Power Attacks

7/24/2019 Power Attacks

http://slidepdf.com/reader/full/power-attacks 1/26

SPA and DPA attacksSPA and DPA attacks

Pascal Paillier

Gemplus ARSC/STD/CRY



OutlineOutline

Side Channel CryptanalysisSide Channel Cryptanalysis

SPA – Simple Power AnalysisSPA – Simple Power Analysis

DPA – Dierential Power AnalysisDPA – Dierential Power Analysis

– Ac!uisition procedure Ac!uisition procedure – Selection " predictionSelection " prediction

– Dierential operator and cur#esDierential operator and cur#es

– Re#erse en$ineerin$ usin$ the DPA indicator Re#erse en$ineerin$ usin$ the DPA indicator

Attackin$ a Secret %ey al$orithm with DPA Attackin$ a Secret %ey al$orithm with DPA

– Typical tar$etTypical tar$et

– &ypothesis testin$ '$uesses mana$ement(&ypothesis testin$ '$uesses mana$ement(



)hich are Side Channel Attacks)hich are Side Channel Attacks

*+ Dierential ,ault Analysis 'D,A(*+ Dierential ,ault Analysis 'D,A(

– -iham.Shamir '*0(-iham.Shamir '*0(

1+ Timin$ Attacks1+ Timin$ Attacks

– %ocher '*2(%ocher '*2(

3+3+ Simple Power AnalysisSim

ple Power Analysis 'SPA('SPA(

– %ocher4 5ae4 5un '*6(%ocher4 5ae4 5un '*6(

7+7+ Dierential Power AnalysisDierential Power Ana

lysis 'DPA('DPA(

– %ocher4 5ae4 5un '*6(%ocher4 5ae4 5un '*6(



Side ChannelsSide Channels

%ocher et al+4 5une *68 9easure instantaneous%ocher et al+4 5une *68 9easure instantaneouspower consumption o a de#ice while it runs apower consumption o a de#ice while it runs acrypto$raphic al$orithmcrypto$raphic al$orithm

Dierent power consumption when operatin$ onDierent power consumption when operatin$ on

lo$ical ones #s+ lo$ical :eroes+lo$ical ones #s+ lo$ical :eroes+



Systems under ThreatSystems under Threat

;mplementations o Crypto$raphic Al$orithms;m

plementations o Crypto$raphic Al$orithms

On smart cardsOn smart cards

On $eneral/speciic purpose hardwareOn $eneral/speciic purpose hardware

On sotwareOn sotware



Power AttacksPower Attacks

Published on the web by Paul KOCHER (1998)Published on the web by Paul KOCHER (1998)

– -i$ noise in the crypto$raphic community-i$ noise in the crypto$raphic community

– -i$ ear in the smart card industry <-i$ ear in the smart card industry <

Power Attacks are ower!ul and "enericPower Attacks are ower!ul and "eneric

– Statistical " si$nal processin$Statistical " si$nal processin$

– %nown random messa$es%nown random messa$es

– Tar$ettin$ a known al$orithmTar$ettin$ a known al$orithm

– Runnin$ on a sin$le smart cardRunnin$ on a sin$le smart card

Attack er!or#ed in $ stesAttack er!or#ed in $ stes

– Ac!uisition phase 8 on.line with the smart card Ac!uisition phase 8 on.line with the smart card

– Analysis phase 8 o.line on a PC 'hypothesis testin$( Analysis phase 8 o.line on a PC 'hypothesis testin$(



)hat is a Power Analysis Attack =)hat is a Power Analysis Attack =

Side.channel attacksSide.channel attacks

e>ploit correlatione>ploit correlation

?etween secret?etween secret

parameters andparameters and#ariations in timin$4#ariations in timin$4

power consumption4power consumption4

and other emanationsand other emanations

rom crypto$raphicrom crypto$raphic

de#ices to re#eal secretde#ices to re#eal secret

keyskeys

CryptographicDevice

R

Currentor

PowerMeasurement

Power Supply

Attacker’s Point



;normation @eaka$e;normation @eaka$e



Ac!uisition procedure Ac!uisition procedure

Al"orith# Output

'si$n/cipher Si(

;nput data'messa$es 9i(

Power

Consumption

Cur#es Ci

'or other side channel

leaka$e like 9 radiation(

Play the al"orith# % ti#es(1&& ' % ' 1&&&&&)




