Breaking the Bitstream Decryption of FPGAs
|
|
- Rosalind Horton
- 6 years ago
- Views:
Transcription
1 Breaking the Bitstream Decryption of FPGAs 05. Sep Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany
2 Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi 2
3 Outline Side Channel Attacks (in general) DPA/CPA Xilinx Bitstream Encryption 3
4 Side Channel Attacks Physical attacks observing physical characteristics e.g., power consumption running time electromagnetic radiation of a cryptographic DEVICE usually divide and conquer scheme recovering the relation between the side channel leakage and processed data 4
5 How to Measure Side Channel Leakages Running Time > straightforward by a counter/timer Power Consumption a resistor, an oscilloscope 5
6 Differential Power Analysis (DPA) Classifying the power consumption values in two groups 6
7 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups 7
8 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox 8
9 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d 9
10 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d 10
11 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d 11
12 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power
13 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc
14 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB
15 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB [k=01] S 7d eb b6 41 ac eb 15
16 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB [k=01] S 7d eb b6 41 ac eb LSB
17 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB [k=01] S 7d eb b6 41 ac eb LSB [k=ff] S f LSB
18 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups power LSB 1, power LSB 0 p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB Diff. of Means [k=01] S 7d eb b6 41 ac eb LSB [k=ff] S f LSB
19 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups power LSB 1, power LSB 0 p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB Diff. of Means [k=01] S 7d eb b6 41 ac eb LSB [k=ff] S f LSB
20 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups power LSB 1, power LSB 0 p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB Diff. of Means [k=01] S 7d eb b6 41 ac eb LSB [k=ff] S f LSB
21 Differential Power Analysis (DPA) Classifying the power consumption values in two groups Comparing e.g., mean of the groups power LSB 1, power LSB 0 p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc LSB Diff. of Means [k=01] S 7d eb b6 41 ac eb LSB [k=ff] S f LSB
22 Correlation Power Analysis (CPA) hypothetical model for power consumption 22
23 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) 23
24 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox 24
25 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d 25
26 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d 26
27 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d 27
28 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power
29 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc
30 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc
31 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc [k=01] S 7d eb b6 41 ac eb 31
32 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc [k=01] S 7d eb b6 41 ac eb
33 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc [k=01] S 7d eb b6 41 ac eb [k=ff] S f
34 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc Correlation [k=01] S 7d eb b6 41 ac eb [k=ff] S f
35 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc Correlation [k=01] S 7d eb b6 41 ac eb [k=ff] S f
36 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc Correlation [k=01] S 7d eb b6 41 ac eb [k=ff] S f
37 Correlation Power Analysis (CPA) hypothetical model for power consumption compare the model with side channel leakage (power) p k Sbox p 12 3d 78 f9 ab 3d power [k=00] S c9 27 bc Correlation [k=01] S 7d eb b6 41 ac eb [k=ff] S f
38 Challenges Measurement quality Knowledge about the target device Mostly in evaluation labs (perfect situation) How about a real world scenario 38
39 Case Study: Xilinx Bitstream Encryption FPGAs = Reconfigurable Hardware Widely used in routers consumer products automotive, machinery military > million gates 39
