Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala
|
|
- Leslie Blair
- 6 years ago
- Views:
Transcription
1 Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala
2 Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are different Correct key is identifiable 2
3 Masking countermeasure Each intermediate variable is divided into two shares x r x r Computing on linear functions is easy f (x r) = f x f(r) Non-linear functions (e.g. S-boxes)? 3
4 S-box LUT S(0) S(x) S-boxes are often implemented using LUT Challenge: How to apply masking on LUT? S(FF) 4
5 S-box LUT S(0) S(x) Input x is only available as x 1 = x r Output S(x) can only be revealed as S(x) s S(FF) 5
6 Randomized LUT S(0) S(x) S(0) s Table T S(FF) T u = T u r = S(u) s S(x) s 6
7 Rivain-Prouff solution a = r? Yes R 1 = S(x) s 7
8 Rivain-Prouff solution No a = r? Yes R R 0 = dummy 1 = S(x) s 8
9 What are we trying to solve? We have two solutions at two ends of spectrum Penalty factor vs Memory Unexplored space How about a generic solution? 9
10 Compression of LUT S(0) S(x) S 0 x S 1 x 4 bits 4 bits S(FF) T x 4 bits 10
11 Compression of LUT S(0) S(x) S 0 r 1 S 1 r 2 s Table T S(FF) T u = S 0 u r 1 S 1 u r 2 s S 0 x r 1 S 1 x r 2 s 256 * 4bits = 128 bytes 11
12 Compression scheme variant S(0) S(1) S 0 x = S(x 0, S 1 x = S(x 1 S(2) S(FF) T x 12
13 Randomized Compression scheme variant S(0) S(1) S(2) S 0 r 1 S 1 r 2 s 128* 8bits = 128 bytes Table T 1 S(FF) T 1 u = S 0 u r 1 S 1 u r 2 s 13
14 Getting masked S-box output x = x 1 x 2 7 bits 1 bit Table T 1 S 0 x 1 S 1 x 1 s s S(x) s S(x 1) s Table T 2 S(x) s 14
15 Generic compression x = x 1 n-l bits x 2 l bits Table T 1 S i x 1 s S(x i) s S(x) s Table T 2 15
16 Generic Compression 16
17 Time-Memory Trade-Offs Apply Rivain-Prouff method for Table T 2 ; T 1 stays the same The memory required will be further reduced as we don't need RAM for T 2 l T 1 T
18 Implementation Results 18
19 More in the paper. Second-order compression & Time-memory trade-off Security arguments (software) 19
20 Conclusions Generic compression schemes for first- and second-order Time-memory trade-offs Reasonably efficient implementations with just under 40 bytes of RAM Future work Apply to higher-order? Apply to AES T-table based implementations? 20
21
22 Contact: Praveen Vadnala Riscure B.V. Frontier Building, Delftechpark XJ Delft The Netherlands Phone: Riscure North America 550 Kearny St. Suite 330 San Francisco, CA (650)
23 HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE PASCAL SASDRICH, AMIR MORADI, TIM GÜNEYSU RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017
24 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA INTRODUCTION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
25 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 25 INTRODUCTION SIDE-CHANNEL ANALYSIS (SCA) ATTACKER MODEL input output E K (input) timing, power, EM emanations, leakag e outpu t COUNTERMEASURES masking hiding re-keying RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
26 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 26 INTRODUCTION MOTIVATION BASICS: Side-Channel Analysis (SCA): attacks exploit information leakage of cryptographic devices Side-Channel Protection: countermeasures based on masking, hiding or re-keying (using random behavior) PROBLEM: Common countermeasures only protect against first-order attacks, but still are vulnerable to higher-order attacks (using higher-order statistical moments). DIFFERENT APPROACHES TO ENCOUNTER THIS PROBLEM: Dedicated Higher-Order Countermeasures (e.g., HO-TI [1]) might be restricted to univariate settings area overhead and randomness requirement might be problematic finding representations might be challenging Stay with 1 st -order secure countermeasure and make higher-order attacks harder reduce the signal (e.g., power equalization schemes, logic styles) [2] increase the noise (e.g., shuffling) [3] OUR CONTRIBUTION: General methodology (dynamic hardware modifications) to increase noise. [1] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, Higher-Order Threshold Implementations. ASIACRYPT 2014 [2] A. Moradi, A. Wild, Assessment of Hiding the Higher-Order Leakages in Hardware What are the Achievements versus Overheads?. CHES 2015 [3] P. Sasdrich, A. Moradi, T. Güneysu, Affine Equivalence and its Application to Tightening Threshold Implementations. SAC 2015 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
27 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 27 CONCEPT RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
28 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 28 CONCEPT DYNAMIC HARDWARE MODIFICATION OBSERVATIONS: 1. Cryptographic implementations can be represented as sequence of atomic functions applied sequentially. 2. Cryptographic implementations can be modeled by different but equivalent directed graphs. ALGORITHM: APPROACH: build a side-channel protected implementation using classical countermeasures (masking) find directed graph representing the side-channel protected implementation morph graph into different but equivalent representation using random encodings update (randomize) protected implementation according to new representation RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
29 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 29 CASE STUDY RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
