september 2005jsa/instac/tamper-resistance standardization research committee1 tsrc and side channel...
TRANSCRIPT
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 1
TSRC and Side Channel Security Requirement
Shinichi KawamuraTamper-resistance Standardization Research Committee (TSRC)
Toshiba Corporation
Japanese Standards Association (JSA)Information Technology Research and Standardization Center (INSTAC)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 2
Members of TSRC WG1
• Tsutomu Matsumoto (Chair, Yokohama National University)
• Shinichi Kawamura (Secretary, Toshiba Corp.)
• Koichi Fujisaki (Toshiba Corp.)
• Naoya Torii (Fujitsu Laboratories Ltd.)
• Shuichi Ishida (Hitachi, Ltd.)
• Yukiyasu Tsunoo (NEC Corp.)
• Minoru Saeki (Mitsubishi Electric Corp.)
• Atsuhiro Yamagishi (IPA)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 3
Overview
1. Introduction– Relationship among the Committees– The Goal and Plan
2. Systematic Study of Tamper-resistance– Difficulties of Systematic Study– Side Channel Attacks– Attack vs. Target Matrix
3. Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks
– INSTAC-8 (8-bit CPU)– INSTAC-32 (32-bit CPU and FPGA)
4. Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks
– Attack vs. Countermeasure– Requirement focusing on attacks– Requirement focusing on countermeasures– Requirement focusing on metrics
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 4
Part 1. Introduction
•Relationship among the Committees
•The Goal and Plan
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 5
Organizational Structure 1
Bureau of Industrial Technology EnvironmentStandardization Section
Japanese Standardization Association
Information Technology Research and Standardization Center
(INSTAC)
Tamper-resistance Standardization Research Committee (TSRC)
Research TeamWG1 (Technical Committee)
Ministry of Economy, Trade and Industry
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 6
Purpose of Establishment
• Establishing the foundations of secure implementation of information technologies from a point of view of standardization
by carrying out the following study and research items:
1. Systematic study of various tampering techniques
2. Developing the method to describe requirements to tamper-resistance
3. Contributing to the international standardization with respect to tamper-resistance
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 7
Plan
FY2003: – Established in September 2003
– Decide direction and start building platforms for experiments
FY2004: – Study tamper-resistance deeply, based on theoretical and
experimental analysis
– Discuss how to describe requirements to tamper-resistance
FY2005: – Make a proposal on tamper-resistance
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 8
TSRC Vision
Attacks
Counter-measure
Module
Methodology& MetricsVendorVendor
AttackerAttacker
TesterTester
UserUser
SecurityReliabilityAcademia
& Industry
Standardplatform
Researchliterature
Part 2 Part 3
Part 4
State of the art
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 9
Part 2. Systematic Study of Tamper-resistance
•Difficulties of Systematic Study
•Side Channel Attacks
•Attack vs. Target Matrix
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 10
Difficulties in Studying Tamper-resistance
• Not all attack methods and countermeasure can be discussed openly
• Development of temper-resistant technique requires a physical target module
• A few literatures discussed evaluation methods of tamper-resistance
• Systematic study is a challenge to overcome these difficulties
• TSRC have been focusing on Side Channel Attacks due to its urgency, timeliness, and limitation of resources
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 11
Examples of Tampering Techniques
Invasive Analysis Non-invasive Analysis
Side Channel Attacks
Probing Fault-based
Analysis Timing Analysis Power Analysis
A technique to probe signal after exposing surface of chips and removing protective coating
A technique to derive internal confidential information using the difference between normal output and faulty output caused artificially