40 Case Study: Xilinx Bitstream Encryption FPGAs = Reconfigurable Hardware Widely used in routers consumer products automotive, machinery military > million gates Config file Configuration loaded at power up bitstream Mbits 40
41 Bitstream/Configuration 41
42 Bitstream/Configuration PCB board SRAM FPGA 42
43 Bitstream/Configuration PCB board SRAM FPGA E2PROM 43
44 Bitstream/Configuration PCB board SRAM FPGA E2PROM Factory 44
45 Bitstream/Configuration PCB board SRAM FPGA Power up E2PROM Factory 45
46 Bitstream Encryption PCB board 46
47 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream SRAM FPGA 3DES AES Bitstream 47
48 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream SRAM FPGA 3DES AES DEC Bitstream 48
49 Bitstream Encryption FPGA Design Secret Keys Proprietary Algorithms IP Cores PCB board Bitstream SRAM FPGA 3DES AES DEC E2PROM Bitstream 49
50 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream SRAM FPGA 3DES AES DEC E2PROM Bitstream Factory Internet Firmware Update 50
51 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream SRAM FPGA DEC Power up E2PROM 3DES AES Bitstream Factory Internet Firmware Update 51
52 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream Attacker? = SRAM FPGA DEC Power up E2PROM 3DES AES Bitstream Factory Internet Firmware Update 52
53 Bitstream Encryption PCB board FPGA Design Secret Keys Proprietary Algorithms IP Cores Bitstream Attacker? = SRAM FPGA DEC Power up E2PROM 3DES AES Bitstream Factory Internet Firmware Update 53
54 Side Channel? PCB board DEC E2PROM 54
55 Side Channel? PCB board DEC E2PROM 55
56 Side Channel? VCC IO VCC AUX PCB board VCC INT DEC E2PROM 56
57 Side Channel? VCC IO VCC AUX PCB board VCC INT DEC E2PROM 57
58 Side Channel? VCC IO VCC AUX PCB board VCC INT DEC Power up E2PROM 58
59 Side Channel? VCC IO VCC AUX PCB board VCC INT DEC Power up E2PROM 59
60 Side Channel? VCC IO VCC AUX PCB board VCC INT DEC Power up E2PROM unencrypted bitstream E2PROM 60
61 Challenges structure analysis protocol analysis bit wise feeding the encrypted bitstream developing a sophisticated configuration device trigger signal start of each ciphertext block visual inspection 61
62 Some Figures 62
63 Some Figures 63
64 Bitstream Structural Analysis There are several documents by Xilinx on bistream structure but still some parts related to encryption stay unclear Analysis and comparison of plain and encrypted bitstream revealed that : The selection of the decryption key from the storage is readable Initialization Value of the CBC mode embedded in bitstream The decryption engine is enabled by a bitstream command Plain Encrypted 64
65 Decryption Timing Find the when the decryption takes place Must occur after at least a whole ciphertext block (64 bit) is in Should take place in less than 64 bits being sent in to match on-the-fly decryption Compare the power consumptions of encrypted and unencrypted bitstreams to reveal the time position The JTAG clock is driven by us We can freeze the programming process 65
66 Power Traces? 66
67 Power Traces? Ciphertext i 1 67
68 Power Traces? Ciphertext i 1 Ciphertext i 68
69 Power Traces? Ciphertext i 1 Ciphertext i Decryption (Ciphertext i 1 ) 69
70 Decryption Phase Two clock cycles after a ciphertext block is in, the decryption is performed Unencrypted bitstream Encrypted bitstream 70
71 Insulating the encryption engine Encryption engine far smaller than the whole FPGA circuit The device embeds a CPU (PowerPC403) in the fabric As the PPC is not used to perform the decryption, its power consumption is irrelevant for the analysis Since the PPC is clocked at 300MHz by an internal clock source, band-stop filtering the power traces removes its contribution 71
72 Zoomed Traces/Filtering Raw Filtered Timewise variance of 10k encryptions Raw Filtered 72
73 Power consumption/architecture hypotheses To successfully perform the attack, hypotheses on the decryption engine architecture must be made Switching activity of buffers storing intermediate values are good candidates for a power model DES cipher state buffer switching activity was modeled during a cipher round Switching activity conditioned by 6 bits of the key at a time was predicted (64 key hypotheses) Consumption model: switching activity of the round buffer 73
74 Assumed Internal Architecture 74