30 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 30 CASE STUDY THRESHOLD IMPLEMENTATION THRESHOLD IMPLEMENTATION: efficient countermeasure in hardware against (first-order) Side-Channel Analysis introduced in 2006 by Nikova et al. [1] provides provable security even in a glitching circuit CONCEPT AND PROPERTIES: uniform masking non-completeness correctness uniform sharing of function outputs (each set of output pairs occurs with same probability) NOTE: The number of input and output shares depends on the function S. [4] S. Nikova, C. Rechberger, V. Rijmen, Threshold Implementations Against Side-Channel Attacks and Glitches, ICICS, 2006 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
31 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 31 CASE STUDY CONCEPT THRESHOLD IMPLEMENTATION OF PRESENT CIPHER: S-box decomposition into two quadratic functions g and f [5] minimal number of shares (m = n = 3) register stages to separate functions linear permutation applied individually RANDOM ENCODING: TI as network of look-up tables each table updates 4 bit of internal state use White-Box Cryptography [6] concepts: apply random non-linear 4-bit encoding to every table output apply inverse encoding to every adjacent table input (preserves correctness) DYNAMIC UPDATE: find new random non-linear encodings using element swapping algorithm update look-up tables using BRAM scrambling [5] A. Poschmann, A. Moradi, K. Khoo, C. Lim, H. Wang, S. Ling, Side-Channel Resistant Crypto for Less than 2300 GE. Journal of Cryptology, 2011 [6] S. Chow, P. A. Eisen, H. Johnson, P. C. van Oorschot, White-Box Cryptography and an AES Implementation. SAC, 2002 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
32 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 32 CASE STUDY IMPLEMENTATION (QUARTER ROUND) PRACTICAL FPGA IMPLEMENTATION: round-based architecture using look-up tables for TI S-box and permutation layer 4 quarter rounds in parallel, each using 48 BRAMs permutation layer implemented as table-lookup each BRAM can hold up to 32 different tables store look-up tables for every round (31 rounds) update tables using BRAM scrambling and remaining (empty) table entry track context of active table positions RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
33 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 33 CASE STUDY IMPLEMENTATION RESULTS PRACTICAL IMPLEMENTATION: post-place-and-route implementation on a Kintex-7 of SAKURA-X board basic architecture mainly implemented in Block RAM general purpose logic only required in order to perform dynamic hardware modification RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
34 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 34 SIDE-CHANNEL EVALUATION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
35 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 35 SIDE-CHANNEL EVALUATION SETUP MEASUREMENT SETUP SAKURA-X Side-Channel Evaluation Board designs 24 MHz power measurements using a digital 500 MS/s EVALUATION SETUP high-performance measurement and evaluation setup two different measurement profiles leakage assessment methodology: non-specific t-test (for 1 st, 2 nd, 3 rd order) PROFILE 1: reference measurement PRNG off (countermeasure disabled) power traces random vs. fix plaintexts PROFILE 2: actual measurement PRNG on (countermeasure enabled) power traces random vs. fix plaintexts RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
36 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 36 SIDE-CHANNEL EVALUATION NON-SPECIFIC T-TEST EVALUATION BASED ON WELCH S t-test VISUALIZATION measure (many) power traces with digital oscilloscope group traces depending on fix or randomly chosen plaintext (non-specific t-test) compute sample mean for each point in time compute sample variance for each point in time determine t-statistic for each point in time, according to: G 0 G 1 t = μ T ε G 1 μ(t ε G 0 ) δ 2 (T ε G 1 ) G 1 + δ2 (T ε G 0 ) G where μ denotes the sample mean and δ denotes the sample variance Fail/Pass Criteria: If there is any point in time for which the t- statistic exceeds a threshold of ±4.5 the device under test fails. More info: Leakage Assessment Methodology - a clear roadmap for side-channel evaluations, CHES 2015, eprint: 2015/207 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
37 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 37 SIDE-CHANNEL EVALUATION PROFILE 1 (PRNG OFF) NON-SPECIFIC T-TEST (1 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH
38 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 38 SIDE-CHANNEL EVALUATION PROFILE 2 (PRNG ON) NON-SPECIFIC T-TEST (100 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH
39 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 39 CONCLUSION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
40 RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 40 CONCLUSION CONCEPT: success of higher-order attacks depends on noise-level combining hiding countermeasures (noise addition) with classical approaches (e.g. first-order secure TI) dynamic hardware modifications (inspired by white-box cryptography) as generic hiding approach RESULTS: proposing a generic approach and methodology called dynamic hardware modifications case study: FPGA implementation combining dynamic hardware modifications with PRESENT TI providing power measurements and leakage assessment (using non-specific t-test) case study implementation is (practically) secure against higher-order attacks (2 nd and 3 rd order) Dynamic hardware modifications are an alternative approach achieve higher-order protection providing generality and scalability. RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH
41 HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017 Thank you for your attention! Any questions?
Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald
Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations Si Gao, Arnab Roy, and Elisabeth Oswald Outline Introduction Design Philosophy Sbox Constructions Implementations Summary
More informationThreshold Implementations. Svetla Nikova
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold
More informationGlitch-Free Implementation of Masking in Modern FPGAs
Glitch-Free Imementation of Masking in Modern FPGAs Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de Abstract Due to
More informationicwaves Inspector Data Sheet
Inspector Data Sheet icwaves Advanced pattern-based triggering device for generating time independent pulses to avoid jitter and time-related countermeasures in SCA or FI testing. Riscure icwaves 1/9 Introduction
More informationSide-Channel Leakage through Static Power
Side-Channel Leakage through Static Power Should We Care about in Practice? Amir Moradi Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany amir.moradi@rub.de Abstract. By shrinking
More informationSIDE-CHANNEL attacks exploit the leaked physical information
546 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 57, NO. 7, JULY 2010 A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators Po-Chun Liu, Hsie-Chia Chang, Member, IEEE,
More informationInspector Data Sheet. EM-FI Transient Probe. High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8
Inspector Data Sheet EM-FI Transient Probe High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8 Introduction With increasingly challenging chip packages
More informationCurrent Probe. Inspector Data Sheet. Low-noise, high quality measurement signal for side channel acquisition on embedded devices.
Inspector Data Sheet Low-noise, high quality measurement signal for side channel acquisition on embedded devices. Riscure Version 1c.1 1/5 Introduction Measuring the power consumption of embedded technology
More informationFrom New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security
From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security Stéphanie Kerckhof, François-Xavier Standaert, Eric Peeters CARDIS 2013 November 2013 Microelectronics Laboratory
More informationVariety of scalable shuffling countermeasures against side channel attacks
Variety of scalable shuffling countermeasures against side channel attacks Nikita Veshchikov, Stephane Fernandes Medeiros, Liran Lerman Department of computer sciences, Université libre de Bruxelles, Brussel,
More informationPower Analysis Attacks on SASEBO January 6, 2010
Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER
More informationEvaluation of the Masked Logic Style MDPL on a Prototype Chip
Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp, Mario Kirschbaum, Thomas Zefferer Graz University of Technology Institute for Applied Information Processing and Communications
More informationIND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter
IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter 7 th International Conference on Post-Quantum Cryptography 2016 Ingo von Maurich 1, Lukas Heberle 1, Tim Güneysu 2 1 Horst Görtz Institute for
More informationGlitch Amplifier. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...
