Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

Similar documents
Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald

Threshold Implementations. Svetla Nikova

Glitch-Free Implementation of Masking in Modern FPGAs

icwaves Inspector Data Sheet

Side-Channel Leakage through Static Power

SIDE-CHANNEL attacks exploit the leaked physical information

Inspector Data Sheet. EM-FI Transient Probe. High speed pulsed EM fault injection probe for localized glitches. Riscure EM-FI Transient Probe 1/8

Current Probe. Inspector Data Sheet. Low-noise, high quality measurement signal for side channel acquisition on embedded devices.

From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security

Variety of scalable shuffling countermeasures against side channel attacks

Power Analysis Attacks on SASEBO January 6, 2010

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter

Glitch Amplifier. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

DPA Leakage Models for CMOS Logic Circuits

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe

DES Data Encryption standard

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

A Hardware-based Countermeasure to Reduce Side-Channel Leakage

ADVANCES IN SIDE-CHANNEL SECURITY

Is Your Mobile Device Radiating Keys?

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Power Analysis Based Side Channel Attack

paioli Power Analysis Immunity by Offsetting Leakage Intensity Sylvain Guilley perso.enst.fr/ guilley Telecom ParisTech

Recommendations for Secure IC s and ASIC s

Electromagnetic-based Side Channel Attacks

Test Apparatus for Side-Channel Resistance Compliance Testing

Chapter 4 The Data Encryption Standard

Correlation Power Analysis of Lightweight Block Ciphers

Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks

Generic Attacks on Feistel Schemes

Differential Cryptanalysis of REDOC III

Finding the key in the haystack

A Novel Encryption System using Layered Cellular Automata

Pseudorandom Number Generation and Stream Ciphers

Analysis of S-box in Image Encryption Using Root Mean Square Error Method

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

II. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it

Current Probe. Quick Start Guide. What is in the box What does it do How to build a setup Help and troubleshooting...

An on-chip glitchy-clock generator and its application to safe-error attack

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD

An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery

Chapter 4 MASK Encryption: Results with Image Analysis

Local and Direct EM Injection of Power into CMOS Integrated Circuits.

M.E(I.T) Student, I.T Department, L.D College Of Engineering, Ahmedabad, Gujarat, India

4. Design Principles of Block Ciphers and Differential Attacks

Transient-Steady Effect Attack on Block Ciphers

A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME

Image Encryption Based on the Modified Triple- DES Cryptosystem

Mohit Arora. The Art of Hardware Architecture. Design Methods and Techniques. for Digital Circuits. Springer

Random Bit Generation and Stream Ciphers

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Differential Power Analysis Attack on FPGA Implementation of AES

Low Randomness Masking and Shulfifgn:

אני יודע מה עשית בפענוח האחרון: התקפות ערוצי צד על מחשבים אישיים

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC.

When Electromagnetic Side Channels Meet Radio Transceivers

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

On Permutation Operations in Cipher Design

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

Methodologies for power analysis attacks on hardware implementations of AES

Mixed Synchronous/Asynchronous State Memory for Low Power FSM Design

Investigations of Power Analysis Attacks on Smartcards

DeepStack: Expert-Level AI in Heads-Up No-Limit Poker. Surya Prakash Chembrolu

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

DIFFERENTIAL power analysis (DPA) attacks can obtain

Introduction to Cryptography CS 355

Network Security: Secret Key Cryptography

Five-Card Secure Computations Using Unequal Division Shuffle

Eliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA

Constant Power Reconfigurable Computing

Towards Optimal Pre-processing in Leakage Detection

DUBLIN CITY UNIVERSITY

Information Security Theory vs. Reality

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption

Provably weak instances of Ring-LWE revisited

Differential Power Analysis Attack on the Secure Bit Permutation in the McEliece Cryptosystem

Hardware Bit-Mixers. Laszlo Hars January, 2016

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

This chapter describes the objective of research work which is covered in the first

Some Cryptanalysis of the Block Cipher BCMPQ

אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים

Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables

JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks

Generic Attacks on Feistel Schemes

Robust Key Establishment in Sensor Networks

Lossy Compression of Permutations

Enhance Image using Dynamic Histogram and Data Hiding Technique

Evaluation of the Masked Logic Style MDPL on a Prototype Chip

OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS

A New Image Steganography Depending On Reference & LSB

Random. Bart Massey Portland State University Open Source Bridge Conf. June 2014

Transcription:

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala

Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are different Correct key is identifiable 2

Masking countermeasure Each intermediate variable is divided into two shares x r x r Computing on linear functions is easy f (x r) = f x f(r) Non-linear functions (e.g. S-boxes)? 3

S-box LUT S(0) S(x) S-boxes are often implemented using LUT Challenge: How to apply masking on LUT? S(FF) 4

S-box LUT S(0) S(x) Input x is only available as x 1 = x r Output S(x) can only be revealed as S(x) s S(FF) 5