75 Assumed Internal Architecture Round based implementation of DES 75
76 Assumed Internal Architecture Round based implementation of DES Separate stage for initial and final permutation 76
77 Assumed Internal Architecture Round based implementation of DES Separate stage for initial and final permutation One round per crypto-engine clock cycle 77
78 Assumed Internal Architecture Round based implementation of DES Separate stage for initial and final permutation One round per crypto-engine clock cycle Internal 64 bit buffer stores cipher state 78
79 Architecture Hypothesis Validation Need to validate the architecture hypothesis before the attack 79
80 Architecture Hypothesis Validation Need to validate the architecture hypothesis before the attack Correlating to HW of Ciphertexts and output of each DES 80
81 Architecture Hypothesis Validation Need to validate the architecture hypothesis before the attack Correlating to HW of Ciphertexts and output of each DES Correlating to HD of consecutive round outputs 81
82 Final Attack Results Attack on 6 bits of the 1 st DES the key (round 1) 82
83 Final Attack Results Attack on 6 bits of the 1 st DES the key (round 1) The key is recoverable with ~ decryption power measures (less than a single bitstream decryption for almost all V2Pro devices) The attack is still possible with lowpass filtered and decimated traces up to 100MSa/s A single attack to recover 6 bits of a DES key takes a couple of seconds on a common desktop Complete 3DES key recovered in 2-3 minutes of computation 83
84 Final Attack Results Successful Side Channel attack estimating a very small part of the active digital logic Correlation power analysis is scale invariant, as long as there are correlated variations No explicit SCA countermeasures present, sheer size of the platform thought to be enough Proper filtering of the obtained signal removes non-relevant consumption Mainly security through obscurity Methodic reverse engineering leads to figuring out the structure 84
85 How about more recent devices V4, V5, S6? 85
86 Embedded Security Group Visual Inspection CLK normal ENC ECRYPT II Summer School: Challenges in Security Engineering Bochum 05. Sep Amir Moradi 86
87 Embedded Security Group Visual Inspection CLK normal ENC average over 10k traces ECRYPT II Summer School: Challenges in Security Engineering Bochum 05. Sep Amir Moradi 87
88 Embedded Security Group Filtering CLK zoom filter ENC peak extraction, AES 256 ECRYPT II Summer School: Challenges in Security Engineering Bochum 05. Sep Amir Moradi 88
89 Known Steps guessing the architecture guessing the power model known key scenario check their validity Finally after 3 months 89
90 Findings Architecture (AES 256) Bit flips in registers (Hamming distance) as the model 90
91 Model for Power Consumption Hamming Distance of state register R Problem: At least 64 bit hypothesis to attack power consumption of 32 bit leakage 91
92 Model for Power Consumption Exploit linearity 32 bit hypotheses to attack single bit power model Fine in theory, but can we detect the leakage of a single bit in practice? 92
93 The Attack 2 35 (= 34,359,738,368) keys to test 60,000 power traces 128 GiB of 32 bit floating point results Can be done but not practical on CPUs 93
94 GPUs for Power Analysis Used System 4x Nvidia Tesla C2070 GPUs Each one has 6 GB of RAM and 448 cores Clocked at 1.15 GHz HDD is not the bottleneck Full attack in around 4.5 hours (V4, 60k traces) 94
95 Result Virtex 4 60k traces Other Columns show similar results Virtex 5: The same attack works (6.5 hours, 90k traces) 95
96 Lessons Learned Bitstream encryption is vulnerable to SCA New modern CMOS technology can be attacked in practice (90nm/65nm/45nm) Reusing crypto cores simplifies analyses Attacks on 32 bit hypotheses are realistic threats GPUs are a nice tool for attacks where computation time dominates 96
97 Recent Results and ongoing Work Up to know, the broken devices: Virtex II pro Virtex 4 Virtex 5 Spartan 6 Actel (Microsemi) S. Skorobogatov, C. Woods Those which come soon or later Virtex 6 Kintex 7 Stratix II (Altera) 97
98 Thanks! Any questions? Embedded Security Group, Ruhr University Bochum, Germany
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel?