(ain PC

runs Ac!uisition

sotware

)er*er

stores iles

and runs Treatment

sotware

Cardreader

Card e+tentionGCR

Oscilloscoefile transfer

command emission

Arm scope

retrieve file

Current waveform

acquisition

Scope trigger

on IO

Protection bo+

R

onitorin" e,ui#ent !or iterated

ac,uisitions



PO)R 9ASBR9T STBPPO)R 9ASBR9T STBP

• Oscilloscope

• Carefully choose resistors-

capacitors

• Reduce noise

• Collect power traces

FREQUENCY AND U!!"Y #O"$A%E&FREQUENCY AND U!!"Y #O"$A%E&

UNDER $'E CON$RO" OF $'E A$$AC(ER UNDER $'E CON$RO" OF $'E A$$AC(ER

-




Ater data collection4 what is a#aila?le = Ater data collection4 what is a#aila?le = – plain and/or cipher random te>ts plain and/or cipher random te>ts

&&&& -.88EE/0--.E&E-.88EE/0--.E&E

&1&1 18/2&3200/&94.418/2&3200/&94.4

&$&$ C&1A&9$2C881E. 5C&1A&9$2C881E. 5

– correspondin$ power consumption wa#eorms correspondin$ power consumption wa#eorms



)hat an Attacker %nows)hat an Attacker %nows

Precise power measurementsPrecise power measurements

)hich al$orithm is computed)hich al$orithm is computed

Cipherte>ts and plainte>tsCipherte>ts and plainte>ts

Any additional inormation Any additional inormation



Simple Power AnalysisSimple Power Analysis

'+$+4 %ocher *6( Attacker directly uses'+$+4 %ocher *6( Attacker directly uses

power consumption to learn ?its o secretpower consumption to learn ?its o secret

key+ )a#e orms #isually e>amined+key+ )a#e orms #isually e>amined+-i$ eatures like rounds o DS4 s!uare-i$ eatures like rounds o DS4 s!uare

#s+ multiply in RSA e>ponentiation4 and#s+ multiply in RSA e>ponentiation4 and

small eatures4 like ?it #alue+small eatures4 like ?it #alue+Relati#ely easy to deend a$ainst+Relati#ely easy to deend a$ainst+



Simple Power AnalysisSimple Power AnalysisSimple attack4 needs a ew secondsSimple attack4 needs a ew seconds

Direct o?ser#ation o a systems power consumptionDirect o?ser#ation o a systems power consumption

Can $ain #ery useul inormationCan $ain #ery useul inormation



&ow SPA )orks&ow SPA )orks

0 1 0 1 1

(ey ) *+*+**

Dou,le-and-Add Alorith.&

Power Trace =

/ith 0Du..y1 Operations&

Power Trace =0 1 0 1 1



PA result E+a#lePA result E+a#le

;nterpret power consumption measurement

)hat is learned8 de#iceEs operation4 key material

-ase8 power consumption #ariance o µP instructions

DS operation ?y smart card



Selection " predictionSelection " prediction

Assume the data are processed ?y a known deterministic Assume the data are processed ?y a known deterministic

unctionunction f f 'transer4 permutation+++('transer4 permutation+++(

%nowin$ the data4 one can recompute o line its ima$e throu$h%nowin$ the data4 one can recompute o line its ima$e throu$h f f

Si = f F9if 9i

owow selectselect a sin$le ?it amon$ S ?its 'in S ?uer(a sin$le ?it amon$ S ?its 'in S ?uer(

