Correlation Power Analysis of Lightweight Block Ciphers
|
|
- Lewis Burke
- 5 years ago
- Views:
Transcription
1 Correlation Power Analysis of Lightweight Block Ciphers From Theory to Practice Alex Biryukov Daniel Dinu Johann Großschädl SnT, University of Luxembourg ESC 2017 (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
2 Outline 1 Motivation 2 Theory Selection Function Correlation Power Analysis (CPA) 3 Practice Evaluation Framework Quantifying the Leakage Results 4 Conclusion (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
3 Motivation Theory many theoretical metrics for the SCA resistance of S-boxes: Nonlinearity (NL) Transparency Order (TO) Improved Transparency Order (ITO) DPA Signal-to-Noise Ratio (SNR)... SCA resistance is often associated with low nonlinearity (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
4 Motivation Theory many theoretical metrics for the SCA resistance of S-boxes: Nonlinearity (NL) Transparency Order (TO) Improved Transparency Order (ITO) DPA Signal-to-Noise Ratio (SNR)... SCA resistance is often associated with low nonlinearity Practice how good are these theoretical metrics to quantify the SCA leakage? which are the best targets for SCA attacks? (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
5 Selection Function x known part of the input of the round function k unknown part of the round key Definition (Selection Function) In the context of side-channel attacks, a selection function gives the intermediate result, also referred to as sensitive value φ k, which is used by the attacker to recover the secret key. ϕ : F n 2 F m 2 φ k = ϕ(x, k) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
6 Correlation Power Analysis (CPA) φ k = ϕ(x, k) sensitive value used by the attacker to recover the secret key x known part of the input of the round function k unknown part of the round key Definition (Correlation Power Analysis (CPA)) Given a set of power traces and the corresponding sets of intermediate values φ 1, φ 2,...φ 2 k, Correlation Power Analysis (CPA) aims at recovering the secret subkey k using a correlation factor between the measured power samples and the power model of the computed sensitive values. (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
7 Evaluation Framework Measurement Setup target board: 8-bit AVR ATmega2561 oscilloscope: LeCroy waverunner 104MXi noise reduction: Farday cage, regulated power supply, fiber-optic communication (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
8 Evaluation Framework Measurement Setup target board: 8-bit AVR ATmega2561 oscilloscope: LeCroy waverunner 104MXi noise reduction: Farday cage, regulated power supply, fiber-optic communication Metrics Success Rate (SR) Guessing Entropy (GE) average over 100 experiments up to 2000 traces per experiment (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
9 Quantifying the Leakage Which assembly instruction leaks more? register-only instructions: and, add memory access instructions: lpm, ld, st (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
10 Quantifying the Leakage Which assembly instruction leaks more? register-only instructions: and, add memory access instructions: lpm, ld, st Which selection function leaks more? logical operations: AND ( ), OR ( ), XOR ( ) modular addition: ADD ( ), ADC ( ) S-boxes: AES, LBlock, Piccolo, PRINCE L-boxes: Fantomas (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
11 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ = c k c k 0 Leaks more (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
12 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ < 0 δ = c k c k 0 Leaks more several guesses c k c k δ (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
13 Correlation Coefficient Difference (δ) Definition (Correlation Coefficient Difference) The difference between the correlation coefficient of the correct key k, i.e. c k, and the correlation coefficient of the most likely key guess k, i.e. c k, with k k. Leaks less δ < 0 δ = c k c k 0 δ > 0 Leaks more several guesses 1 guess c k c k δ c k c k δ (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
14 Understanding the Device s Leakage Cor. Coef. Diff. (δ) and add -0.6 lpm ld st x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key register-only instructions: and, add memory instructions: lpm, ld, st (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
15 Comparison of Different Selection Functions target st instruction 4 groups of selection functions: logical operations: AND ( ), OR ( ), XOR ( ) modular addition: ADD ( ), ADC ( ) S-boxes: AES, LBlock, Piccolo, PRINCE L-boxes: Fantomas (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
16 1. Logical Operations Cor. Coef. Diff. (δ) ϕ 1 ϕ 2 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
