september 2005jsa/instac/tamper-resistance standardization research committee1 tsrc and side channel...

September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 1

TSRC and Side Channel Security Requirement

Shinichi KawamuraTamper-resistance Standardization Research Committee (TSRC)

Toshiba Corporation

[email protected]

Japanese Standards Association (JSA)Information Technology Research and Standardization Center (INSTAC)

mailto:[email protected]


Members of TSRC WG1

• Tsutomu Matsumoto (Chair, Yokohama National University)

• Shinichi Kawamura (Secretary, Toshiba Corp.)

• Koichi Fujisaki (Toshiba Corp.)

• Naoya Torii (Fujitsu Laboratories Ltd.)

• Shuichi Ishida (Hitachi, Ltd.)

• Yukiyasu Tsunoo (NEC Corp.)

• Minoru Saeki (Mitsubishi Electric Corp.)

• Atsuhiro Yamagishi (IPA)


Overview

1. Introduction– Relationship among the Committees– The Goal and Plan

2. Systematic Study of Tamper-resistance– Difficulties of Systematic Study– Side Channel Attacks– Attack vs. Target Matrix

3. Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks

– INSTAC-8 (8-bit CPU)– INSTAC-32 (32-bit CPU and FPGA)

4. Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks

– Attack vs. Countermeasure– Requirement focusing on attacks– Requirement focusing on countermeasures– Requirement focusing on metrics


Part 1. Introduction

•Relationship among the Committees

•The Goal and Plan


Organizational Structure 1

Bureau of Industrial Technology EnvironmentStandardization Section

Japanese Standardization Association

Information Technology Research and Standardization Center

(INSTAC)

Tamper-resistance Standardization Research Committee (TSRC)

Research TeamWG1 (Technical Committee)

Ministry of Economy, Trade and Industry


Purpose of Establishment

• Establishing the foundations of secure implementation of information technologies from a point of view of standardization

by carrying out the following study and research items:

1. Systematic study of various tampering techniques

2. Developing the method to describe requirements to tamper-resistance

3. Contributing to the international standardization with respect to tamper-resistance


Plan

FY2003: – Established in September 2003

– Decide direction and start building platforms for experiments

FY2004: – Study tamper-resistance deeply, based on theoretical and

experimental analysis

– Discuss how to describe requirements to tamper-resistance

FY2005: – Make a proposal on tamper-resistance


TSRC Vision

Attacks

Counter-measure

Module

Methodology& MetricsVendorVendor

AttackerAttacker

TesterTester

UserUser

SecurityReliabilityAcademia

& Industry

Standardplatform

Researchliterature

Part 2 Part 3

Part 4

State of the art


Part 2. Systematic Study of Tamper-resistance

•Difficulties of Systematic Study

•Side Channel Attacks

•Attack vs. Target Matrix


Difficulties in Studying Tamper-resistance

• Not all attack methods and countermeasure can be discussed openly

• Development of temper-resistant technique requires a physical target module

• A few literatures discussed evaluation methods of tamper-resistance

• Systematic study is a challenge to overcome these difficulties

• TSRC have been focusing on Side Channel Attacks due to its urgency, timeliness, and limitation of resources


Examples of Tampering Techniques

Invasive Analysis Non-invasive Analysis

Side Channel Attacks

Probing Fault-based

Analysis Timing Analysis Power Analysis

A technique to probe signal after exposing surface of chips and removing protective coating

A technique to derive internal confidential information using the difference between normal output and faulty output caused artificially

A technique to estimate confidential information by analyzing processing time

A technique toestimate confidential information by observing power consumption


Survey of Literatures: Attack vs. Target 1　　

　

Target Ciphers

　 Symmetric CiphersAsymmetric

Ciphers

Digital Signatu

reElliptic Curve

　 DESTriple-DES

AES RSADiffie-Hellman

DSS

Elliptic Curve Cryptosystem

EC-DSA

　　　 FIPS46-3

FIPS81FIPS197

FIPS186-2

FIPS186-2

FIPS186-2

FIPS186-2

FIPS186-2

category of attacks

Invasive Attack

Invasive Analysis 2 　 2 　　　　

Fault Attack

Fault Analysis 7, 208 208 1045, 6, 8, 40, 49

　　　　

Timing Attack

Timing Attack 　　　

16, 18, 37, 39, 44, 48, 91, 92, 95

16 16 53, 88 　

Cache Attack77, 81, 103

78 80 　　　　　

Power Analysis

Simple Power Analysis21, 22, 301

　 2543, 44, 47, 48, 105

　　

51, 53, 60, 102, 205

　

Differential Power Analysis

21, 22, 23, 27

　25, 26, 30, 33, 202

27, 37, 45, 95

　　50, 51, 53, 56, 63, 107

63

correlation power analysis

201 　 201 　　　　　

Hybrids

Multi-channel Attack 101

collision attack 　　 203 　　　　　

Template Attacks 14 　　　　　　　


Survey of Literatures: Attack vs. Target 2

• Matrix has blank cells which should be examined if attacks in other cells could be applied to the cells

• Besides completing matrix, essence of each attacks should be extracted and categorized

• Ultimate goal of this work would be to make a comprehensive map or dictionary of side channel attacks


Part 3. Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks

• INSTAC-8 (8-bit CPU)

• INSTAC-32 (32-bit CPU and FPGA)


Needs for Standard Evaluation Platform

• Development of tamper-resistant techniques requires a physical target module.

• Although many papers reported experimental results, the specification of target module is not necessarily clear

• It is quite rare for a vendor to publish attack results against their own cryptographic module.

• It is also rare for a researcher to report attack results against cryptographic module of a particular vendor, because such reports would not be constructive.

• Lack of standard plat form seems to hinder the development of tamper-resistance technology.