Side-Channel Countermeasures for Hardware: is There a Light at the End of the Tunnel? 11. Sep 2013 Ruhr University Bochum Outline Power Analysis Attack Masking Problems in hardware Possible approaches
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationKeeLoq and Side-Channel Analysis Evolution of an Attack
KeeLoq and Side-Channel Analysis Evolution of an Attack Christof Paar, Thomas Eisenbarth, Markus Kasper, Timo Kasper and Amir Moradi Chair for Embedded Security Electrical Engineering and Information Sciences
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationCryptanalysis of KeeLoq with COPACOBANA
Cryptanalysis of KeeLoq with COPACOBANA Martin Novotný 1 and Timo Kasper 2 1 Faculty of Information Technology Czech Technical University in Prague Kolejní 550/2 160 00 Praha 6, Czech Republic email: novotnym@fit.cvut.cz
More informationSide-Channel Security Analysis of Ultra-Low-Power FRAM-based MCUs
Side-Channel Security Analysis of Ultra-Low-Power FRAM-based MCUs Amir Moradi and Gesine Hinterwälder Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany {amir.moradi, gesine.hinterwaelder}@rub.de
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationOn the Simplicity of Converting Leakages from Multivariate to Univariate
On the Simplicity of Converting Leakages from Multivariate to Univariate 21. Aug. 2013, Oliver Mischke Embedded Security Group + Hardware Security Group Ruhr University Bochum, Germany Outline Definitions,
More informationPower Analysis Attacks against FPGA Implementations of the DES
Power Analysis Attacks against FPGA Implementations of the DES François-Xavier Standaert 1, Sıddıka Berna Örs2, Jean-Jacques Quisquater 1, Bart Preneel 2 1 UCL Crypto Group Laboratoire de Microélectronique
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationData Encryption Standard
ECE 646 Lecture 7 Data Encryption Standard Required Reading W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationSIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI THE CEA Military Applications Division (DAM) Nuclear Energy Division (DEN) Technological Research Division
More informationCountermeasures against EM Analysis
Countermeasures against EM Analysis Paolo Maistri 1, SebastienTiran 2, Amine Dehbaoui 3, Philippe Maurine 2, Jean-Max Dutertre 4 (1) (2) (3) (4) Context Side channel analysis is a major threat against
More informationThe Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance
2013.12.7 DLSI International Symposium The Design and Evaluation Methodology of Dependable VLSI for Focusing on the security of hardware modules - Tamper resistant cryptographic circuit - Evaluation tools
More informationData Encryption Standard
ECE 646 Lecture 6 Data Encryption Standard Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationIntroduction to Field Programmable Gate Arrays
Introduction to Field Programmable Gate Arrays Lecture 1/3 CERN Accelerator School on Digital Signal Processing Sigtuna, Sweden, 31 May 9 June 2007 Javier Serrano, CERN AB-CO-HT Outline Historical introduction.
