On the Practical Security of a Leakage Resilient Masking Scheme
|
|
- Erika West
- 5 years ago
- Views:
Transcription
1 On the Practical Security of a Leakage Resilient Masking Scheme T. Roche thomas.roche@ssi.gouv.fr Joint work with E. Prouff and M. Rivain CT-RSA 2014 Feb. 2014
2 Side Channel Analysis Side Channel Attacks (SCA) appear 15 years ago 1996 : Timing Attacks 1998 : Power Analysis 2000 : Electromagnetic Analysis Numerous attacks 1998 : (single-bit) DPA KocherJaffeJune : (multi-bit) DPA Messerges : Higher-order SCA Messerges : Template SCA ChariRaoRohatgi : CPA BrierClavierOlivier : Stochastic SCA SchindlerLemkePaar : Mutual Information SCA GierlichsBatinaTuyls2008 etc.
3 Side Channel Analysis Side Channel Attacks (SCA) appear 15 years ago 1996 : Timing Attacks 1998 : Power Analysis 2000 : Electromagnetic Analysis Numerous attacks 1998 : (single-bit) DPA KocherJaffeJune : (multi-bit) DPA Messerges : Higher-order SCA Messerges : Template SCA ChariRaoRohatgi : CPA BrierClavierOlivier : Stochastic SCA SchindlerLemkePaar : Mutual Information SCA GierlichsBatinaTuyls2008 etc.
4 Side Channel Analysis Side Channel Attacks (SCA) appear 15 years ago 1996 : Timing Attacks 1998 : Power Analysis 2000 : Electromagnetic Analysis Numerous attacks 1998 : (single-bit) DPA KocherJaffeJune : (multi-bit) DPA Messerges : Higher-order SCA Messerges : Template SCA ChariRaoRohatgi : CPA BrierClavierOlivier : Stochastic SCA SchindlerLemkePaar : Mutual Information SCA GierlichsBatinaTuyls2008 etc.
5 Side Channel Analysis Side Channel Attacks (SCA) appear 15 years ago 1996 : Timing Attacks 1998 : Power Analysis 2000 : Electromagnetic Analysis Numerous attacks 1998 : (single-bit) DPA KocherJaffeJune : (multi-bit) DPA Messerges : Higher-order SCA Messerges : Template SCA ChariRaoRohatgi : CPA BrierClavierOlivier : Stochastic SCA SchindlerLemkePaar : Mutual Information SCA GierlichsBatinaTuyls2008 etc.
6 Masking/Sharing Coutermeasures Idea : consists in securing the implementation using secret sharing techniques. First Ideas in GoubinPatarin99 and ChariJutlaRaoRohatgi99. Soundness based on the following remark : [Chari-Jutla-Rao-Rohatgi CRYPTO 99] Bit x masked x 0, x 1,..., x d Leakage : Li x i + N (µ, σ 2 )( # of leakage samples to test (Li ) i x = 0 ) = ( (L i ) i x = 1 ) : q O(1)σ d
7 Masking/Sharing Coutermeasures Idea : consists in securing the implementation using secret sharing techniques. First Ideas in GoubinPatarin99 and ChariJutlaRaoRohatgi99. Soundness based on the following remark : [Chari-Jutla-Rao-Rohatgi CRYPTO 99] Bit x masked x 0, x 1,..., x d Leakage : Li x i + N (µ, σ 2 )( # of leakage samples to test (Li ) i x = 0 ) = ( (L i ) i x = 1 ) : q O(1)σ d
8 Masking/Sharing Coutermeasures Idea : consists in securing the implementation using secret sharing techniques. First Ideas in GoubinPatarin99 and ChariJutlaRaoRohatgi99. Soundness based on the following remark : [Chari-Jutla-Rao-Rohatgi CRYPTO 99] Bit x masked x 0, x 1,..., x d Leakage : Li x i + N (µ, σ 2 )( # of leakage samples to test (Li ) i x = 0 ) = ( (L i ) i x = 1 ) : q O(1)σ d
9 Probing Adversary Notion introduced in IshaiSahaiWagner, CRYPTO 2003 A d th -order probing adversary is allowed to observe at most d intermediate results during the overall algorithm processing. Hardware interpretation : d is the maximum of wires observed in the circuit. Software interpretation : d is the maximum of different timings during the processing. d th -order probing adversary = d th -order SCA as introduced in Messerges99. Countermeasures proved to be secure against a d th -order probing adv. : d = 1 : KocherJaffeJune99, BlömerGuajardoKrummel04, ProuffRivain07. d = 2 : RivainDottaxProuff08. d 1 : IshaiSahaiWagner03, ProuffRoche11, GenelleProuffQuisquater11, CarletGoubinProuffQuisquaterRivain12.
10 Probing Adversary Notion introduced in IshaiSahaiWagner, CRYPTO 2003 A d th -order probing adversary is allowed to observe at most d intermediate results during the overall algorithm processing. Hardware interpretation : d is the maximum of wires observed in the circuit. Software interpretation : d is the maximum of different timings during the processing. d th -order probing adversary = d th -order SCA as introduced in Messerges99. Countermeasures proved to be secure against a d th -order probing adv. : d = 1 : KocherJaffeJune99, BlömerGuajardoKrummel04, ProuffRivain07. d = 2 : RivainDottaxProuff08. d 1 : IshaiSahaiWagner03, ProuffRoche11, GenelleProuffQuisquater11, CarletGoubinProuffQuisquaterRivain12.
11 Higher-Order Masking Schemes Achieving security in the probing adversary model Definition A dth-order masking scheme for an encryption algorithm c E(m, k) is an algorithm (c 0, c 1,..., c d ) E ( (m 0, m 1,..., m d ), (k 0, k 1,..., k d ) ) Completeness : there exists R s.t. : R(c 0,, c d ) = E(m, k) Security : {iv 1, iv 2,..., iv d } {intermediate var. of E } : Pr ( k iv 1, iv 2,..., iv d ) = Pr ( k )
12 State Of The Art dth-order masking schemes Boolean Masking n = 2d + 1, O(d 2 ) [Ishai et al.03] (hardware oriented) [Rivain-Prouff 10] [Kim et al.11] Multiplicative Masking n = d + 1, O(d 2 ) [Genelle et al.11] (alternating Boolean and Multiplicative Masking) Polynomial Masking Õ(d 2 ) [Prouff-Roche 11] (n = 2d + 1, Glitches Resitance) Inner-Product Masking O(d 2 ) [Balasch et al.12] (n = 2(d + 1), Glitches Resistance)
13 State Of The Art dth-order masking schemes Boolean Masking n = 2d + 1, O(d 2 ) [Ishai et al.03] (hardware oriented) [Rivain-Prouff 10] [Kim et al.11] Multiplicative Masking n = d + 1, O(d 2 ) [Genelle et al.11] (alternating Boolean and Multiplicative Masking) Polynomial Masking Õ(d 2 ) [Prouff-Roche 11] (n = 2d + 1, Glitches Resitance) Inner-Product Masking O(d 2 ) [Balasch et al.12] (n = 2(d + 1), Glitches Resistance)
14 Mutual Information Analysis of Masking Schemes Mutual Information Evaluation Hamming Weight Model and Additive Gaussian Noise O(X ) = HW (X ) + B B N (0, σ) In this idealized model, the success rate of an optimal multi-query (HO-)SCA targeting (Z 0,, Z d ) is a monotonously increasing function of I(O(Z 0 ),, O(Z d ); Z) [Standaert et al. 09]
15 Mutual Information Analysis of Masking Schemes Boolean Sharing Manipulation of randomized variable z $ (z r 1 r d, r 1,, r d ), where r i are randomly generated in GF(2 l ).
16 Mutual Information Analysis of Masking Schemes Information Leaked by a d th -order Boolean Sharing 4 1O Bool.Mask. 2O Leak 2O Bool.Mask. 3O Leak 2 log10 (I(Z, O)) Noise Standard Deviation
17 Mutual Information Analysis of Masking Schemes Multiplicative Sharing Manipulation of randomized variable z $ (zxr 1 x xr d, r 1,, r d ), where r i are randomly generated in GF (2 l ).
18 Mutual Information Analysis of Masking Schemes Multiplicative Sharing Manipulation of randomized variable z $ (zxr 1 x xr d, r 1,, r d ), where r i are randomly generated in GF (2 l ). 1st-order Flaw Pr(zxr 1 x xr d = 0 z = 0) = 1
19 Mutual Information Analysis of Masking Schemes Information Leaked by a d th -order Multiplicative Sharing 4 2 1O Bool.Mask. 2O Leak 2O Bool.Mask. 3O Leak 1O Mult.Mask. 1O Leak log10 (I(Z, O)) Noise Standard Deviation
20 Mutual Information Analysis of Masking Schemes Shamir s Secret Sharing Manipulation of randomized variable $ z P z [X ] : z + a 1 X + + a d X d P z, α 1,, α n (P z (α 1 ),, P z (α n )) where a i are randomly generated in GF(2 l ) and α i are distinct public value of GF(2 l ).
21 Mutual Information Analysis of Masking Schemes Information Leaked by a d th -order Shamir s Secret Sharing log10 (I(Z, O)) O Bool.Mask. 2O Leak 2O Bool.Mask. 3O Leak 1O Mult.Mask. 1O Leak 1O Poly.Mask. 2O Leak 2O Poly.Mask. 3O Leak Noise Standard Deviation
22 Mutual Information Analysis of Masking Schemes IP-masking [Dziembowski-Faust TCC 2012] Manipulation of randomized variable z $ ( z n i=2 L ir i L 1, R 2,, R n, L 1,, L n ) where R i are randomly generated in GF(2 l ) and L i are randomly generated in GF(2 l ).
23 Mutual Information Analysis of Masking Schemes Information Leaked by a d th -order IP sharing log10 (MI) O Bool.Mask. 2O Leak 2O Bool.Mask. 3O Leak 1O Mult.Mask. 1O Leak 1O Poly.Mask. 2O Leak 2O Poly.Mask. 3O Leak 1O IP.Mask. 2O Leak 2O IP.Mask. 3O Leak Noise Standard Deviation
24 Analysis of Inner-Product Masking Scheme IP-masking Scheme BalaschFaustGierlichsVerbauwhede, ASIACRYPT n shares for (n 1) probing security (HO-)Glitches Attack resistant masking scheme Weak information leakage assuming standard Leakage Functions e.g. HW Complexity O(n 2 ) Proofs in the continuous bounded-range leakage model only if n 130 Practical Leakage Resilient Masking Scheme O() : {0, 1} l {0, 1} λ λ << l
25 Analysis of Inner-Product Masking Scheme IP-masking Scheme BalaschFaustGierlichsVerbauwhede, ASIACRYPT 2012 Inner-Product Sharing Scheme z $ ( z n i=2 L ir i L 1, R 2,, R n, L 1,, L n ) R i in GF(2 l ), L i in GF(2 l ). IP-Masking Scheme [Balasch et al. 12] inputs : {(L A, R A ), (L B, R B )} RefreshMasks(A) : O(n) A + B : O(n) xa + y : O(n) A B : O(n 2 )
26 Analysis of Inner-Product Masking Scheme IP-masking Scheme BalaschFaustGierlichsVerbauwhede, ASIACRYPT 2012 Inner-Product Sharing Scheme z $ ( z n i=2 L ir i L 1, R 2,, R n, L 1,, L n ) R i in GF(2 l ), L i in GF(2 l ). IP-Masking Scheme [Balasch et al. 12] inputs : {(L A, R A ), (L B, R B )} RefreshMasks(A) : O(n) A + B : O(n) xa + y : O(n) A B : O(n 2 )
27 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R );
28 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R );
29 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R );
30 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R ); For n = 2, V = L 1 R 1 L 2 R 2 X = (L 1 L 1 )R 1 (L 2 L 2 )R 2
31 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R ); For n = 2, V = L 1 R 1 L 2 R 2 X = (L 1 L 1 )R 1 (L 2 L 2 )R 2
32 Analysis of Inner-Product Masking Scheme Algorithm Refresh Mask description Input : the (2n, d)-sharing (L, R) of V. Output: the (2n, d)-sharing (L, R ) such that L, R = L, R. /* Refresh Masks */ 1 L (randnonzero()) n ; 2 for i = 1 to n do 3 A i L i L i ; 4 X A, R ; 5 B IPHalfMask(X, L ); 6 R R B; 7 return (L, R ); For n = 2, V = L 1 R 1 L 2 R 2 X = (L 1 L 1 )R 1 (L 2 L 2 )R 2
33 Analysis of Inner-Product Masking Scheme A 1 st -order Flaw for any d for v = 0, and Pr[X = x V = v] = { if x = 0 2 l 2 l (2 l 1) n if x 0 2 l 2 l (2 l 1) n 1 Pr[X = x V = v] = { 1 1 if x = v 2 l 2 l (2 l 1) n if x v 2 l 2 l (2 l 1) n, otherwise.
34 Analysis of Inner-Product Masking Scheme A 1 st -order Flaw for any d for v = 0, and Pr[X = x V = v] = { if x = 0 2 l 2 l (2 l 1) n if x 0 2 l 2 l (2 l 1) n 1 Pr[X = x V = v] = { 1 1 if x = v 2 l 2 l (2 l 1) n if x v 2 l 2 l (2 l 1) n, otherwise. I(V ; O(X )) 0
35 Analysis of Inner-Product Masking Scheme Information Leaked by the 1 st -order Flaw Eq. (8) 1O IP.Mask. 2O Leak Eq. (9) 2O IP.Mask. 3O Leak Eq. (10) 1O IP.Mask. 1O Flaw Eq. (11) 2O IP.Mask. 1O Flaw log10 (MI) Noise Standard Deviation
36 Analysis of Inner-Product Masking Scheme Information Leaked by the 1 st -order Flaw on 4-bit variables log10 (MI) Eq. (11) 1O IP.Mask. 2O Leak Eq. (12) 2O IP.Mask. 3O Leak Eq. (13) 1O IP.Mask. 1O Flaw Eq. (14) 2O IP.Mask. 1O Flaw 10 x CPA exploiting the flaw X 2O-CPA exploiting the half IP-Masking R Noise Standard Deviation
37 Conclusion and Future works A security flaw in Blasch et al. scheme 1st-order flaw (exponential decay w.r.t. the mask order) in practice much easier to mount than a d-order attack. noise addition techniques won t help that much. proof in the continuous bounded-leakage model is still standing ways of improving the n 130 bound?
38 Conclusion and Future works A security flaw in Blasch et al. scheme 1st-order flaw (exponential decay w.r.t. the mask order) in practice much easier to mount than a d-order attack. noise addition techniques won t help that much. proof in the continuous bounded-leakage model is still standing ways of improving the n 130 bound?
39 Conclusion and Future works A security flaw in Blasch et al. scheme 1st-order flaw (exponential decay w.r.t. the mask order) in practice much easier to mount than a d-order attack. noise addition techniques won t help that much. proof in the continuous bounded-leakage model is still standing ways of improving the n 130 bound?
40 Conclusion and Future works IP-Masking Scheme w.r.t. to recent results in leakage resilience proofs ProufRivain, EUROCRYPT 2013 security proofs in continuous leakage model practical noisy leakage models additive masking (Ishai et al. scheme) improvements and link with probing security DucDziembowskiFaust, to appear EUROCRYPT 2014
Masking vs. Multiparty Computation: How Large is the Gap for AES?
Masking vs. Multiparty Computation: How Large is the Gap for AES? Vincent Grosso 1, François-Xavier Standaert 1, Sebastian Faust 2. 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium.
More informationSecure Conversion Between Boolean and Arithmetic Masking of Any Order
Secure Conversion Between Boolean and Arithmetic Masking of Any Order Jean-Sébastien Coron, Johann Großschädl, and Praveen Kumar Vadnala University of Luxembourg, Laboratory of Algorithmics, Cryptology
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationSide-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationSecure Multiple SBoxes Implementation with Arithmetically Masked Input
Secure Multiple SBoxes Implementation with Arithmetically Masked Input Luk Bettale Oberthur Technologies 71-73 rue des Hautes Pâtures 92726 Nanterre Cedex - France l.bettale@oberthur.com Abstract The building
More informationVery High-Order Masking: Efficient Implementation and Security Evaluation
Very High-Order Masking: Efficient Implementation and Security Evaluation Anthony Journault and François-Xavier Standaert UCL (Louvain-la-Neuve, Belgium) CHES 2017, Taipei, Taiwan Outline Background Masking
More informationA systematic approach to eliminating the vulnerabilities in smart cards evaluation
A systematic approach to eliminating the vulnerabilities in smart cards evaluation Hongsong Shi, Jinping Gao, Chongbing Zhang hongsongshi@gmail.com China Information Technology Security Evaluation Center
More informationOn Boolean and Arithmetic Masking against Differential Power Analysis
On Boolean and Arithmetic Masking against Differential Power Analysis [Published in Ç.K. Koç and C. Paar, Eds., Cryptographic Hardware and Embedded Systems CHES 2000, vol. 1965 of Lecture Notes in Computer
More informationLeakage-Resilient Symmetric Cryptography (Overview of the ERC Project CRASH, part II)
Leakage-Resilient Symmetric Cryptography (Overview of the ERC Project CRASH, part II) François-Xavier Standaert UCL Crypto Group, Belgium INDOCRYPT, December 2016 Outline Introduction Natural PRGs/PRFs
More informationOn the Simplicity of Converting Leakages from Multivariate to Univariate
On the Simplicity of Converting Leakages from Multivariate to Univariate 21. Aug. 2013, Oliver Mischke Embedded Security Group + Hardware Security Group Ruhr University Bochum, Germany Outline Definitions,
More informationHow to Certify the Leakage of a Chip?
How to Certify the Leakage of a Chip? F. Durvaux, F.-X. Standaert, N. Veyrat-Charvillon UCL Crypto Group, Belgium EUROCRYPT 2014, Copenhagen, Denmark Problem statement Evaluation / certification of leaking
More informationMasking Proofs are Tight
Masking Proofs are Tight and How to Exploit it in Security Evaluations Vincent Grosso 1, François-Xavier Standaert 2 1 Radboud University Nijmegen, Digital Security Group, The Netherlands. 2 ICTEAM - Crypto
More informationAdaptive Chosen-Message Side-Channel Attacks
Adaptive Chosen-Message Side-Channel Attacks Nicolas Veyrat-Charvillon, François-Xavier Standaert, Université catholique de Louvain, Crypto Group, Belgium. e-mails: nicolas.veyrat;fstandae@uclouvain.be
More informationmaskverif: a formal tool for analyzing software and hardware masked implementations
maskverif: a formal tool for analyzing software and hardware masked implementations Gilles Barthe 1, Sonia Belaïd 2, Pierre-Alain Fouque 3, and Benjamin Grégoire 4 1 IMDEA Software Institute gilles.barthe@imdea.org
More informationEfficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Gemalto, 6 rue de la Verrerie, 92197 Meudon Cedex, France blandine.debraize@gemalto.com Abstract.
More informationSecond-Order Power Analysis Attacks against Precomputation based Masking Countermeasure
, pp.259-270 http://dx.doi.org/10.14257/ijsh.2016.10.3.25 Second-Order Power Analysis Attacks against Precomputation based Masking Countermeasure Weijian Li 1 and Haibo Yi 2 1 School of Computer Science,
More informationDefeating Embedded Cryptographic Protocols by Combining Second-Order with Brute Force
Defeating Embedded Cryptographic Protocols by Combining Second-Order with Brute Force Benoit Feix (B), Andjy Ricart, Benjamin Timon, and Lucille Tordella UL Transaction Security Lab, Basingstoke, England
More informationEfficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking
Efficient and Provably Secure Methods for Switching from Arithmetic to Boolean Masking Blandine Debraize Gemalto, 6 rue de la Verrerie, 92197 Meudon Cedex, France blandine.debraize@gemalto.com Abstract.
More informationOn the Cost of Lazy Engineering for Masked Software Implementations
On the Cost of Lazy Engineering for Masked Software Implementations Josep Balasch 1, Benedikt Gierlichs 1, Vincent Grosso, Oscar Reparaz 1, François-Xavier Standaert. 1 KU Leuven Dept. Electrical Engineering-ESAT/COSIC
More informationProfiling Good Leakage Models For Masked Implementations
Profiling Good Leakage Models For Masked Implementations Changhai Ou,2, Zhu Wang,, Degang Sun, and Xinping Zhou,2 Institute of Information Engineering, Chinese Academy of Sciences 2 School of Cyber Security,
More informationKey-Evolution Schemes Resilient to Space Bounded Leakage
Key-Evolution Schemes Resilient to Space Bounded Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure scheme for deterministic key-evolution Properties: leakage-resilient
More informationCryptography for Embedded Systems. Elisabeth Oswald Reader, University of Bristol
Cryptography for Embedded Systems Elisabeth Oswald Reader, University of Bristol 1 Outline 1 Embedded devices History, role and importance, use of cryptography 2 Security challenges Nothing is ever easy.