A technique to estimate confidential information by analyzing processing time
A technique toestimate confidential information by observing power consumption
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 12
Survey of Literatures: Attack vs. Target 1
Target Ciphers
Symmetric CiphersAsymmetric
Ciphers
Digital Signatu
reElliptic Curve
DESTriple-DES
AES RSADiffie-Hellman
DSS
Elliptic Curve Cryptosystem
EC-DSA
FIPS46-3
FIPS81FIPS197
FIPS186-2
FIPS186-2
FIPS186-2
FIPS186-2
FIPS186-2
category of attacks
Invasive Attack
Invasive Analysis 2 2
Fault Attack
Fault Analysis 7, 208 208 1045, 6, 8, 40, 49
Timing Attack
Timing Attack
16, 18, 37, 39, 44, 48, 91, 92, 95
16 16 53, 88
Cache Attack77, 81, 103
78 80
Power Analysis
Simple Power Analysis21, 22, 301
2543, 44, 47, 48, 105
51, 53, 60, 102, 205
Differential Power Analysis
21, 22, 23, 27
25, 26, 30, 33, 202
27, 37, 45, 95
50, 51, 53, 56, 63, 107
63
correlation power analysis
201 201
Hybrids
Multi-channel Attack 101
collision attack 203
Template Attacks 14
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 13
Survey of Literatures: Attack vs. Target 2
• Matrix has blank cells which should be examined if attacks in other cells could be applied to the cells
• Besides completing matrix, essence of each attacks should be extracted and categorized
• Ultimate goal of this work would be to make a comprehensive map or dictionary of side channel attacks
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 14
Part 3. Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks
• INSTAC-8 (8-bit CPU)
• INSTAC-32 (32-bit CPU and FPGA)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 15
Needs for Standard Evaluation Platform
• Development of tamper-resistant techniques requires a physical target module.
• Although many papers reported experimental results, the specification of target module is not necessarily clear
• It is quite rare for a vendor to publish attack results against their own cryptographic module.
• It is also rare for a researcher to report attack results against cryptographic module of a particular vendor, because such reports would not be constructive.
• Lack of standard plat form seems to hinder the development of tamper-resistance technology.
• It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 16
Standard Evaluation Platform
• INSTAC-8 is a specification which has 8bit CPU. Its target is a low-end embedded system.
• We also develop another specification INSTAC-32 for 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation.
• It is not the purpose of INSTAC-8 and -32 to emulate a particular cryptographic module. Rather it is the goal to provide a platform, where anyone con compare the data of side channel attacks. Therefore, we made the specification as simple as possible.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 17
The specification outline of INSTAC-8
CPU Zilog Z80 (CMOS technology) 8MHz
Memory 256KB SRAM/32KB EEPROM
Peripheral IC 16Bit Programmable Counter
Communicate Port RS232C
Clock Built-in Crystal Oscillator
Supply Voltage +5.0V
Board Size 18cm * 15cm / 2 layer
Number of layers 2
Board Material FR-4(Glass board material epoxy resin)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 18
An INSTAC-8 Compliant Evaluation Platform
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 19
Environment of Experiment
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 20
Voltage Waveform at DES Operation
time
voltage
Round 15 Round 16
DES: Round 15 and Round 16
In order to investigate whether a repetition of F function can be checked from a voltage waveform using the INSTAC-8, we acquired a voltage waveform at the time of DES execution. There are repetitions of DES round 15 and round 16 in the voltage waveform.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 21
Result of DPA for DES (without countermeasure)
Time
Correlation
Correlation of reference data and power consumption (3000 samples)
This reference data has the largest
correlation value.
The difference in a color expresses the difference in reference data. There are all reference data(64 pattern) in this graph.