One canOne can predictpredict the true story o its #ariationsthe true story o its #ariations

ii essa"eessa"e bitbit

&& -.88EE/0--.E&E-.88EE/0--.E&E 11

11 18/2&3200/&94.418/2&3200/&94.4 &&

$$ C&1A&9$2C881E.C&1A&9$2C881E. 11 55 for i = 0,N-1for i = 0,N-1



DPA operator " cur#eDPA operator " cur#ePartition the data and related cur#es into twoPartition the data and related cur#es into two

packs accordin$ to selected ?itpacks accordin$ to selected ?it

f 9i

bit (S i ) = 0

bit (S i ) = 1

HH and assi$nand assi$n .* to pack I.* to pack I andand J* to pack *J* to pack *

&& -.88EE/0--.E&E-.88EE/0--.E&E 11 6161

11 18/2&3200/&94.418/2&3200/&94.4 && 7171

$$ C&1A&9$2C881E.C&1A&9$2C881E. 11 6161 55 for i = 0, N-1for i = 0, N-1

Sum the si$ned consumption cur#es and normaliseSum the si$ned consumption cur#es and normalise

KLM Dierence o a#era$esKLM Dierence o a#era$es

(N (N 00 N N !! = N"= N"+

+

*

*

N

C

N

C DPA

∑∑−=



DPA operator " cur#eDPA operator " cur#e

DPA cur#e constructionDPA cur#e construction

election bit

C&1A&18/2&32

*

-.88EE...

9

I

9

9*

)I1

A#era$e

&

-

DPA

cur#e



2PA Result E+a#le2PA Result E+a#le

A#era$e Power

Consumption

Power Consumption

Dierential Cur#e)ith Correct %ey Guess

Power Consumption

Dierential Cur#e

)ith ;ncorrect %ey Guess

Power ConsumptionDierential Cur#e

)ith ;ncorrect %ey Guess



DPA operator " cur#eDPA operator " cur#eSpikes e>planation 8 &ammin$ )ei$ht o the ?itEs ?yteSpikes e>planation 8 &ammin$ )ei$ht o the ?itEs ?yte

Average = E [HW 0 ] = 0 + 3.5 Average = E [HW 1 ] = 1 + 3.5

= E [HW 1 ] - E [HW 0 ] = 1

1 0 0 1 1 0 1

0 1 1 0 1 0 0

1 0 1 1 1 1 1

...

Contrast 'peak hei$ht( proportional to Contrast 'peak hei$ht( proportional to */1*/1 'e#aluation'e#aluation

criterion(criterion(

; prediction was wron$ 8 selection ?it would ?e random; prediction was wron$ 8 selection ?it would ?e random ##

$%&0' = # $%&!' = $%&0' = # $%&!' = =)=) ∆∆ = 0 = 0

0 1 0 0 1 0 1 1

0 1 1 0 1 0 1 0

1 1 0 0 1 0 0 0

...

Seletio! bit

&

1

$



Re#erse en$ineerin$ usin$ DPARe#erse en$ineerin$ usin$ DPABse DPA to locate whenBse DPA to locate when predicti?lepredicti?le thin$s occur thin$s occur

>ample 8 locate an al$o trace ?y tar$ettin$ its output>ample 8 locate an al$o trace ?y tar$ettin$ its output'cipherte>t transer to RA94 cipherte>t is $i#en('cipherte>t transer to RA94 cipherte>t is $i#en(

2PA cur*es

Consu#tion

cur*e



COC@BS;OSCOC@BS;OS

DPA #s+ SPADPA #s+ SPA

N @ow amount o

e>periments

N ,aster to launch

N ot many implementation

details

N oise is not so important

N Attacks e#en small eatures



R,RCSR,RCS

1.1. Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential PowerPaul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power

Analsis!, Ad"ances in #r$tolo% & #'(PT) *++, -# 1///, Au%. 1+++,Analsis!, Ad"ances in #r$tolo% & #'(PT) *++, -# 1///, Au%. 1+++,

$$. 2+3$$. 2+3

4.4. Kouichi 5toh, 6asahi7o Ta7ena7a, and -aoa Torii, “DPAKouichi 5toh, 6asahi7o Ta7ena7a, and -aoa Torii, “DPA

#ountermeasure Based on the 6as7in% 6ethod!, 5#5# 4001, -# 44,#ountermeasure Based on the 6as7in% 6ethod!, 5#5# 4001, -# 44,

4004, $$. 880289/4004, $$. 880289/

.. ouis :ou;in, Jac<ues Patarin, “D and Differential Power Analsis!,ouis :ou;in, Jac<ues Patarin, “D and Differential Power Analsis!,

Proceedin%s of >or7sho$ on #r$to%ra$hic ?ardware and m;eddedProceedin%s of >or7sho$ on #r$to%ra$hic ?ardware and m;eddedstems, Au%. 1+++, $$. 192134stems, Au%. 1+++, $$. 192134

8.8. Jean2e;astien #oron, ouis :ou;in, “)n Boolean and ArithmeticJean2e;astien #oron, ouis :ou;in, “)n Boolean and Arithmetic

6as7in% a%ainst Differential Power Analsis!, #? 4000, -# 1+/9,6as7in% a%ainst Differential Power Analsis!, #? 4000, -# 1+/9,

4000, $$. 412434000, $$. 41243

9.9. 6ehdi2aurent A77ar, #hristo$he :iraud, “An 5m$lementation of D6ehdi2aurent A77ar, #hristo$he :iraud, “An 5m$lementation of D

and A, ecure a%ainst ome Attac7s!, #? 4001, -# 41/4, 4001,and A, ecure a%ainst ome Attac7s!, #? 4001, -# 41/4, 4001,

$$. 0+21$$. 0+21

/./. D. 6a, ?.. 6uller, and -.P. mart, “'andom 'e%ister 'enamin% to @oilD. 6a, ?.. 6uller, and -.P. mart, “'andom 'e%ister 'enamin% to @oil

DPA!, #? 4001, -# 41/4, 4001, $$. 42DPA!, #? 4001, -# 41/4, 4001, $$. 42



RE4ERE%CERE4ERE%CE23 3 Al.anei4 0!rotectin .art Cards fro. !ower Analysis Attac5s14

http&66isla,3oreonstate3edu65oc6ece728cahd6s9++96al.anei3pdf 4 :ay3 9++9

;3 Adi ha.ir4 0!rotectin .art Cards fro. !assi<e !ower Analysis with

Detached !ower upplies14 C'E 9+++4 "NC *87=4 9+++4 pp3 2*-22

83 !3 Y3 "iardet4 N3 !3 .art4 0!re<entin !A6D!A in ECC yste.s Usin the

>aco,i For.14 C'E 9++*4 "NC 9*794 9++*4 pp3 ?8*-@+*

*I+ 5ean.Se?astien Coron+ Resistance A$ainst Dierential Power Analysisor lliptic Cur#e Cryptosystems FPu?lished in C +%+ %oc and C+

Paar4 ds+4 Crypto$raphic &ardware andm?edded Systems4 #ol+

*0*0 o @ecture otes in Computer Science4 pp+ 113I14 Sprin$er.

Qerla$4 *+

**+ 9arc 5oye and Christophe Tymen+ Protections a$ainst dierential

analysis or elliptic cur#e crypto$raphy8 An al$e?raic approach+ ;nC +%+ %oc4 D+ accache4 and C+ Paar4 editors4 Cr*ptograp+ic

%ardware and #m,edded S*stems - C%#S .00!4 #olume 1*21 o

/ecture Notes in Computer Science4 pa$es 300–3I+ Sprin$er.Qerla$4

1II*+

http://islab.oregonstate.edu/koc/ece679cahd/s2002/almanei.pdf



Documents

Power Attacks