17 2. Modular Addition 0.2 ϕ 4 ϕ 5 Cor. Coef. Diff. (δ) x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 4 (x, k) = x k ϕ 5 (x, k, c) = x k c (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
18 3. S-boxes 0.7 Cor. Coef. Diff. (δ) ϕ 6 ϕ 7 ϕ 8 ϕ 9 ϕ 10 ϕ 11 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key 8-bit: ϕ 6 = S AES (x k) 4-bit: ϕ 7 = S LBlock (x k), ϕ 9 = S Piccolo (x k), ϕ 11 = S PRINCE (x k) 8-bit: ϕ 8 = S LBlock (x k), ϕ 10 = S Piccolo (x k), ϕ 12 = S PRINCE (x k) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
19 4. L-boxes Cor. Coef. Diff. (δ) ϕ 13 ϕ 14 ϕ 15 ϕ x00 0x01 0x03 0x07 0x0F 0x1F 0x3F 0x7F 0xFF Correct Key ϕ 13 = LSB(L 1 1,Fantomas (x k)), ϕ 14 = MSB(L 1 1,Fantomas (x k)), ϕ 15 = LSB(L 1 2,Fantomas (x k)), ϕ 16 = MSB(L 1 2,Fantomas (x k)) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
20 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
21 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
22 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) 4-bit vs. 8-bit S-layer (e.g. LBlock) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
23 Comparison of Different Selection Functions Selection function n m NL δ ϕ 1 (x, k) = x k ϕ 2 (x, k) = x k ϕ 3 (x, k) = x k ϕ 4 (x, k) = x k ϕ 6 (x k) = S AES (x k) ϕ 7 (x k) = S LBlock (x k) ϕ 8 (x k) = S LBlock (x k) ϕ 15 (x k) = LSB(L 1 2,Fantomas (x k)) sometimes nonlinearity (NL) fails to quantify resilience to CPA: biwtwise operations (AND, OR) 4-bit vs. 8-bit S-layer (e.g. LBlock) L-layer (e.g. Fantomas) (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
24 Analysed Ciphers Selection criteria: good software performance in the Triathlon competition 1 variety of design constructions Cipher Block Size Key Size Attacked Structure (bits) (bits) Operation AES SPN S-box lookup Fantomas SPN L-box lookup LBlock Feistel S-box lookup Piccolo Feistel S-box lookup PRINCE SPN S-box lookup RC Feistel modular addition Simon Feistel bitwise AND Speck Feistel modular subtraction 1 (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
25 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
26 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
27 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
28 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo SNR differentiates between LBlock, Piccolo and PRINCE (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
29 Properties of S-boxes Cipher S-box NL TO ITO SNR δ SE δ AES S LBlock S Piccolo S PRINCE S NL could not differentiate between LBlock, Piccolo and PRINCE TO, ITO could not differentiate between LBlock and Piccolo SNR differentiates between LBlock, Piccolo and PRINCE δ no clear differentiation between LBlock and Piccolo (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
30 Measurement Setup High-cost (> $5, 000) custom measurement board LeCroy waverunner 104MXi noise reduction (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
31 Measurement Setups High-cost (> $5, 000) Low-cost (< $300) custom measurement board Arduino Uno LeCroy waverunner 104MXi Digilent Analog Discovery noise reduction no noise reduction (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
32 Results Cipher High-cost Setup Low-cost Setup # Traces GE # Traces GE (SR 80%) (2000 Traces) (SR 80%) (2000 Traces) AES Fantomas LBlock Piccolo PRINCE RC Simon Speck recover 32 bits of the round key K = 0x (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
33 Results Recap two main classes of lightweight ciphers with respect to their implementations resistance against CPA First Class ciphers that use lookup tables full key recovery (GE = 0) 8-bit S-box: AES 4-bit S-box: LBlock, Piccolo, PRINCE L-box: Fantomas Second Class ARX designs partial key recovery (GE 0) RC5, Simon, Speck (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
34 Conclusion practical approach to evaluate SCA leakage (theory practice) nonlinearity should not be used to estimate SCA resilience avoid lookup tables and memory instructions (ldm, ld, st) implementation tricks to increase SCA resilience ARX designs show a certain level of intrinsic resilience against CPA (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
35 Conclusion practical approach to evaluate SCA leakage (theory practice) nonlinearity should not be used to estimate SCA resilience avoid lookup tables and memory instructions (ldm, ld, st) implementation tricks to increase SCA resilience ARX designs show a certain level of intrinsic resilience against CPA Thank you! (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 21
36 Results Random Key Cipher High-cost Setup Low-cost Setup # Traces GE # Traces GE (SR 80%) (2000 Traces) (SR 80%) (2000 Traces) AES Fantomas LBlock Piccolo PRINCE RC Simon Speck recover 32 bits of the round key K = 0xd749715b (University of Luxembourg) CPA of Lightweight Block Ciphers ESC / 0
Power Analysis Based Side Channel Attack
CO411/2::Individual Project I & II Report arxiv:1801.00932v1 [cs.cr] 3 Jan 2018 Power Analysis Based Side Channel Attack Hasindu Gamaarachchi Harsha Ganegoda http://www.ce.pdn.ac.lk Department of Computer
More informationFinding the key in the haystack
A practical guide to Differential Power hunz Zn000h AT gmail.com December 30, 2009 Introduction Setup Procedure Tunable parameters What s DPA? side channel attack introduced by Paul Kocher et al. 1998
More informationEvaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit
R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and
More informationPower Analysis Attacks on SASEBO January 6, 2010
Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER
More informationJICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks
JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks Sheng-Yuan Chiu 1,2, Hoang Hai Nguyen 1, Rui Tan 1, David K.Y. Yau 1,3,Deokwoo Jung 1 1 Advanced Digital Science Center,
More informationTime-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala
Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are
More informationThreshold Implementations. Svetla Nikova
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold
More informationDPA Leakage Models for CMOS Logic Circuits
CHES 25 in Edinburgh DPA Leakage Models for CMOS Logic Circuits Daisuke Suzuki Minoru Saeki Mitsubishi Electric Corporation, Information Technology R&D Center Tetsuya Ichikawa Mitsubishi Electric Engineering
More informationTransform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.
978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han
More informationTest Apparatus for Side-Channel Resistance Compliance Testing
Test Apparatus for Side-Channel Resistance Compliance Testing Michael Hutter, Mario Kirschbaum, Thomas Plos, and Jörn-Marc Schmidt Institute for Applied Information Processing and Communications (IAIK),
More informationMethodologies for power analysis attacks on hardware implementations of AES
Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 8-1-2009 Methodologies for power analysis attacks on hardware implementations of AES Kenneth James Smith Follow
More informationWhen Failure Analysis Meets Side-Channel Attacks
When Failure Analysis Meets Side-Channel Attacks Jérôme DI-BATTISTA (THALES), Jean-Christophe COURREGE (THALES), Bruno ROUZEYRE (LIRMM), Lionel TORRES (LIRMM), Philippe PERDU (CNES) Outline Introduction
More informationConstructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald
Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations Si Gao, Arnab Roy, and Elisabeth Oswald Outline Introduction Design Philosophy Sbox Constructions Implementations Summary
More informationk-nearest Neighbors Algorithm in Profiling Power Analysis Attacks
RADIOENGINEERING, VOL. 25, NO. 2, JUNE 2016 365 k-nearest Neighbors Algorithm in Profiling Power Analysis Attacks Zdenek MARTINASEK 1, Vaclav ZEMAN 1, Lukas MALINA 1, Josef MARTINASEK 2 1 Dept. of Telecommunications,
More informationA Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery
A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery Christophe Petit 1, François-Xavier Standaert 1, Olivier Pereira 1, Tal G. Malkin 2, Moti Yung 2 1, Université
More informationHardware Bit-Mixers. Laszlo Hars January, 2016
Hardware Bit-Mixers Laszlo Hars January, 2016 Abstract A new concept, the Bit-Mixer is introduced. It is a function of fixed, possibly different size of input and output, which computes statistically uncorrelated
More informationpaioli Power Analysis Immunity by Offsetting Leakage Intensity Sylvain Guilley perso.enst.fr/ guilley Telecom ParisTech
paioli Power Analysis Immunity by Offsetting Leakage Intensity Pablo Rauzy rauzy@enst.fr pablo.rauzy.name Sylvain Guilley guilley@enst.fr perso.enst.fr/ guilley Zakaria Najm znajm@enst.fr Telecom ParisTech
More informationTowards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA
Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA Sharon Goldberg* Ron Menendez **, Paul R. Prucnal* *, **Telcordia Technologies OFC 27, Anaheim, CA, March 29, 27 Secret key Security for
More informationEliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA
Eliminating Random Permutation Oracles in the Even-Mansour Cipher Zulfikar Ramzan Joint work w/ Craig Gentry DoCoMo Labs USA ASIACRYPT 2004 Outline Even-Mansour work and open problems. Main contributions
More informationFrom New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security
From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security Stéphanie Kerckhof, François-Xavier Standaert, Eric Peeters CARDIS 2013 November 2013 Microelectronics Laboratory
More informationEvaluation of the Masked Logic Style MDPL on a Prototype Chip
Evaluation of the Masked Logic Style MDPL on a Prototype Chip Thomas Popp, Mario Kirschbaum, Thomas Zefferer Graz University of Technology Institute for Applied Information Processing and Communications