Attack point is L15 bit0.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 22
INSTAC-32 (Specification)
CPU Freescale MPC852T 100MHz (PowerPC)
Memory 8MB SDRAM
512KB Flash Memory
8MB Flash Memory*2
FPGA Xilinx Virtex II XC2V1000-5FG456C
(for Cryptographic Function)
Xilinx Spartan II 100 (for I/O Controller)
Communication Port
10/100Base-TX Ethernet
RS232C
Clock Built-in Crystal Oscillator
Supply Voltage +3.3V
Board Size 30 cm * 20 cm
Number of layers 6
Board Material FR-4
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 23
INSTAC-32 (Appearance)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 24
Some Results Reported
• K. Fujisaki, et al. ISEC2004-No.55, 2004– Proposal of INSTAC-8 and self-evaluation
• H. Miyake, et al. SCIS2005, January 2005– DPA evaluation on INSTAC-8
• Y. Takahashi, et al. ISEC2004-No.114, March 2005– EM analysis on INSTAC-8
• K. Fujisaki, et al. ISEC2005-No.19, July 2005– Proposal of INSTAC-32 and self-evaluation
• Y. Tsunoo, et al. This conference, Sept. 2005– Analysis report on INSTAC-8
Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual)
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 25
Lessons Learned from INSTAC-8 and -32
• Present spec. is not in detail enough to make boards supplied by different manufacturer have the same property
• Standardization of measurement conditions is necessary• Stable supply route should be established• More user friendly interface and manuals should be
provided• Feedbacks from users should be reflected to the latest
version
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 26
Part 4. Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks
• Attack vs. Countermeasure• Requirement focusing on attacks• Requirement focusing on countermeasures• Requirement focusing on metrics
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 27
Attack vs. Countermeasure
Core of Cryptographic
Module
Attack
Attack
Countermeasures
Attac
k Attac
kCryptographic Module
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 28
Approach Focusing on Attacks
Core ofCryptographic
Module
Timing Attack
SPA
DPA
EMA
Fault-based Attack
Other attacks
•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come
•Concrete attack is focused ---Natural approach•Appropriate listing up of attacks is necessary•Adapting to emerging attack is an issue since more attacks seem still to come
Example:“Cryptographic module is required to be resistant to Timing Attack”
Cryptographic Module
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 29
Approach Focusing on Countermeasures
Other
Measures
Data M
asking
Random
ized T
iming
Core ofCryptographic
Module
Timing Attack
SPA
DPA
EMA
Fault-based Attack
Other attacks
•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how
•Countermeasure to prevent attacks is specified•Appropriate listing up of countermeasures is necessary•Adapting emerging attack is an issue since more attacks seem still to come•Vender would not like to explicitly describe countermeasures because they are sometimes vendor know-how
Example:“Cryptographic module is required to implement Data Masking” or“Documentation shall specify countermeasures employed”
Cryptographic Module
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 30
Approach Focusing on Metrics
Counterm
easures
Core ofCryptographic
Module
•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks
•Ideal approach -- if appropriate metrics and test method are defined•Searching for appropriate metrics is a big issue --- Intensive research is required•Good metrics may cover some emerging attacks
Example:“Cryptographic module is required to have metric A within a given range B with a given test method C”
TestMethod 1
Metric 1
TestMethod 2
Other TestMethods
Metric 2
Metric x
Cryptographic Module
Presently, A, B, and C is not established.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 31
Attack based Approach as Metric based Approach
Cryptographic Module
Timing Attack
SPA
DPA
EMA
Fault-based Attack
Other
Measures
Data M
asking
Random
ized T
iming
Metric IIMetric I
Other attacks
First candidate of the metrics is whether attack is successful or not.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 32
Relationship among three approaches
• Attack based and countermeasure based approaches are conventional.
• But even in these cases, it would be very convenient if such objective metrics be provided, because such metrics would be an evidence of the evaluation.
• Thus, the metric based approach is not exclusive with other approaches, rather complementary.
• The problem is that there is no metrics specified so far.• It is our expectation such metrics will be found out, if we
limit the attacks categories to side channel attacks.
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 33
Candidate for Metrics Development Steps
1. Investigate the attack methods2. Determine physical quantity to measure3. Determine conditions for measurement4. Determine how to process the measured quantity
– Screening, alignment, and filtering to reduce noise– Main procedure to derive metric for evaluation
• Auto- or cross correlation, Differences for different conditions will be a candidates
• Selection or integration of metrics should be considered
5. Scoring– Judgment standard for mapping the metrics to some score is necessary– Function to integrate plural scores to a total score is necessary
6. Optimization of total testing cost– Sampling test should be employed
September 2005 JSA/INSTAC/Tamper-resistance Standardization Research Committee 34
Summary
• TSRC has been focusing on Side Channel Attacks by– Studying literatures and categorizing them
– Developing standard platform of evaluation
– Proposing metrics based approach and possible steps for metrics development
• Comments and suggestions for TSRC’s approach are welcome