Upload
bethanie-jones
View
222
Download
0
Embed Size (px)
DESCRIPTION
Simple power analysis (SPA) - example
Citation preview
Lecture7 –More on Attacks
Rice ELEC 528/ COMP 538 Farinaz Koushanfar
Spring 2009
Outline
• More on side-channel attacks• Fault injection attacks• Generic attacks on cryptosystems
Slides are mostly courtesy of Michael [email protected]
Simple power analysis (SPA) - example
SPA example (cont’d)
SPA example (cont’d)• Unprotected modular exponentiation – square
and multiply algorithm
Possible counter measure – randomizing RSA exponentiation
Statistical power analysis
• Two categories– Differential power analysis (DPA)– Correlation power analysis (CPA)
• Based on the relationship b/w power consumption & hamming weight of the data
Modeling the power consumption
• Hamming weight model– Typically measured on a bus, Y=aH(X)+b– Y: power consumption; X: data value; H:
Hamming weight• The Hamming distance model
– Y=aH(PX)+b– Accounting for the previous value on the bus
(P)
Differential power analysis (DPA)
• DPA can be performed in any algo that has operation =S(K), is known and K is the segment key
The waveforms are caotured by a scope and Sent to a computer for analysis
What is available after acquisition?
DPA (cont’d)
The bit will classify the wave wi– Hypothesis 1: bit is zero– Hypothesis 2: bit is one– A differential trace will be calculated for each bit!
DPA (cont’d)
DPA (cont’d)
DPA -- testing
DPA -- testing
DPA – the wrong guess
DPA (cont’d)
• The DPA waveform with the highest peak will validate the hypothesis
DPA curve example
DPA (cont’d)
Attacking a secret key algorithm
Typical DPA Target
Example -- DPA
Example – hypothesis testing
DPA (Cont’d)
DPA on DES algorithm
DPA on other algorithms
Correlation power analysis (CPA)
• The equation for generating differential waveforms replaced with correlations
• Rather than attacking one bit, the attacker tries prediction of the Hamming weight of a word (H)
• The correlation is computed by:
Statistical PA -- countermeasures
Anti-DPA countermeasures
Anti-DPA
• Internal clock phase shift
DPA summary
Electromagnetic power analysis
EMA – probe design
EMA signal
Spatial positioning
Spatial positioning
Example: SEMA on RSA
EMA (cont’d)
Counter measures
Fault injection attacks
Fault attacks
Fault injection techniques
• Transient (provisional) and permanent (destructive) faults– Variations to supply voltage– Variations in the external clock– Temperature– White light– Laser light– X-rays and ion beams– Electromagnetic flux
Need some (maybe expensive equipment) – eg, laser
Fault injection steps
Provisional faults
• Single event upsets– Temporary flips in a cell’s logical state to a
complementary state• Multiple event faults
– Several simultaneous SEUs • Dose rate faults
– The individual effects are negligible, but cumulative effect causes fault
• Provisional faults are used more in fault injection
Permanent faults• Single-event burnout faults
– Caused by a parasitic thyristor being formed in the MOS power transistors
• Single-event snap back faults– Caused by self-sustained current by parasitic bipolar transistors
in MOS• Single-event latch-up faults
– Creates a self sustained current in parasitics• Total dose rate faults
– Progressive degradation of the electronic circuit
Fault impacts (model)• Resetting data• Data randomization – could be misleading, no control
over!• Modifying op-code – implementation dependent
Fault attacks – counter measures
Fault attacks – counter measures
Attacks on systems using smart cards
Trusted path
• Normal key validation on a PC
Trusted path• PIN code validation – can you come up with attacks?
Are smart cards good or bad?
Let’s go thru a few common scenarios
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
A few common scenarios…
Example – fault attack on DES
15-th round DPA
15-th round DPA
15-th round DES