” • a.k.a. micro-wave attack • Sound of computer while computing RSA • Van Eck phreaking: • eavesdropping on screen output displayed on a CRT or LCD monitor by measuring electromagnetic emissions • emissions from keyboard • ….
1 0 0 0 1 1 1 Repeated square & multiply • Modular exponentiation • c = ab mod n • c = 1 • for i = k-1 downto 0 do • c = (c * c) mod n • if bi == 1then c = (c * a) mod n • return c 23=10111 Timing measurements Data-dependent execution path
Easy remedy • Modular exponentiation with constant timing • c = ab mod n • c = 1 • for i = k-1 downto 0 do • c = (c * c) mod n • d = (c * a) mod n • c = bi * d + (1-bi) * c • return c • Helps, if compiler is not optimizing too smartly!! • Performance penalty: 2k instead of 1.5k modular multiplications
Power Analysis • Timing attacks • Simple Power Analysis (SPA) • Power consumption is higher for a 1 than a 0(*) • Gain extra information from a single power trace: • Data with many 1’s will consume more power. (*) Actually for most of current devices: Changing value causes power consumption; computations with many changes consume more power.
Differential Trace • Look at differences in average power consumption • Collect a set of power traces • Split into two groups • Find difference in average power consumption: • Difference trace
Bit Propagation • Bit propagation: • Choose an input bit • Divide traces according to selected bit • The difference trace shows the propagation of the bit Partial difference traces for 4 input bits in DES
Fundamental idea: Complexity • Goal is to be able to check a guess for PART of the key. • Example: 64 bit key • #possibilities: 18,446,744,073,709,551,616 • Time needed at 109 encryptions per second: more than 500 years • If one can check 1 byte at a time: • #computations (256 per byte, 8 bytes): 2048 • Easily doable even if millions of instructions needed for each check.
Attacks on block ciphers • Block by block operations • DES, AES: blocks of 64, 128 bits, resp. • Encryption and decryption are similar • Feistel network (as in DES) • substitution/permutation network (as in AES) k k c m Decryption m Encryption Sender Receiver
Main idea: rounds In each round use: (part of) key substitution permutation Security becomes better by using more rounds Feistel network ⨁ ⨁ ⨁
DES S-Boxes S-Box S1 Middle bits Outer bits S-Box maps 6 bits to 4 bits, or {0,1,…,63} to {0,1,…,15}
Attack: focus on final XOR step Ri := Li-1 xor F(Ri-1 , Ki) • Assume bitwise operation, for simplicity • Distinguish cases: • if Li-1 = 0, then Ri = F(Ri-1 , Ki) copy (“no op”) • if Li-1 = 1, then Ri = 1 - F(Ri-1 , Ki) inversion • If inversion consumes more power than “no op”, then there will be a (slight) difference in power consumption!
In more detail: concentrate on Sbox #1 R16 = L15 ⨁SBOX1(R15,K15) Also known (ciphertext) R15 = L16 Known (ciphertext C) Guess 6 bits Unknown L15 = R16 ⨁ SBOX1(R15,K15) = f(C, K15) Focus on one bit in L15:"selection bit" b, as a function of known ciphertext C and 6-bit key guess k15
DPA Attack • Perform many measurements (>1000) • with respect to the same secret key K • but with different input/output (ciphertexts Cj) • For each 6-bit guess k15, split set of power traces into two sets: S0(k15) = set for which f(Cj, k15) = 0 S1(k15) = set for which f(Cj, k15) = 1 • Take differential power trace: average trace over S0(k15) - average trace over S1(k15)
Small search space! (26) • We don’t need to know where exactly the selection bit is computed(could even be in multiple places => multiple peaks)
Countermeasures • Example: random masks • let W be a sensitive data value • let R be a random value (mask). • reorganize the computation such that only R and W ⨁ R are used • But how to do this? • Helps against first-order DPA • Fails against second-order DPA
Countermeasures (2) • Randomization • Prevent traces from lining up. • Add dummy operations • Randomize order of real operations void AddRoundKey() { order = random_permutation( 0, 15 ); for( i = 0; i < 16; i++ ) { inputdata[ order[ i ] ] = inputdata[ order[ i ] ] ^ key[ order[ i ] ]; } }
Countermeasures (3) • Architectural defense: • Prevent obtaining a set of traces: • #attempts counter • Regularly change keys. • May be defeated by `template attacks’. • Limit vulnerability of key loss • Do not use single key • Have alternate levels of defense; e.g. revocation possibilities • Detect attacks in progress
Some projects at TU/e • Final projects in Mathematics for Industry programme at TU/e (mostly with TNO): • Dacina Deac (1999-2000), Lejla Batina (2001), Lucy van der Logt (2003), Eva van Niekerk (2005), Bart Kirkels (2006), Lina Sun (2007) • Pinpas JC project (2001-2003, 2005-2008): • Jerry den Hartog, Jan Verschuren, Erik de Vink, Wouter Wiersma, Jing Pan, Jiqiang Lu
Topics to choose from • Models and approaches for DPA (e.g. PhD thesis by Oswald) • Simulation of Power Analysis attacks (cf. PINPAS project, FPGA) • Advanced DPA on implementations with countermeasures • e.g. Higher-order Differential Power Analysis (Joye-Paillier-Schoenmakers, CHES 2005) • timing (e.g. cache misses, partitioning), • sound, • radiation • Fault attacks (glitching, card-tear, laser, etc ...) • Differential Fault Analysis (on DES, AES, ECC, RSA) • Cold boot • Tamper-resistance/responsiveness/evidence • Provably resistant implementations • Evaluation of vulnerabilities • Vulnerability Measure • Smart card evaluation • Alternative methods of analyzing the side channel information • PPA / Mutual information based attacks / Differential cluster Analysis / Collision attacks • template attacks • [Countermeasures:] • Boolean and arithmetic masking (cf. Coron & Goubin) • Hiding • Blinding (exponent message, public key crypto)
Some information sources • www.wikipedia.org (not a scientific ref.) • Proceedings of CARDIS and of CHES (fulltext available via Springer LINK) • scholar.google.com, citeseer.ist.psu.edu • DBLP dblp.uni-trier.de • www.sciencedirect.com • The Side Channel Cryptanalysis Loungehttp://www.crypto.ruhr-uni-bochum.de/en_sclounge.html • And, of course, your library at RU, TU/e, UT