• It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary.


Standard Evaluation Platform

• INSTAC-8 is a specification which has 8bit CPU. Its target is a low-end embedded system.

• We also develop another specification INSTAC-32 for 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation.

• It is not the purpose of INSTAC-8 and -32 to emulate a particular cryptographic module. Rather it is the goal to provide a platform, where anyone con compare the data of side channel attacks. Therefore, we made the specification as simple as possible.


The specification outline of INSTAC-8

CPU Zilog Z80 (CMOS technology) 8MHz

Memory 256KB SRAM/32KB EEPROM

Peripheral IC 16Bit Programmable Counter

Communicate Port RS232C

Clock Built-in Crystal Oscillator

Supply Voltage +5.0V

Board Size 18cm * 15cm / 2 layer

Number of layers 2

Board Material FR-4(Glass board material epoxy resin)


An INSTAC-8 Compliant Evaluation Platform


Environment of Experiment


Voltage Waveform at DES Operation

time

voltage

Round 15 Round 16

DES: Round 15 and Round 16

In order to investigate whether a repetition of F function can be checked from a voltage waveform using the INSTAC-8, we acquired a voltage waveform at the time of DES execution. There are repetitions of DES round 15 and round 16 in the voltage waveform.


Result of DPA for DES (without countermeasure)

Time

Correlation

Correlation of reference data and power consumption (3000 samples)

This reference data has the largest

correlation value.

The difference in a color expresses the difference in reference data. There are all reference data(64 pattern) in this graph.

Attack point is L15 bit0.


INSTAC-32 (Specification)

CPU Freescale MPC852T 100MHz (PowerPC)

Memory 8MB SDRAM

512KB Flash Memory

8MB Flash Memory*2

FPGA Xilinx Virtex II XC2V1000-5FG456C

(for Cryptographic Function)

Xilinx Spartan II 100 (for I/O Controller)

Communication Port

10/100Base-TX Ethernet

RS232C

Clock Built-in Crystal Oscillator

Supply Voltage +3.3V

Board Size 30 cm * 20 cm

Number of layers 6

Board Material FR-4


INSTAC-32 (Appearance)


Some Results Reported

• K. Fujisaki, et al. ISEC2004-No.55, 2004– Proposal of INSTAC-8 and self-evaluation

• H. Miyake, et al. SCIS2005, January 2005– DPA evaluation on INSTAC-8

• Y. Takahashi, et al. ISEC2004-No.114, March 2005– EM analysis on INSTAC-8

• K. Fujisaki, et al. ISEC2005-No.19, July 2005– Proposal of INSTAC-32 and self-evaluation

• Y. Tsunoo, et al. This conference, Sept. 2005– Analysis report on INSTAC-8

Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual)


Lessons Learned from INSTAC-8 and -32

• Present spec. is not in detail enough to make boards supplied by different manufacturer have the same property

• Standardization of measurement conditions is necessary• Stable supply route should be established• More user friendly interface and manuals should be

provided• Feedbacks from users should be reflected to the latest

version


Part 4. Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks

• Attack vs. Countermeasure• Requirement focusing on attacks• Requirement focusing on countermeasures• Requirement focusing on metrics


Attack vs. Countermeasure

Core of Cryptographic

Module

Attack

Attack

Countermeasures

Attac

k Attac

kCryptographic Module


Approach Focusing on Attacks

Core ofCryptographic

Module

Timing Attack

SPA

DPA

EMA

Fault-based Attack

Other attacks

•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come

•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come

Example:“Cryptographic module is required to be resistant to Timing Attack”

Cryptographic Module


Approach Focusing on Countermeasures

Other

Measures

Data M

asking

Random

ized T

iming


Module

Timing Attack

SPA

DPA

EMA

Fault-based Attack

Other attacks

•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how

•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how

Example:“Cryptographic module is required to implement Data Masking” or“Documentation shall specify countermeasures employed”



Approach Focusing on Metrics

Counterm

easures


Module

•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks

•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks

Example:“Cryptographic module is required to have metric A within a given range B with a given test method C”

TestMethod 1

Metric 1

TestMethod 2

Other TestMethods

Metric 2

Metric x


Presently, A, B, and C is not established.


Attack based Approach as Metric based Approach


Timing Attack

SPA

DPA

EMA

Fault-based Attack

Other

Measures

Data M

asking

Random

ized T

iming

Metric IIMetric I

Other attacks

First candidate of the metrics is whether attack is successful or not.


Relationship among three approaches

• Attack based and countermeasure based approaches are conventional.

• But even in these cases, it would be very convenient if such objective metrics be provided, because such metrics would be an evidence of the evaluation.

• Thus, the metric based approach is not exclusive with other approaches, rather complementary.

• The problem is that there is no metrics specified so far.• It is our expectation such metrics will be found out, if we

limit the attacks categories to side channel attacks.


Candidate for Metrics Development Steps

1. Investigate the attack methods2. Determine physical quantity to measure3. Determine conditions for measurement4. Determine how to process the measured quantity

– Screening, alignment, and filtering to reduce noise– Main procedure to derive metric for evaluation

• Auto- or cross correlation, Differences for different conditions will be a candidates

• Selection or integration of metrics should be considered

5. Scoring– Judgment standard for mapping the metrics to some score is necessary– Function to integrate plural scores to a total score is necessary

6. Optimization of total testing cost– Sampling test should be employed


Summary

• TSRC has been focusing on Side Channel Attacks by– Studying literatures and categorizing them

– Developing standard platform of evaluation

– Proposing metrics based approach and possible steps for metrics development

• Comments and suggestions for TSRC’s approach are welcome


• Thank you for your attention!

september 2005jsa/instac/tamper-resistance standardization research committee1 tsrc and side channel...

Documents