Glitch Amplifier Quick Start Guide What is in the box... 2 What does it do... 4 How to build a setup... 5 Help and troubleshooting... 8 Technical specifications... 9 2015 Glitch Amplifier - QSG 0.3 1 /
More informationFIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begül Bilgin, Andrey Bogdanov, Miroslav Knežević, Florian Mendel, and Qingju Wang DIAC 2013, Chicago 1 Side
More informationDPA Leakage Models for CMOS Logic Circuits
CHES 25 in Edinburgh DPA Leakage Models for CMOS Logic Circuits Daisuke Suzuki Minoru Saeki Mitsubishi Electric Corporation, Information Technology R&D Center Tetsuya Ichikawa Mitsubishi Electric Engineering
More informationEvaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit
R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and
More informationDETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk
DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE Adrien Le Masle, Wayne Luk Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK email: {al1108,wl}@doc.ic.ac.uk ABSTRACT
More informationHorizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe
Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe Christian Wittke 1, Ievgen Kabin 1, Dan Klann 1, Zoya Dyka 1, Anton Datsuk 1 and Peter Langendoerfer 1 1 IHP Leibniz-Institut
More informationDES Data Encryption standard
DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)
More informationJournal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10
Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu
More informationA Hardware-based Countermeasure to Reduce Side-Channel Leakage
1 A Hardware-based Countermeasure to Reduce Side-Channel Leakage Design, Implementation, and Evaluation Andreas Gornik, Amir Moradi, Jürgen Oehm, Christof Paar, Fellow, IEEE Analogue Integrated Circuits
More informationADVANCES IN SIDE-CHANNEL SECURITY
ADVANCES IN SIDE-CHANNEL SECURITY HABILITATIONSSCHRIFT Fakultät für Elektrotechnik und Informationstechnik Ruhr-Universität Bochum vorgelegt von Amir Moradi aus Hamedan Bochum September 214 Copyright 215
More informationIs Your Mobile Device Radiating Keys?
Is Your Mobile Device Radiating Keys? Benjamin Jun Gary Kenworthy Session ID: MBS-401 Session Classification: Intermediate Radiated Leakage You have probably heard of this before App Example of receiving
More informationTransform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.
978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han
More informationPower Analysis Based Side Channel Attack
CO411/2::Individual Project I & II Report arxiv:1801.00932v1 [cs.cr] 3 Jan 2018 Power Analysis Based Side Channel Attack Hasindu Gamaarachchi Harsha Ganegoda http://www.ce.pdn.ac.lk Department of Computer
More informationpaioli Power Analysis Immunity by Offsetting Leakage Intensity Sylvain Guilley perso.enst.fr/ guilley Telecom ParisTech
paioli Power Analysis Immunity by Offsetting Leakage Intensity Pablo Rauzy rauzy@enst.fr pablo.rauzy.name Sylvain Guilley guilley@enst.fr perso.enst.fr/ guilley Zakaria Najm znajm@enst.fr Telecom ParisTech
More informationRecommendations for Secure IC s and ASIC s
Recommendations for Secure IC s and ASIC s F. Mace, F.-X. Standaert, J.D. Legat, J.-J. Quisquater UCL Crypto Group, Microelectronics laboratory(dice), Universite Catholique de Louvain(UCL), Belgium email:
More informationElectromagnetic-based Side Channel Attacks
Electromagnetic-based Side Channel Attacks Yasmine Badr 10/28/2015 What is Side Channel Attack Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute
More informationTest Apparatus for Side-Channel Resistance Compliance Testing
Test Apparatus for Side-Channel Resistance Compliance Testing Michael Hutter, Mario Kirschbaum, Thomas Plos, and Jörn-Marc Schmidt Institute for Applied Information Processing and Communications (IAIK),
More informationChapter 4 The Data Encryption Standard
Chapter 4 The Data Encryption Standard History of DES Most widely used encryption scheme is based on DES adopted by National Bureau of Standards (now National Institute of Standards and Technology) in
More informationCorrelation Power Analysis of Lightweight Block Ciphers
Correlation Power Analysis of Lightweight Block Ciphers From Theory to Practice Alex Biryukov Daniel Dinu Johann Großschädl SnT, University of Luxembourg ESC 2017 (University of Luxembourg) CPA of Lightweight
More informationExploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks
University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School May 2017 Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks Weize Yu
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des
More informationDifferential Cryptanalysis of REDOC III
Differential Cryptanalysis of REDOC III Ken Shirriff Address: Sun Microsystems Labs, 2550 Garcia Ave., MS UMTV29-112, Mountain View, CA 94043. Ken.Shirriff@eng.sun.com Abstract: REDOC III is a recently-developed
More informationFinding the key in the haystack
A practical guide to Differential Power hunz Zn000h AT gmail.com December 30, 2009 Introduction Setup Procedure Tunable parameters What s DPA? side channel attack introduced by Paul Kocher et al. 1998
More informationA Novel Encryption System using Layered Cellular Automata
A Novel Encryption System using Layered Cellular Automata M Phani Krishna Kishore 1 S Kanthi Kiran 2 B Bangaru Bhavya 3 S Harsha Chaitanya S 4 Abstract As the technology is rapidly advancing day by day
More informationPseudorandom Number Generation and Stream Ciphers
Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationAnalysis of S-box in Image Encryption Using Root Mean Square Error Method
Analysis of S-box in Image Encryption Using Root Mean Square Error Method Iqtadar Hussain a, Tariq Shah a, Muhammad Asif Gondal b, and Hasan Mahmood c a Department of Mathematics, Quaid-i-Azam University,
More informationSymmetric-key encryption scheme based on the strong generating sets of permutation groups
Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan
More informationII. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it
Enhancement of RC4 Algorithm using PUF * Ziyad Tariq Mustafa Al-Ta i, * Dhahir Abdulhade Abdullah, Saja Talib Ahmed *Department of Computer Science - College of Science - University of Diyala - Iraq Abstract:
More informationCurrent Probe. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...
Current Probe Quick Start Guide What is in the box... 2 What does it do... 4 How to build a setup... 5 Help and troubleshooting... 8 Technical specifications... 9 2015 Current Probe 1 - QSG 1.0 1 / 12
More informationAn on-chip glitchy-clock generator and its application to safe-error attack
An on-chip glitchy-clock generator and its application to safe-error attack Sho Endo, Takeshi Sugawara, Naofumi Homma, Takafumi Aoki and Akashi Satoh Graduate School of Information Sciences, Tohoku University
More informationLOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD
LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE J.M. Rodrigues, W. Puech and C. Fiorio Laboratoire d Informatique Robotique et Microlectronique de Montpellier LIRMM,
More informationAn Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks
An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks ALI GALIP BAYRAK, NIKOLA VELICKOVIC, and PAOLO IENNE, Ecole Polytechnique Fédérale de Lausanne (EPFL) WAYNE BURLESON,
More informationA Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery
A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery Christophe Petit 1, François-Xavier Standaert 1, Olivier Pereira 1, Tal G. Malkin 2, Moti Yung 2 1, Université
More informationChapter 4 MASK Encryption: Results with Image Analysis
95 Chapter 4 MASK Encryption: Results with Image Analysis This chapter discusses the tests conducted and analysis made on MASK encryption, with gray scale and colour images. Statistical analysis including
More informationLocal and Direct EM Injection of Power into CMOS Integrated Circuits.
Local and Direct EM Injection of Power into CMOS Integrated Circuits. F. Poucheret 1,4, K.Tobich 2, M.Lisart 2,L.Chusseau 3, B.Robisson 4, P. Maurine 1 LIRMM Montpellier 1 ST Microelectronics Rousset 2
More informationM.E(I.T) Student, I.T Department, L.D College Of Engineering, Ahmedabad, Gujarat, India
ABSTRACT 2018 IJSRSET Volume 4 Issue 4 Print ISSN: 2395-1990 Online ISSN : 2394-4099 Themed Section : Engineering and Technology Multiple Image Encryption Using Chaotic Map And DNA Computing Aarti Patel
More information4. Design Principles of Block Ciphers and Differential Attacks
4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and
More informationTransient-Steady Effect Attack on Block Ciphers
Transient-Steady Effect Attack on Block Ciphers Yanting Ren 1,2, An Wang 1,2, and Liji Wu 1,2 1 Tsinghua National Laboratory for Information Science and Technology (TNList), Beijing, China 2 Institute
More informationA STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME
International Journal of Power Control Signal and Computation (IJPCSC) Vol. 2 No. 1 ISSN : 0976-268X A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME 1 P. Arunagiri, 2 B.Rajeswary, 3 S.Arunmozhi
More informationImage Encryption Based on the Modified Triple- DES Cryptosystem
International Mathematical Forum, Vol. 7, 2012, no. 59, 2929-2942 Image Encryption Based on the Modified Triple- DES Cryptosystem V. M. SILVA-GARCÍA 1, R. FLORES-CARAPIA 2, I. LÓPEZ-YAÑEZ 3 and C. RENTERÍA-MÁRQUEZ
More informationMohit Arora. The Art of Hardware Architecture. Design Methods and Techniques. for Digital Circuits. Springer
Mohit Arora The Art of Hardware Architecture Design Methods and Techniques for Digital Circuits Springer Contents 1 The World of Metastability 1 1.1 Introduction 1 1.2 Theory of Metastability 1 1.3 Metastability
More informationRandom Bit Generation and Stream Ciphers
Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.