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationFDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks
FDTC 21 Fault Diagnosis and Tolerance in Cryptography PACA on AES Passive and Active Combined Attacks Christophe Clavier Benoît Feix Georges Gagnerot Mylène Roussellet Limoges University Inside Contactless
More informationDeep Learning for Embedded Security Evaluation
Deep Learning for Embedded Security Evaluation Emmanuel Prouff 1 1 Laboratoire de Sécurité des Composants, ANSSI, France April 2018, CISCO April 2018, CISCO E. Prouff 1/22 Contents 1. Context and Motivation
More informationVery High Order Masking: Efficient Implementation and Security Evaluation
Very High Order Masking: Efficient Implementation and Security Evaluation Anthony Journault, François-Xavier Standaert ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium e-mails: anthony.journault,
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationCombined Fault and Side-Channel Attack on Protected Implementations of AES
Combined Fault and Side-Channel Attack on Protected Implementations of AES Thomas Roche, Victor Lomné, and Karim Khalfallah ANSSI, 51, Bd de la Tour-Maubourg, 75700 Paris 07 SP, France firstname.lastname@ssi.gouv.fr
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationEfficient DPA Attacks on AES Hardware Implementations
I. J. Communications, Network and System Sciences. 008; : -03 Published Online February 008 in SciRes (http://www.srpublishing.org/journal/ijcns/). Efficient DPA Attacks on AES Hardware Implementations
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationProfiled Model Based Power Simulator for Side Channel Evaluation
Profiled Model Based Power Simulator for Side Channel Evaluation Nicolas Debande 1,2, Maël Berthier 1, Yves Bocktaels 1 and Thanh-Ha Le 1 1 Morpho 18 chaussée Jules César, 95520 Osny, France firstname.familyname@morpho.com
More informationOn the Cost of Lazy Engineering for Masked Software Implementations
On the Cost of Lazy Engineering for Masked Software Implementations Josep Balasch 1, Benedikt Gierlichs 1, Vincent Grosso, Oscar Reparaz 1, François-Xavier Standaert. 1 KU Leuven Dept. Electrical Engineering-ESAT/COSIC
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationA Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks
A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier, François-Xavier Standaert: Université catholique de Louvain Yuanyuan Zhou:
More informationSide-Channel Attack against RSA Key Generation Algorithms
Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information
More informationTemplate Attacks. Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi
Template Attacks Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi IBM Watson Research Center, P.O. Box 74 Yorktown Heights, NY 1598 {schari,jrrao,rohatgi}@us.ibm.com Abstract. We present template attacks,
More informationTest Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES
Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES 1 Document Scope This document describes requirements and test procedures for qualifying DPA-resistant implementations of
More informationHow Far Should Theory be from Practice?
How Far Should Theory be from Practice? Evaluation of a Countermeasure Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi,mischke}@crypto.rub.de
More informationStudy of a Novel Software Constant Weight Implementation
Study of a Novel Software Constant Weight Implementation Victor Servant 1, Nicolas Debande 2, Houssem Maghrebi 1, Julien Bringer 1 1 SAFRAN Morpho, 18, Chaussée Jules César, 9552 Osny, France. firstname.lastname@morpho.com
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationSelecting Time Samples for Multivariate DPA Attacks
Selecting Time Samples for Multivariate DPA Attacks Oscar Reparaz, Benedikt Gierlichs, and Ingrid Verbauwhede KU Leuven Dept. Electrical Engineering-ESAT/SCD-COSIC and IBBT Kasteelpark Arenberg 10, B-3001
More informationOn the Easiness of Turning Higher-Order Leakages into First-Order
On the Easiness of Turning Higher-Order Leakages into First-Order Thorben Moos and Amir Moradi Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany {firstname.lastname}@rub.de
More informationLeakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore,
More informationBlock Ciphers that are Easier to Mask How Far Can we Go?
Block Ciphers that are Easier to Mask How Far Can we Go? Benoît Gérard, Vincent Grosso, María Naya-Plasencia, François-Xavier Standaert DGA & UCL Crypto Group & INRIA CHES 2013 Santa Barbara, USA Block
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationChapter 2 Introduction to Side-Channel Attacks
Chapter 2 Introduction to Side-Channel Attacks François-Xavier Standaert 2.1 Introduction A cryptographic primitive can be considered from two points of view: on the one hand, it can be viewed as an abstract
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationLeakage Squeezing Countermeasure against High-Order Attacks
Leakage Squeezing Countermeasure against High-Order Attacks Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger To cite this version: Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger. Leakage Squeezing
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationDissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks
Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks A Practical Security Evaluation on FPGA Florian Unterstein Johann Heyszl Fabrizio De Santis a Robert Specht, 13.04.2017 a Technical
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationA High-order Masking Approach for CLEFIA Implementation on FPGA and Intel
Int'l Conf. Security and Management SAM'17 79 A High-order Masking Approach for CLEFIA Implementation on FPGA and Intel Abdullah Baihan 1, Parasara Sridhar Duggirala 2 Computer Science and Engineering
More informationSide-Channel Attack on Substitution Blocks
Side-Channel Attack on Substitution Blocks Roman Novak Jozef Stefan Institute, Jamova 39, 1000 Ljubljana, Slovenia, Roman.Novak@ijs.si Abstract. 1 We describe a side-channel attack on a substitution block,
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationDigital Signatures. Sven Laur University of Tartu
Digital Signatures Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic identity,
More informationParallel Repetition for Leakage Resilience Amplification Revisited
Parallel Repetition for Leakage Resilience Amplification Revisited Abhishek Jain 1 and Krzysztof Pietrzak 2 1 UCLA, abhishek@cs.ucla.edu 2 CWI, Amsterdam, pietrzak@cwi.nl Abstract. If a cryptographic primitive
More informationSecurity Analysis of Batch Verification on Identity-based Signature Schemes
Proceedings of the 11th WSEAS International Conference on COMPUTERS, Agios Nikolaos, Crete Island, Greece, July 26-28, 2007 50 Security Analysis of Batch Verification on Identity-based Signature Schemes
More informationA Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua CHEN
2017 International Conference on Computer, Electronics and Communication Engineering (CECE 2017) ISBN: 978-1-60595-476-9 A Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua
More informationNon-Profiled Deep Learning-Based Side-Channel Attacks
Non-Profiled Deep Learning-Based Side-Channel Attacks Benjamin Timon UL Transaction Security, Singapore benjamin.timon@ul.com Abstract. Deep Learning has recently been introduced as a new alternative to
More informationOn the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven
On the Optimality of Mutual Information Analysis for Discrete Leakages Cryptarchi June 29-30, 2015 Leuven Éloi de Chérisey*, Annelie Heuser**, Sylvain Guilley** and Olivier Rioul** * ENS Cachan, **Telecom
More informationThreshold Cryptosystems from Threshold Fully Homomorphic Encryption
Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Sam Kim Stanford University Joint work with Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Peter M. R. Rasmussen, and Amit
More informationUniversal Exponentiation Algorithm
Published in Ç. K. Koç, D. Naccache, and C. Paar, Eds., Cryptographic Hardware and Embedded Systems CHES 2001, vol. 2162 of Lecture Notes in Computer Science, pp. 300 308, Springer-Verlag, 2001. Universal
More informationCountermeasures against EM Analysis for a Secured FPGA-based AES Implementation
Countermeasures against EM Analysis for a Secured FPGA-based AES Implementation P. Maistri 1, S. Tiran 2, P. Maurine 2, I. Koren 3, R. Leveugle 1 1 Univ. Grenoble Alpes, TIMA Laboratory, F-38031 Grenoble
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationCAPA: The Spirit of Beaver against Physical Attacks
CAPA: The Spirit of Beaver against Physical Attacks Oscar Reparaz 1,2 ( ), Lauren De Meyer 1, Begül Bilgin 1, Victor Arribas 1, Svetla Nikova 1, Ventzislav Nikov 3, and Nigel Smart 1,4 1 KU Leuven, imec
More informationLocation-Based Leakages: New Directions in Modeling and Exploiting
Location-Based Leakages: New Directions in Modeling and Exploiting Christos Andrikos and Giorgos Rassias National Technical University of Athens Email: candrikos@cslab.ece.ntua.gr Email: grassias@cslab.ece.ntua.gr
More informationLectures 4+5: The (In)Security of Encrypted Search
Lectures 4+5: The (In)Security of Encrypted Search Contents 1 Overview 1 2 Data Structures 2 3 Syntax 3 4 Security 4 4.1 Formalizing Leaky Primitives.......................... 5 1 Overview In the first
More informationALIKE: Authenticated Lightweight Key Exchange. Sandrine Agagliate, GEMALTO Security Labs
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability
More information2018: Problem Set 1
crypt@b-it 2018 Problem Set 1 Mike Rosulek crypt@b-it 2018: Problem Set 1 1. Sometimes it is not clear whether certain behavior is an attack against a protocol. To decide whether something is an attack
More informationSecurity of Identity Based Encryption - A Different Perspective
Security of Identity Based Encryption - A Different Perspective Priyanka Bose and Dipanjan Das priyanka@cs.ucsb.edu,dipanjan@cs.ucsb.edu Department of Computer Science University of California Santa Barbara
More informationBlind Differential Cryptanalysis for Enhanced Power Attacks
Blind Differential Cryptanalysis for Enhanced Power Attacks Bart Preneel COSIC K.U.Leuven - Belgium bart.preneel(at)esat.kuleuven.be Joint work with Helena Handschuh Concept Differential cryptanalysis
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationSimplified Adaptive Multiplicative Masking for AES