Randomized LUT S(0) S(x) S(0) s Table T S(FF) T u = T u r = S(u) s S(x) s 6

Rivain-Prouff solution a = r? Yes R 1 = S(x) s 7

Rivain-Prouff solution No a = r? Yes R R 0 = dummy 1 = S(x) s 8

What are we trying to solve? We have two solutions at two ends of spectrum Penalty factor vs Memory Unexplored space How about a generic solution? 9

Compression of LUT S(0) S(x) S 0 x S 1 x 4 bits 4 bits S(FF) T x 4 bits 10

Compression of LUT S(0) S(x) S 0 r 1 S 1 r 2 s Table T S(FF) T u = S 0 u r 1 S 1 u r 2 s S 0 x r 1 S 1 x r 2 s 256 * 4bits = 128 bytes 11

Compression scheme variant S(0) S(1) S 0 x = S(x 0, S 1 x = S(x 1 S(2) S(FF) T x 12

Randomized Compression scheme variant S(0) S(1) S(2) S 0 r 1 S 1 r 2 s 128* 8bits = 128 bytes Table T 1 S(FF) T 1 u = S 0 u r 1 S 1 u r 2 s 13

Getting masked S-box output x = x 1 x 2 7 bits 1 bit Table T 1 S 0 x 1 S 1 x 1 s s S(x) s S(x 1) s Table T 2 S(x) s 14

Generic compression x = x 1 n-l bits x 2 l bits Table T 1 S i x 1 s S(x i) s S(x) s Table T 2 15

Generic Compression 16

Time-Memory Trade-Offs Apply Rivain-Prouff method for Table T 2 ; T 1 stays the same The memory required will be further reduced as we don't need RAM for T 2 l T 1 T 2 1 128 2 2 64 4 3 32 8 4 16 16 5 8 32 6 4 64 7 2 128 17

Implementation Results 18

More in the paper. Second-order compression & Time-memory trade-off Security arguments (software) 19

Conclusions Generic compression schemes for first- and second-order Time-memory trade-offs Reasonably efficient implementations with just under 40 bytes of RAM Future work Apply to higher-order? Apply to AES T-table based implementations? 20

Contact: Praveen Vadnala vadnala@riscure.com Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 Riscure North America 550 Kearny St. Suite 330 San Francisco, CA 94108 +1 (650) 646 9979 www.riscure.com inforequest@riscure.com

HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE PASCAL SASDRICH, AMIR MORADI, TIM GÜNEYSU RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA INTRODUCTION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 25 INTRODUCTION SIDE-CHANNEL ANALYSIS (SCA) ATTACKER MODEL input output E K (input) timing, power, EM emanations, leakag e outpu t COUNTERMEASURES masking hiding re-keying RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 26 INTRODUCTION MOTIVATION BASICS: Side-Channel Analysis (SCA): attacks exploit information leakage of cryptographic devices Side-Channel Protection: countermeasures based on masking, hiding or re-keying (using random behavior) PROBLEM: Common countermeasures only protect against first-order attacks, but still are vulnerable to higher-order attacks (using higher-order statistical moments). DIFFERENT APPROACHES TO ENCOUNTER THIS PROBLEM: Dedicated Higher-Order Countermeasures (e.g., HO-TI [1]) might be restricted to univariate settings area overhead and randomness requirement might be problematic finding representations might be challenging Stay with 1 st -order secure countermeasure and make higher-order attacks harder reduce the signal (e.g., power equalization schemes, logic styles) [2] increase the noise (e.g., shuffling) [3] OUR CONTRIBUTION: General methodology (dynamic hardware modifications) to increase noise. [1] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, Higher-Order Threshold Implementations. ASIACRYPT 2014 [2] A. Moradi, A. Wild, Assessment of Hiding the Higher-Order Leakages in Hardware What are the Achievements versus Overheads?. CHES 2015 [3] P. Sasdrich, A. Moradi, T. Güneysu, Affine Equivalence and its Application to Tightening Threshold Implementations. SAC 2015 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 27 CONCEPT RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 28 CONCEPT DYNAMIC HARDWARE MODIFICATION OBSERVATIONS: 1. Cryptographic implementations can be represented as sequence of atomic functions applied sequentially. 2. Cryptographic implementations can be modeled by different but equivalent directed graphs. ALGORITHM: APPROACH: build a side-channel protected implementation using classical countermeasures (masking) find directed graph representing the side-channel protected implementation morph graph into different but equivalent representation using random encodings update (randomize) protected implementation according to new representation RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 29 CASE STUDY RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 30 CASE STUDY THRESHOLD IMPLEMENTATION THRESHOLD IMPLEMENTATION: efficient countermeasure in hardware against (first-order) Side-Channel Analysis introduced in 2006 by Nikova et al. [1] provides provable security even in a glitching circuit CONCEPT AND PROPERTIES: uniform masking non-completeness correctness uniform sharing of function outputs (each set of output pairs occurs with same probability) NOTE: The number of input and output shares depends on the function S. [4] S. Nikova, C. Rechberger, V. Rijmen, Threshold Implementations Against Side-Channel Attacks and Glitches, ICICS, 2006 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 31 CASE STUDY CONCEPT THRESHOLD IMPLEMENTATION OF PRESENT CIPHER: S-box decomposition into two quadratic functions g and f [5] minimal number of shares (m = n = 3) register stages to separate functions linear permutation applied individually RANDOM ENCODING: TI as network of look-up tables each table updates 4 bit of internal state use White-Box Cryptography [6] concepts: apply random non-linear 4-bit encoding to every table output apply inverse encoding to every adjacent table input (preserves correctness) DYNAMIC UPDATE: find new random non-linear encodings using element swapping algorithm update look-up tables using BRAM scrambling [5] A. Poschmann, A. Moradi, K. Khoo, C. Lim, H. Wang, S. Ling, Side-Channel Resistant Crypto for Less than 2300 GE. Journal of Cryptology, 2011 [6] S. Chow, P. A. Eisen, H. Johnson, P. C. van Oorschot, White-Box Cryptography and an AES Implementation. SAC, 2002 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 32 CASE STUDY IMPLEMENTATION (QUARTER ROUND) PRACTICAL FPGA IMPLEMENTATION: round-based architecture using look-up tables for TI S-box and permutation layer 4 quarter rounds in parallel, each using 48 BRAMs permutation layer implemented as table-lookup each BRAM can hold up to 32 different tables store look-up tables for every round (31 rounds) update tables using BRAM scrambling and remaining (empty) table entry track context of active table positions RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 33 CASE STUDY IMPLEMENTATION RESULTS PRACTICAL IMPLEMENTATION: post-place-and-route implementation on a Kintex-7 of SAKURA-X board basic architecture mainly implemented in Block RAM general purpose logic only required in order to perform dynamic hardware modification RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 34 SIDE-CHANNEL EVALUATION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 35 SIDE-CHANNEL EVALUATION SETUP MEASUREMENT SETUP SAKURA-X Side-Channel Evaluation Board designs running @ 24 MHz power measurements using a digital oscilloscope @ 500 MS/s EVALUATION SETUP high-performance measurement and evaluation setup two different measurement profiles leakage assessment methodology: non-specific t-test (for 1 st, 2 nd, 3 rd order) PROFILE 1: reference measurement PRNG off (countermeasure disabled) 1 000 000 power traces random vs. fix plaintexts PROFILE 2: actual measurement PRNG on (countermeasure enabled) 100 000 000 power traces random vs. fix plaintexts RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 36 SIDE-CHANNEL EVALUATION NON-SPECIFIC T-TEST EVALUATION BASED ON WELCH S t-test VISUALIZATION measure (many) power traces with digital oscilloscope group traces depending on fix or randomly chosen plaintext (non-specific t-test) compute sample mean for each point in time compute sample variance for each point in time determine t-statistic for each point in time, according to: G 0 G 1 t = μ T ε G 1 μ(t ε G 0 ) δ 2 (T ε G 1 ) G 1 + δ2 (T ε G 0 ) G 0 4.5 where μ denotes the sample mean and δ denotes the sample variance. - 4.5 Fail/Pass Criteria: If there is any point in time for which the t- statistic exceeds a threshold of ±4.5 the device under test fails. More info: Leakage Assessment Methodology - a clear roadmap for side-channel evaluations, CHES 2015, eprint: 2015/207 RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 37 SIDE-CHANNEL EVALUATION PROFILE 1 (PRNG OFF) NON-SPECIFIC T-TEST (1 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 38 SIDE-CHANNEL EVALUATION PROFILE 2 (PRNG ON) NON-SPECIFIC T-TEST (100 MILLION TRACES) EVOLUTION OF ABSOLUTE T-TEST MAXIMUM first-order t-test first-order evolution second-order t-test second-order evolution third-order t-test RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY third-order evolution PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 39 CONCLUSION RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA 40 CONCLUSION CONCEPT: success of higher-order attacks depends on noise-level combining hiding countermeasures (noise addition) with classical approaches (e.g. first-order secure TI) dynamic hardware modifications (inspired by white-box cryptography) as generic hiding approach RESULTS: proposing a generic approach and methodology called dynamic hardware modifications case study: FPGA implementation combining dynamic hardware modifications with PRESENT TI providing power measurements and leakage assessment (using non-specific t-test) case study implementation is (practically) secure against higher-order attacks (2 nd and 3 rd order) Dynamic hardware modifications are an alternative approach achieve higher-order protection providing generality and scalability. RUHR-UNIVERSITÄT BOCHUM CHAIR FOR EMBEDDED SECURITY PASCAL SASDRICH

HIDING HIGHER-ORDER SIDE-CHANNEL LEAKAGE RANDOMIZING CRYPTOGRAPHIC IMPLEMENTATIONS IN RECONFIGURABLE HARDWARE pascal.sasdrich@rub.de RSA CONFERENCE CRYPTOGRAPHERS TRACK, SAN FRANCISCO, USA FEBRUARY 15, 2017 Thank you for your attention! Any questions?

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback