lecture7 –more on attacks rice elec 528/ comp 538 farinaz koushanfar spring 2009

Lecture7 –More on Attacks

Rice ELEC 528/ COMP 538 Farinaz Koushanfar

Spring 2009

Outline

• More on side-channel attacks• Fault injection attacks• Generic attacks on cryptosystems

Slides are mostly courtesy of Michael [email protected]

Simple power analysis (SPA) - example

SPA example (cont’d)

SPA example (cont’d)• Unprotected modular exponentiation – square

and multiply algorithm

Possible counter measure – randomizing RSA exponentiation

Statistical power analysis

• Two categories– Differential power analysis (DPA)– Correlation power analysis (CPA)

• Based on the relationship b/w power consumption & hamming weight of the data

Modeling the power consumption

• Hamming weight model– Typically measured on a bus, Y=aH(X)+b– Y: power consumption; X: data value; H:

Hamming weight• The Hamming distance model

– Y=aH(PX)+b– Accounting for the previous value on the bus

(P)

Differential power analysis (DPA)

• DPA can be performed in any algo that has operation =S(K), is known and K is the segment key

The waveforms are caotured by a scope and Sent to a computer for analysis

What is available after acquisition?

DPA (cont’d)

The bit will classify the wave wi– Hypothesis 1: bit is zero– Hypothesis 2: bit is one– A differential trace will be calculated for each bit!

DPA (cont’d)

DPA -- testing

DPA – the wrong guess

DPA (cont’d)

• The DPA waveform with the highest peak will validate the hypothesis

DPA curve example

DPA (cont’d)

Attacking a secret key algorithm

Typical DPA Target

Example -- DPA

Example – hypothesis testing

DPA (Cont’d)

DPA on DES algorithm

DPA on other algorithms

Correlation power analysis (CPA)

• The equation for generating differential waveforms replaced with correlations

• Rather than attacking one bit, the attacker tries prediction of the Hamming weight of a word (H)

• The correlation is computed by:

Statistical PA -- countermeasures

Anti-DPA countermeasures

Anti-DPA

• Internal clock phase shift

DPA summary

Electromagnetic power analysis

EMA – probe design

EMA signal

Spatial positioning

Example: SEMA on RSA

EMA (cont’d)

Counter measures

Fault injection attacks

Fault attacks

Fault injection techniques

• Transient (provisional) and permanent (destructive) faults– Variations to supply voltage– Variations in the external clock– Temperature– White light– Laser light– X-rays and ion beams– Electromagnetic flux

Need some (maybe expensive equipment) – eg, laser

Fault injection steps

Provisional faults

• Single event upsets– Temporary flips in a cell’s logical state to a

complementary state• Multiple event faults

– Several simultaneous SEUs • Dose rate faults

– The individual effects are negligible, but cumulative effect causes fault

• Provisional faults are used more in fault injection

Permanent faults• Single-event burnout faults

– Caused by a parasitic thyristor being formed in the MOS power transistors

• Single-event snap back faults– Caused by self-sustained current by parasitic bipolar transistors

in MOS• Single-event latch-up faults

– Creates a self sustained current in parasitics• Total dose rate faults

– Progressive degradation of the electronic circuit

Fault impacts (model)• Resetting data• Data randomization – could be misleading, no control

over!• Modifying op-code – implementation dependent

Fault attacks – counter measures

Attacks on systems using smart cards

Trusted path

• Normal key validation on a PC

Trusted path• PIN code validation – can you come up with attacks?

Are smart cards good or bad?

Let’s go thru a few common scenarios

A few common scenarios…

Example – fault attack on DES

15-th round DPA

15-th round DES

lecture7 –more on attacks rice elec 528/ comp 538 farinaz koushanfar spring 2009

Documents