Simplified Adaptive Multiplicative Masking for AES Elena Trichina, Domenico De Seta, and Lucia Germani Cryptographic Design Center, Gemplus Technology R& D Via Pio Emanuelli, 0043 Rome, Italy {elena.trichina,domenico.deseta,lucia.germani}@gemplus.com
More informationImplementing Practical leakage-resilient symmetric cryptography. University of Illinois at Chicago, Technische Universiteit Eindhoven
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric
More informationA machine learning approach against a masked AES
J Cryptogr Eng (215) 5: 139 DOI 1.17/s13389-14-89-3 REGULAR PAPER A machine learning approach against a masked AES Reaching the limit of side-channel attacks with a learning model Liran Lerman Gianluca
More informationAttacking Embedded Systems through Power Analysis
Int. J. Advanced Networking and Applications 811 Attacking Embedded Systems through Power Analysis Dr. Sastry JKR, Department of Information Technology, K L University, Vaddeswaram, Guntur District 522502
More informationTwo Attacks on Reduced IDEA (Extended Abstract)
1 Two Attacks on Reduced IDEA (Extended Abstract) Johan Borst 1, Lars R. Knudsen 2, Vincent Rijmen 2 1 T.U. Eindhoven, Discr. Math., P.O. Box 513, NL-5600 MB Eindhoven, borst@win.tue.nl 2 K.U. Leuven,
More informationEffects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation
Air Force Institute of Technology AFIT Scholar Theses and Dissertations 9-13-2012 Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation Eric A. Koziel
More informationProgram Obfuscation with Leaky Hardware
Program Obfuscation with Leaky Hardware The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Bitansky,
More informationPractical Symmetric On-line Encryption
Practical Symmetric On-line Encryption Pierre-Alain Fouque, Gwenaëlle Martinet, and Guillaume Poupard DCSSI Crypto Lab 51 Boulevard de La Tour-Maubourg 75700 Paris 07 SP, France Pierre-Alain.Fouque@ens.fr
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationSide Channel Analysis of an Automotive Microprocessor
ISSC 2008, Galway. June 18 19 Side Channel Analysis of an Automotive Microprocessor Mark D. Hamilton, Michael Tunstall,EmanuelM.Popovici, and William P. Marnane Dept. of Microelectronic Engineering, Dept.
More informationPower Analysis Attacks of Modular Exponentiation in Smartcards
Power Analysis Attacks of Modular Exponentiation in Smartcards Thomas S. Messerges 1, Ezzy A. Dabbish 1, Robert H. Sloan 2,3 1 Motorola Labs, Motorola 1301 E. Algonquin Road, Room 2712, Schaumburg, IL
More informationRandomized Addition-Subtraction Chains as a Countermeasure against Power Attacks
Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks Elisabeth Oswald and Manfred Aigner Institute for Applied Information Processing and Communications Graz University of Technology,
More informationContinuous After-the-fact Leakage-Resilient Key Exchange (full version)
Continuous After-the-fact Leakage-Resilient Key Exchange (full version) Janaka Alawatugoda 1 Colin Boyd 3 Douglas Stebila 1,2 1 School of Electrical Engineering and Computer Science, Queensland University
More informationBehind the Scene of Side Channel Attacks Extended Version
Behind the Scene of Side Channel Attacks Extended Version Victor Lomné, Emmanuel Prouff, and Thomas Roche ANSSI 5, Bd de la Tour-Maubourg, 757 Paris 7 SP, France {firstname.lastname}@ssi.gouv.fr Abstract.
More informationD eepa.g.m 3 G.S.Raghavendra 4
Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Breaking Cryptosystem
More informationPrivate Circuits: Securing Hardware against Probing Attacks
Private Circuits: Securing Hardware against Probing Attacks Yuval Ishai, Amit Sahai, and David Wagner Technion Israel Institute of Technology, e-mail: yuvali@cs.technion.ac.il Princeton University, e-mail:
More informationCSC 5930/9010 Modern Cryptography: Digital Signatures
CSC 5930/9010 Modern Cryptography: Digital Signatures Professor Henry Carter Fall 2018 Recap Implemented public key schemes in practice commonly encapsulate a symmetric key for the rest of encryption KEM/DEM
More informationRSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS. John W. Barron, Captain, USAF AFIT/GE/ENG/12-02
RSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS John W. Barron, Captain, USAF AFIT/GE/ENG/12-02 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson
More informationSilent SIMON: A Threshold Implementation under 100 Slices
Silent SIMON: A Threshold Implementation under 1 Slices Aria Shahverdi, Mostafa Taha and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA 169, USA Email: {ashahverdi, mtaha, teisenbarth}@wpi.edu
More informationAn Efficient Privacy Preserving Keyword Search Scheme in Cloud Computing
An Efficient Privacy Preserving Keyword Search Scheme in Cloud Computing Qin Liu, Guojun Wang, and Jie Wu School of Information Science and Engineering Central South University Changsha 410083, Hunan Province,
More informationMcOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes
McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes Ewan Fleischmann Christian Forler Stefan Lucks Bauhaus-Universität Weimar FSE 2012 Fleischmann, Forler, Lucks. FSE 2012. McOE:
More information