View
216
Download
0
Category
Preview:
Citation preview
Marc Witteman
Riscure
Defeating RSA Multiply-Always and Message Blinding
Countermeasures
Session ID: CRYP-201
Session Classification: Advanced
3
Introduction• About the authors
• Side Channel Analysis
• RSA background
• Countermeasures
• Attack concepts
About The Authors
Marc F. Witteman
CTO, Riscure
Jasper G. J. van Woudenberg
Senior Security Analyst, Riscure
Federico Menarini
Security Analyst, Riscure
4
Side Channel Analysis
Analyze secret leakage from crypto implementations
Example power trace of DES on smart card
Leaks hamming weight of processed data
5
RSA background
Exponentiation is sequence of square and multiply operations
Naïve implementations do for each key bit
Always square
Conditional multiplication (if key bit equals ‘1’)
Distinction of square and multiply operations may reveal key (SPA)
1 000 11 0 0
8
Countermeasures
noise
multiply-alwaysdiscard multiplication results after processing a zero bit
message blindingmultiply message with random number, and multiply signature with a matching inverse that removes the mask
exponent blindingadd random multiples of φ to the exponent
9
Some common countermeasures
against side channel analysis of RSA
Attack concepts
Cross correlation is an attack class Comparable to high-order DPA
No clear text/cipher text needed
Attack demonstrated on RSA smart card implementation with several countermeasures
Procedure with two innovative steps Preprocess modular operations
Cross correlation analysis
10
Compressing modular operations
Modular operation execution typically increases power consumption due to switching of many bits in parallel
Old smart cards have easily recognizable modular operations
Compression involves selection of threshold, and averaging all sequential samples above a threshold
Low pass filtering may be needed if signals are noisy
12
Revealing hidden modular operations
New smart cards hide or scramble power signal (may need EMA)
Modular operations may be recognized by alignment and averaging
Pattern recognition works only for first operations (clock jitter)
13
• One averaged pattern is used to identify and locate modular
operations in the noisy traces
• Correlate the pattern with the trace, and the peaks indicate
the starting points of the modular operations
Position finding of shifted modular operations
14
15
Cross Correlation• Operand sharing
• Principle
• Matrix
• Effect of multiply-always
• Neighboring samples
Operand sharing
RSA uses two similar operations(intermediate signature S, message M, modulus N) Square: S’ := S * S mod N
Multiply: S’ := S * M mod N
Subsequent square operations usually do not share operands
Multiply operations do share an operand (M)
Operand sharing may be observed if order of square and multiply operations identical for repetitive encryptions
16
Cross correlation principle
Consider a set of k traces with n samples as a matrix
Compute correlation between each pair of sample vectors
17
Cross correlation matrix
Correlation matrix represented in colored dots, where a lighter color corresponds to a higher correlation
Multiply operations light up like a Christmas tree
Can recognize naïve binary exponentiationkey: 111101011000101
18
Cross correlation with multiply always
High frequency of correlating pairs reveals multiply always variant
Incidental correlation of square operation with predecessor reveals discarded multiply:S’ = S * MS’’ = S * S
Can recognize key: 11110101100
19
Cross correlating neighboring samples
Compute and display correlation only between adjacent vectors
1 1 11
0 0 00
High and low correlation values correspond to key bits set to zero and one
Complete key can be retrieved in short time
20
Apply
This attack can be applied to any RSA implementation under the following conditions Power consumption or EM radiation can be measured
(with minimal S/N) Several thousand crypto operations (signatures) can be executed Implementation uses a fixed sequence of modular operations
No data requirements No chosen messages needed No known messages or signatures needed
Attack applies to RSA-Straight and RSA-CRT Naïve and Montgomery multiplication Any hashing or padding scheme
Attack yields private exponent
22
Countermeasures
Countermeasures that do NOT work Message blinding
Multiply always, Montgomery ladder, or BRIP
Countermeasures that are NOT enough Noise
Signal reduction
Random delays / variable clocks
Countermeasures that work Exponent blinding
Random bit group size
Any randomization method that makes the order of square and multiply operations unpredictable
23
Future research
Cross correlation attack applies well to RSA,
but the method is not restricted to RSA
We study application of the concepts to
ECC
Symmetric algorithms
24
Attack summary
New side channel attack class developed and demonstrated
Applies to many different RSA implementations
Defeats several countermeasures
Effective countermeasures are possible
25
Q&A
Need help?
contact
Marc Witteman
CTO
witteman@riscure.com
Riscure Inc.
901 Mariners Island Blvd
Suite 595
San Mateo, CA 94404
USA
Phone: +1 650 425 7327
www.riscure.com
26
Complete article can be downloaded from: http://www.riscure.com/tech-corner/publications.html
Recommended