More informationDifferential Power Analysis Attack on FPGA Implementation of AES
1 Differential Power Analysis Attack on FPGA Implementation of AES Rajesh Velegalati, Panasayya S V V K Yalla Abstract Cryptographic devices have found their way into a wide range of application and the
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random
More informationCourse Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here
Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1 Cryptography CS 555 Topic 17: DES, 3DES 2 Recap Goals for This Week: Practical
More informationConditional Cube Attack on Reduced-Round Keccak Sponge Function
Conditional Cube Attack on Reduced-Round Keccak Sponge Function Senyang Huang 1, Xiaoyun Wang 1,2,3, Guangwu Xu 4, Meiqin Wang 2,3, Jingyuan Zhao 5 1 Institute for Advanced Study, Tsinghua University,
More informationBlock Ciphers Security of block ciphers. Symmetric Ciphers
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 26 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable
More informationRecommendations for Secure IC s and ASIC s
Recommendations for Secure IC s and ASIC s F. Mace, F.-X. Standaert, J.D. Legat, J.-J. Quisquater UCL Crypto Group, Microelectronics laboratory(dice), Universite Catholique de Louvain(UCL), Belgium email:
More informationMeet-in-the-Middle Attacks on Reduced-Round Midori-64
Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Li Lin and Wenling Wu Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
More informationCSIsnoop: Attacker Inference of Channel State Information in Multi-User WLANs
CSIsnoop: Attacker Inference of Channel State Information in Multi-User WLANs Xu Zhang and Edward W. Knightly ECE Department, Rice University Channel State Information (CSI) CSI plays a key role in wireless
More informationVariety of scalable shuffling countermeasures against side channel attacks
Variety of scalable shuffling countermeasures against side channel attacks Nikita Veshchikov, Stephane Fernandes Medeiros, Liran Lerman Department of computer sciences, Université libre de Bruxelles, Brussel,
More informationTunnel FET Current Mode Logic for DPA-Resilient Circuit Designs
Received 6 October 2015; revised 4 February 2016; accepted 22 March 2016. Date of publication 27 April 2016; date of current version 6 September 2017. Digital Object Identifier 10.1109/TETC.2016.2559159
More informationNew Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256
New Linear Cryptanalytic Results of Reduced-Round of CAST-28 and CAST-256 Meiqin Wang, Xiaoyun Wang, and Changhui Hu Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,
More informationarxiv: v1 [cs.cr] 2 May 2016
Power Side Channels in Security ICs: Hardware Countermeasures Lu Zhang 1, Luis Vega 2, and Michael Taylor 3 Computer Science and Engineering University of California, San Diego {luzh 1, lvgutierrez 2,
More informationComparison of Profiling Power Analysis Attacks Using Templates and Multi-Layer Perceptron Network
Comparison of Profiling Power Analysis Attacks Using Templates and Multi-Layer Perceptron Network Zdenek Martinasek and Lukas Malina Abstract In recent years, the cryptographic community has explored new
More informationLoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR. Pieter Robyns
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security
More informationFIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begül Bilgin, Andrey Bogdanov, Miroslav Knežević, Florian Mendel, and Qingju Wang DIAC 2013, Chicago 1 Side
More informationInvestigations of Power Analysis Attacks on Smartcards
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Investigations of Power Analysis
More informationEE 109 Midterm Review
EE 109 Midterm Review 1 2 Number Systems Computer use base 2 (binary) 0 and 1 Humans use base 10 (decimal) 0 to 9 Humans using computers: Base 16 (hexadecimal) 0 to 15 (0 to 9,A,B,C,D,E,F) Base 8 (octal)
More informationDifferential-Phase-Shift Quantum Key Distribution
Differential-Phase-Shift Quantum Key Distribution Kyo Inoue Osaka University NTT Basic Research Laboratories JST CREST Collaboration with H. Takesue, T. Honjo (NTT Basic Res. Labs.) Yamamoto group (Stanford
More informationAnalysis of Self-Pulsation in Distributed Bragg Reflector Laser based on Four-Wave Mixing
Analysis of Self-Pulsation in Distributed Bragg Reflector Laser based on Four-Wave Mixing P. Landais 1, J. Renaudier 2, P. Gallion 2 and G.-H.Duan 3 1 School of Electronic Engineering, Dublin City University,
More informationA Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies
A Simulation-Based Methodology for Evaluating the DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies Francesco Regazzoni 1, Stéphane Badel 2, Thomas Eisenbarth
More informationOversampling Converters
Oversampling Converters Behzad Razavi Electrical Engineering Department University of California, Los Angeles Outline Basic Concepts First- and Second-Order Loops Effect of Circuit Nonidealities Cascaded
More informationQuantum Cryptography Kvantekryptering
Lecture in "Fiberkomponenter" course, November 13, 2003 NTNU Quantum Cryptography Kvantekryptering Vadim Makarov www.vad1.com/qcr/ Classical vs. quantum information Classical information Perfect copy Unchanged
More informationDebouncing Switches. The non-ideal behavior of the contacts that creates multiple electrical transitions for a single user input.
Mechanical switches are one of the most common interfaces to a uc. Switch inputs are asynchronous to the uc and are not electrically clean. Asynchronous inputs can be handled with a synchronizer (2 FF
More informationSynchronous Sampling and Clock Recovery of Internal Oscillators for Side Channel Analysis
Synchronous Sampling and Clock Recovery of Internal Oscillators for Side Channel Analysis Colin O'Flynn and Zhizhang (David) Chen Dalhousie University, Halifax, Canada {coflynn, z.chen}@dal.ca Abstract.
More informationNPTEL. VLSI Data Conversion Circuits - Video course. Electronics & Communication Engineering.
NPTEL Syllabus VLSI Data Conversion Circuits - Video course COURSE OUTLINE This course covers the analysis and design of CMOS Analog-to-Digital and Digital-to-Analog Converters,with about 7 design assigments.
More informationPaper presentation Ultra-Portable Devices
Paper presentation Ultra-Portable Devices Paper: Lourans Samid, Yiannos Manoli, A Low Power and Low Voltage Continuous Time Δ Modulator, ISCAS, pp 4066-4069, 23 26 May, 2005. Presented by: Dejan Radjen
More informationDETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk
DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE Adrien Le Masle, Wayne Luk Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK email: {al1108,wl}@doc.ic.ac.uk ABSTRACT
More informationADC and DAC Standards Update
ADC and DAC Standards Update Revised ADC Standard 2010 New terminology to conform to Std-1057 SNHR became SNR SNR became SINAD Added more detailed test-setup descriptions Added more appendices Reorganized
More informationTowards Optimal Pre-processing in Leakage Detection
Towards Optimal Pre-processing in Leakage Detection Changhai Ou, Degang Sun, Zhu Wang and Xinping Zhou Institute of Information Engineering, Chinese Academy of Sciences 2 School of Cyber Security, University
More informationEncryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme
Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme Sharon Goldberg * Ron Menendez **, Paul R. Prucnal * *, ** Telcordia Technologies IPAM Workshop on Special
More informationSignal Conditioning Parameters for OOFDM System
Chapter 4 Signal Conditioning Parameters for OOFDM System 4.1 Introduction The idea of SDR has been proposed for wireless transmission in 1980. Instead of relying on dedicated hardware, the network has
More informationADC and DAC converters. Laboratory Instruction
ADC and DAC converters Laboratory Instruction Prepared by: Łukasz Buczek 05.2015 Rev. 2018 1. Aim of exercise The aim of exercise is to learn the basics of the analog-to-digital (ADC) and digital-to-analog
More informationExploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks
University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School May 2017 Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks Weize Yu
More informationAdvances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers
Air Force Institute of Technology AFIT Scholar Theses and Dissertations 9-18-2014 Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 6: Physical Side Channel Attacks on PCs Guest lecturer: Lev Pachmanov 1 Side channel attacks probing CPU architecture optical
More informationRecovering Lost Sensor Data through Compressed Sensing
Recovering Lost Sensor Data through Compressed Sensing Zainul Charbiwala Collaborators: Younghun Kim, Sadaf Zahedi, Supriyo Chakraborty, Ting He (IBM), Chatschik Bisdikian (IBM), Mani Srivastava The Big
More informationCommunication using Synchronization of Chaos in Semiconductor Lasers with optoelectronic feedback
Communication using Synchronization of Chaos in Semiconductor Lasers with optoelectronic feedback S. Tang, L. Illing, J. M. Liu, H. D. I. barbanel and M. B. Kennel Department of Electrical Engineering,
More informationאני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים
אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des
More informationFIBRE CHANNEL CONSORTIUM
FIBRE CHANNEL CONSORTIUM FC-PI-2 Clause 9 Electrical Physical Layer Test Suite Version 0.21 Technical Document Last Updated: August 15, 2006 Fibre Channel Consortium Durham, NH 03824 Phone: +1-603-862-0701
More informationKeywords: dynamic P-Box and S-box, modular calculations, prime numbers, key encryption, code breaking.
INTRODUCING DYNAMIC P-BOX AND S-BOX BASED ON MODULAR CALCULATION AND KEY ENCRYPTION FOR ADDING TO CURRENT CRYPTOGRAPHIC SYSTEMS AGAINST THE LINEAR AND DIFFERENTIAL CRYPTANALYSIS M. Zobeiri and B. Mazloom-Nezhad
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128
More informationProxiMate : Proximity Based Secure Pairing using Ambient Wireless Signals
ProxiMate : Proximity Based Secure Pairing using Ambient Wireless Signals Suhas Mathur AT&T Security Research Group Rob Miller, Alex Varshavsky, Wade Trappe, Narayan Madayam Suhas Mathur (AT&T) firstname
More informationUltrafast electro-optic delay Reservoir
Ultrafast electro-optic delay Reservoir Laurent Larger 1, A. Baylón Fuentes 1, R. Martinenghi 1, M. Jacquot 1, Y.K. Chembo 1, and V.S. Udaltsov 1,2 1 University Bourgogne Franche-Comté, FEMTO-ST institute
More informationMMF Channel Characteristics
MMF Channel Characteristics J. Ewen, E. Borisch JDS Uniphase P. Pepeljugoski, A. Risteski IBM 1 Motivation / Outline Fiber impulse response Critical importance of launch conditions, connectors, etc. Variability
More informationImplementation of All-Optical Logic AND Gate using XGM based on Semiconductor Optical Amplifiers
Implementation of All-Optical Logic AND Gate using XGM based on Semiconductor Optical Amplifiers Sang H. Kim 1, J. H. Kim 1,2, C. W. Son 1, G. Kim 1, Y. T. yun 1, Y. M. Jhon 1, S. Lee 1, D. H. Woo 1, and
More informationHigh Speed Digital Design & Verification Seminar. Measurement fundamentals
High Speed Digital Design & Verification Seminar Measurement fundamentals Agenda Sources of Jitter, how to measure and why Importance of Noise Select the right probes! Capture the eye diagram Why measure
More informationECE 556 BASICS OF DIGITAL SPEECH PROCESSING. Assıst.Prof.Dr. Selma ÖZAYDIN Spring Term-2017 Lecture 2
ECE 556 BASICS OF DIGITAL SPEECH PROCESSING Assıst.Prof.Dr. Selma ÖZAYDIN Spring Term-2017 Lecture 2 Analog Sound to Digital Sound Characteristics of Sound Amplitude Wavelength (w) Frequency ( ) Timbre
More informationChapter 2 Distributed Consensus Estimation of Wireless Sensor Networks
Chapter 2 Distributed Consensus Estimation of Wireless Sensor Networks Recently, consensus based distributed estimation has attracted considerable attention from various fields to estimate deterministic
More informationSynchronization Method for SCA and Fault Attacks
Journal of Cryptographic Engineering (2011) 1:71-77 DOI 10.1007/s13389-011-0004-0 Synchronization Method for SCA and Fault Attacks Sergei Skorobogatov Received: 15 November 2010 / Accepted: 16 January
More informationSide-Channel Leakage through Static Power
Side-Channel Leakage through Static Power Should We Care about in Practice? Amir Moradi Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany amir.moradi@rub.de Abstract. By shrinking
More informationAn Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks
An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks ALI GALIP BAYRAK, NIKOLA VELICKOVIC, and PAOLO IENNE, Ecole Polytechnique Fédérale de Lausanne (EPFL) WAYNE BURLESON,
More informationFPGA Side Channel Attacks without Physical Access
FPGA Side Channel Attacks without Physical Access Chethan Ramesh, Shivukumar B. Patil, Siva Nishok Dhanuskodi, George Provelengios, Sébastien Pillement, Daniel Holcomb, and Russell Tessier Department of
More informationLoading Binary Waveforms into ArbStudio. SampleRate. SampleRate 1GS LAB BRIEF LAB-913
Loading Binary Waveforms into ArbStudio LAB BRIEF LAB-913 March 07, 2012 Summary It is possible to load and replay binary trc-files captured with a LeCroy oscilloscope with the ArbStudio arbitrary waveform
More informationDesign and FPGA Implementation of an Adaptive Demodulator. Design and FPGA Implementation of an Adaptive Demodulator
Design and FPGA Implementation of an Adaptive Demodulator Sandeep Mukthavaram August 23, 1999 Thesis Defense for the Degree of Master of Science in Electrical Engineering Department of Electrical Engineering
More informationA VCO-based analog-to-digital converter with secondorder sigma-delta noise shaping
A VCO-based analog-to-digital converter with secondorder sigma-delta noise shaping The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters.
More informationSIDE-CHANNEL attacks exploit the leaked physical information
546 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 57, NO. 7, JULY 2010 A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators Po-Chun Liu, Hsie-Chia Chang, Member, IEEE,
More informationNOVEMBER 29, 2017 COURSE PROJECT: CMOS TRANSIMPEDANCE AMPLIFIER ECG 720 ADVANCED ANALOG IC DESIGN ERIC MONAHAN
NOVEMBER 29, 2017 COURSE PROJECT: CMOS TRANSIMPEDANCE AMPLIFIER ECG 720 ADVANCED ANALOG IC DESIGN ERIC MONAHAN 1.Introduction: CMOS Transimpedance Amplifier Avalanche photodiodes (APDs) are highly sensitive,
More informationPerformance Comparison of ZF, LMS and RLS Algorithms for Linear Adaptive Equalizer
Advance in Electronic and Electric Engineering. ISSN 2231-1297, Volume 4, Number 6 (2014), pp. 587-592 Research India Publications http://www.ripublication.com/aeee.htm Performance Comparison of ZF, LMS
More informationWe are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists. International authors and editors
We are IntechOpen, the world s leading publisher of Open Access books Built by scientists, for scientists 3,7 18,5 1.7 M Open access books available International authors and editors Downloads Our authors
More informationEavesdropping Attacks on High-Frequency RFID Tokens
Eavesdropping Attacks on High-Frequency RFID Tokens p. 1 Eavesdropping Attacks on High-Frequency RFID Tokens Gerhard P. Hancke July 11, 2008 Eavesdropping Attacks on High-Frequency RFID Tokens p. 2 What
More informationCommunications IB Paper 6 Handout 3: Digitisation and Digital Signals
Communications IB Paper 6 Handout 3: Digitisation and Digital Signals Jossy Sayir Signal Processing and Communications Lab Department of Engineering University of Cambridge jossy.sayir@eng.cam.ac.uk Lent
More informationNoise Analysis of AHR Spectrometer Author: Andrew Xiang
1. Introduction Noise Analysis of AHR Spectrometer Author: Andrew Xiang The noise from Spectrometer can be very confusing. We will categorize different noise and analyze them in this document from spectrometer
More informationMerkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)
Merkle s Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems, UMI Research press, 1982 Merkle, Secure Communications Over Insecure Channels, CACM, Vol. 21, No. 4, pp. 294-299, April 1978
More informationIDPAL - Input Decoupled Partially Adiabatic Logic Family: Theory and Implementation of Side- Channel Attack Resistant Circuits
Old Dominion University ODU Digital Commons Electrical & Computer Engineering Theses & Disssertations Electrical & Computer Engineering Spring 2016 IDPAL - Input Decoupled Partially Adiabatic Logic Family:
More informationInvestigate the characteristics of PIN Photodiodes and understand the usage of the Lightwave Analyzer component.
PIN Photodiode 1 OBJECTIVE Investigate the characteristics of PIN Photodiodes and understand the usage of the Lightwave Analyzer component. 2 PRE-LAB In a similar way photons can be generated in a semiconductor,
More informationDoes The Radio Even Matter? - Transceiver Characterization Testing Framework
Does The Radio Even Matter? - Transceiver Characterization Testing Framework TRAVIS COLLINS, PHD ROBIN GETZ 2017 Analog Devices, Inc. All rights reserved. 1 Which cost least? 3 2017 Analog Devices, Inc.
More informationProgress in Reducing Size and Cost of Trace Gas Analyzers Based on Tunable Diode Laser Absorption Spectroscopy
VG04-253 Progress in Reducing Size and Cost of Trace Gas Analyzers Based on Tunable Diode Laser Absorption Spectroscopy M.B. Frish, R.T. Wainner, B.D. Green, J. Stafford-Evans, M.C. Laderer, and M.G. Allen
More informationOptimization-based design of multisine signals for plant-friendly identification of highly interactive systems
Optimization-based design of multisine signals for plant-friendly identification of highly interactive systems Hans D. Mittelmann*, Gautam Pendse Department of Mathematics and Statistics College of Liberal
More informationA Hardware-based Countermeasure to Reduce Side-Channel Leakage
1 A Hardware-based Countermeasure to Reduce Side-Channel Leakage Design, Implementation, and Evaluation Andreas Gornik, Amir Moradi, Jürgen Oehm, Christof Paar, Fellow, IEEE Analogue Integrated Circuits
More informationAutomated Analysis and Synthesis of Block-Cipher Modes of Operation
Automated Analysis and Synthesis of Block-Cipher Modes of Operation Alex J. Malozemoff 1 Jonathan Katz 1 Matthew D. Green 2 1 University of Maryland 2 Johns Hopkins University Presented at the Fall Protocol
More informationPerformance evaluation methodology
August, Performance evaluation methodology F. Jensen CERN, Geneva, Switzerland Abstract A methodology for analysing the analogue performance of the optical link for the CMS tracker is described. The method
More informationYb-doped Mode-locked fiber laser based on NLPR Yan YOU
Yb-doped Mode-locked fiber laser based on NLPR 20120124 Yan YOU Mode locking method-nlpr Nonlinear polarization rotation(nlpr) : A power-dependent polarization change is converted into a power-dependent
More informationA Practical Approach to Bitrate Control in Wireless Mesh Networks using Wireless Network Utility Maximization
A Practical Approach to Bitrate Control in Wireless Mesh Networks using Wireless Network Utility Maximization EE359 Course Project Mayank Jain Department of Electrical Engineering Stanford University Introduction
More informationInformation Leakage from Cryptographic Hardware via Common-Mode Current
Information Leakage from Cryptographic Hardware via Common-Mode Current Yu-ichi Hayashi #1, Takeshi Sugawara #1, Yoshiki Kayano #2, Naofumi Homma #1 Takaaki Mizuki #1, Akashi Satoh #3, Takafumi Aoki #1,
More informationChapter 3 Novel Digital-to-Analog Converter with Gamma Correction for On-Panel Data Driver
Chapter 3 Novel Digital-to-Analog Converter with Gamma Correction for On-Panel Data Driver 3.1 INTRODUCTION As last chapter description, we know that there is a nonlinearity relationship between luminance
More informationPerformance Limitations of WDM Optical Transmission System Due to Cross-Phase Modulation in Presence of Chromatic Dispersion
Performance Limitations of WDM Optical Transmission System Due to Cross-Phase Modulation in Presence of Chromatic Dispersion M. A. Khayer Azad and M. S. Islam Institute of Information and Communication
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic
More informationSide Channel Analysis Attacks on Stream Ciphers
Side Channel Analysis Attacks on Stream Ciphers Daehyun Strobel 23.03.2009 Masterarbeit Ruhr-Universität Bochum Lehrstuhl Embedded Security Prof. Dr.-Ing. Christof Paar Betreuer: Dipl.-Ing. Markus Kasper
More information