More informationWhy (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Sandy Clark Travis Goodspeed Perry Metzger Zachary Wasserman Kevin Xu Matt Blaze Usenix
More informationChapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS
44 Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS 45 CHAPTER 3 Chapter 3: LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING
More informationDifferential Power Analysis Attack on FPGA Implementation of AES
1 Differential Power Analysis Attack on FPGA Implementation of AES Rajesh Velegalati, Panasayya S V V K Yalla Abstract Cryptographic devices have found their way into a wide range of application and the
More informationLow Randomness Masking and Shulfifgn:
Low Randomness Masking and Shulfifgn: An Evaluation Using Mutual Information Kostas Papagiannopoulos kostaspap88@gmail.com kpcrypto.net Radboud University Nijmegen Digital Security Department The Netherlands
More informationאני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University
More informationCESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis
CESEL: Flexible Crypto Acceleration Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis Cryptography Mathematical operations to secure data Fundamental for building secure systems Computationally intensive:
More informationPower Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC.
Power Analysis an overview Agenda Benedikt Gierlichs KU Leuven COSIC, Belgium benedikt.gierlichs@esat.kuleuven.be Measurements Analysis Pre-processing Summer School on Design and security of cryptographic
More informationWhen Electromagnetic Side Channels Meet Radio Transceivers
Screaming Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon What s this all about? - A novel attack
More informationOverview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography
CSC 580 Cryptography and Computer Security Math Basics for Cryptography January 25, 2018 Overview Today: Math basics (Sections 2.1-2.3) To do before Tuesday: Complete HW1 problems Read Sections 3.1, 3.2
More informationMeet-in-the-Middle Attacks on Reduced-Round Midori-64
Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Li Lin and Wenling Wu Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
More informationOn Permutation Operations in Cipher Design
On Permutation Operations in Cipher Design Ruby B. Lee, Z. J. Shi and Y. L. Yin Princeton University Department of Electrical Engineering B-218, Engineering Quadrangle Princeton, NJ 08544, U.S.A. Email:
More informationCourse Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here
Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1 Cryptography CS 555 Topic 17: DES, 3DES 2 Recap Goals for This Week: Practical
More informationMethodologies for power analysis attacks on hardware implementations of AES
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 8-1-2009 Methodologies for power analysis attacks on hardware implementations of AES Kenneth James Smith Follow
More informationMixed Synchronous/Asynchronous State Memory for Low Power FSM Design
Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design Cao Cao and Bengt Oelmann Department of Information Technology and Media, Mid-Sweden University S-851 70 Sundsvall, Sweden {cao.cao@mh.se}
More informationInvestigations of Power Analysis Attacks on Smartcards
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Investigations of Power Analysis
More informationDeepStack: Expert-Level AI in Heads-Up No-Limit Poker. Surya Prakash Chembrolu
DeepStack: Expert-Level AI in Heads-Up No-Limit Poker Surya Prakash Chembrolu AI and Games AlphaGo Go Watson Jeopardy! DeepBlue -Chess Chinook -Checkers TD-Gammon -Backgammon Perfect Information Games
More informationCryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1
Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption
More informationDIFFERENTIAL power analysis (DPA) attacks can obtain
438 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 63, NO. 5, MAY 2016 Charge-Withheld Converter-Reshuffling: A Countermeasure Against Power Analysis Attacks Weize Yu and Selçuk Köse,
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic
More informationNetwork Security: Secret Key Cryptography
1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified
More informationFive-Card Secure Computations Using Unequal Division Shuffle
Five-Card Secure Computations Using Unequal Division Shuffle Akihiro Nishimura, Takuya Nishida, Yu-ichi Hayashi, Takaaki Mizuki, and Hideaki Sone Sone-Mizuki Lab., Graduate School of Information Sciences,
More informationEliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA
Eliminating Random Permutation Oracles in the Even-Mansour Cipher Zulfikar Ramzan Joint work w/ Craig Gentry DoCoMo Labs USA ASIACRYPT 2004 Outline Even-Mansour work and open problems. Main contributions
More informationConstant Power Reconfigurable Computing
Constant Power Reconfigurable Computing Adrien Le Masle 1, Gary C T Chow 2, Wayne Luk 3 Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK { 1 al1108, 2 cchow, 3 wl}@docicacuk
More informationTowards Optimal Pre-processing in Leakage Detection
Towards Optimal Pre-processing in Leakage Detection Changhai Ou, Degang Sun, Zhu Wang and Xinping Zhou Institute of Information Engineering, Chinese Academy of Sciences 2 School of Cyber Security, University
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 6: Physical Side Channel Attacks on PCs Guest lecturer: Lev Pachmanov 1 Side channel attacks probing CPU architecture optical
More informationTriple-DES Block of 96 Bits: An Application to. Colour Image Encryption
Applied Mathematical Sciences, Vol. 7, 2013, no. 23, 1143-1155 HIKARI Ltd, www.m-hikari.com Triple-DES Block of 96 Bits: An Application to Colour Image Encryption V. M. Silva-García Instituto politécnico
More informationProvably weak instances of Ring-LWE revisited
Provably weak instances of Ring-LWE revisited Wouter Castryck 1,2, Ilia Iliashenko 1, Frederik Vercauteren 1,3 1 COSIC, KU Leuven 2 Ghent University 3 Open Security Research EUROCRYPT, May 9, 2016 Provably
More informationDifferential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem
Differential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem Martin Petrvalsky, Tania Richmond, Milos Drutarovsky, Pierre-Louis Cayrel, Viktor Fischer To cite this version:
More informationHardware Bit-Mixers. Laszlo Hars January, 2016
Hardware Bit-Mixers Laszlo Hars January, 2016 Abstract A new concept, the Bit-Mixer is introduced. It is a function of fixed, possibly different size of input and output, which computes statistically uncorrelated
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random
More informationCryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 1 Cryptography Module in Autumn Term 2016 University of Birmingham Lecturers: Mark D. Ryan and David Galindo Slides originally written
More informationThis chapter describes the objective of research work which is covered in the first
4.1 INTRODUCTION: This chapter describes the objective of research work which is covered in the first chapter. The chapter is divided into two sections. The first section evaluates PAPR reduction for basic
More informationSome Cryptanalysis of the Block Cipher BCMPQ
Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,
More informationאני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv
More informationCard-Based Protocols for Securely Computing the Conjunction of Multiple Variables
Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables Takaaki Mizuki Tohoku University tm-paper+cardconjweb[atmark]g-mailtohoku-universityjp Abstract Consider a deck of real
More informationJICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks
JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks Sheng-Yuan Chiu 1,2, Hoang Hai Nguyen 1, Rui Tan 1, David K.Y. Yau 1,3,Deokwoo Jung 1 1 Advanced Digital Science Center,
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper
More informationRobust Key Establishment in Sensor Networks
Robust Key Establishment in Sensor Networks Yongge Wang Abstract Secure communication guaranteeing reliability, authenticity, and privacy in sensor networks with active adversaries is a challenging research
More informationLossy Compression of Permutations
204 IEEE International Symposium on Information Theory Lossy Compression of Permutations Da Wang EECS Dept., MIT Cambridge, MA, USA Email: dawang@mit.edu Arya Mazumdar ECE Dept., Univ. of Minnesota Twin
More informationEnhance Image using Dynamic Histogram and Data Hiding Technique
_ Enhance Image using Dynamic Histogram and Data Hiding Technique 1 D.Bharadwaja, 2 Y.V.N.Tulasi 1 Department of CSE, Gudlavalleru Engineering College, Email: bharadwaja599@gmail.com 2 Department of CSE,
More informationEvaluation of the Masked Logic Style MDPL on a Prototype Chip
Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp 1, Mario Kirschbaum 1, Thomas Zefferer 1, and Stefan Mangard 2, 1 Institute for Applied Information Processing and Communications
More informationOQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS
Proceedings of SDR'11-WInnComm-Europe, 22-24 Jun 2011 OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS Raúl Torrego (Communications department:
More informationA New Image Steganography Depending On Reference & LSB
A New Image Steganography Depending On & LSB Saher Manaseer 1*, Asmaa Aljawawdeh 2 and Dua Alsoudi 3 1 King Abdullah II School for Information Technology, Computer Science Department, The University of
More informationRandom. Bart Massey Portland State University Open Source Bridge Conf. June 2014
Random Bart Massey Portland State University Open Source Bridge Conf. June 2014 No Clockwork Universe Stuff doesn't always happen the same even when conditions seem pretty identical.
More information