More informationE-Passport: Cracking Basic Access Control Keys with COPACOBANA
E-Passport: Cracking Basic Access Control Keys with COPACOBANA Yifei Liu, Timo Kasper, Kerstin Lemke-Rust and Christof Paar Communication Security Group Ruhr University Bochum, Germany http://www.crypto.rub.de
More informationAdvanced Encryption Standard / Rijndael IP Core. Author: Rudolf Usselmann
Advanced Encryption Standard / Rijndael IP Core Author: Rudolf Usselmann rudi@asics.ws www.asics.ws Rev. 1.1 November 12, 2002 Revision History Rev. Date Author Description 1.0 11/9/02 Rudolf Usselmann
More informationOn the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting Amir Moradi 1, Oliver Mischke 1, Christof Paar 1, Yang Li 2, Kazuo Ohta 2, and Kazuo Sakiyama 2 1 Horst
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationHiding Higher-Order Leakages in Hardware
Hiding Higher-Order Leakages in Hardware 21. May 2015 Ruhr-Universität Bochum Acknowledgement Pascal Sasdrich Tobias Schneider Alexander Wild 2 Story? Threshold Implementation should be explained? 1 st
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationSecure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs
Secure and Efficient Implementation of Symmetric Encryption Schemes using FPGAs François-Xavier Standaert U rypto Group, fstandae@uclouvain.be Summary. Due to its potential to greatly accelerate a wide
More informationAccelerating Correlation Power Analysis Using Graphics Processing Units (GPUs)
Accelerating Correlation Power Analysis Using Graphics Processing Units (GPUs) Hasindu Gamaarachchi, Roshan Ragel Department of Computer Engineering University of Peradeniya Peradeniya, Sri Lanka hasindu8@gmailcom,
More informationHardware Security. Debdeep Mukhopadhyay
Hardware Security Debdeep Mukhopadhyay Secured Embedded Architecture Laboratory (SEAL) Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Kharagpur, West Bengal, INDIA
More informationA Defense Mechanism for Differential Power Analysis Attack in AES
Journal of Computer Science Original Research Paper A Defense Mechanism for Differential Power Analysis Attack in AES 1 M. Rajaramand 2 J. Vijaya 1 Anna University, Chennai, India 2 Vice Chancellor, Anna
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationApplying TVLA to Public Key Cryptographic Algorithms. Michael Tunstall Gilbert Goodwill
Applying TVLA to Public Key Cryptographic Algorithms Michael Tunstall Gilbert Goodwill Introduction Test Vector Leakage Assessment (TVLA) was proposed in 2012 Efficient in evaluating the presence of leakage
More informationNon-Profiled Deep Learning-Based Side-Channel Attacks
Non-Profiled Deep Learning-Based Side-Channel Attacks Benjamin Timon UL Transaction Security, Singapore benjamin.timon@ul.com Abstract. Deep Learning has recently been introduced as a new alternative to
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationINTRODUCTION TO FPGA ARCHITECTURE
3/3/25 INTRODUCTION TO FPGA ARCHITECTURE DIGITAL LOGIC DESIGN (BASIC TECHNIQUES) a b a y 2input Black Box y b Functional Schematic a b y a b y a b y 2 Truth Table (AND) Truth Table (OR) Truth Table (XOR)
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationSide-Channel Protections for Cryptographic Instruction Set Extensions
Side-Channel Protections for Cryptographic Instruction Set Extensions Sami Saab, Pankaj Rohatgi, and Craig Hampel Rambus Cryptography Research Division 425 Market St Fl 11 San Francisco CA 94105 2496 {firstname}.{lastname}@cryptography.com
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationFault Sensitivity Analysis
Fault Sensitivity Analysis Yang Li, Kazuo Sakiyama, Shigeto Gomisawa, Kazuo Ohta The University of Electro-Communications liyang@ice.uec.ac.jp Toshinori Fukunaga, Junko Takahashi NTT Information Sharing
More informationSide Channel Analysis of an Automotive Microprocessor
ISSC 2008, Galway. June 18 19 Side Channel Analysis of an Automotive Microprocessor Mark D. Hamilton, Michael Tunstall,EmanuelM.Popovici, and William P. Marnane Dept. of Microelectronic Engineering, Dept.
More informationField Program mable Gate Arrays
Field Program mable Gate Arrays M andakini Patil E H E P g r o u p D H E P T I F R SERC school NISER, Bhubaneshwar Nov 7-27 2017 Outline Digital electronics Short history of programmable logic devices
More informationSmart card Power Analysis: From Theory To Practice
Smart card Power Analysis: From Theory To Practice João Lopes and Ricardo Chaves INESC-ID, Instituto Superior Técnico, Universidade Lisboa Email: joao.c.lopes@tecnico.ulisboa.pt, Ricardo.Chaves@inesc-id.pt
More informationBasic FPGA Architectures. Actel FPGAs. PLD Technologies: Antifuse. 3 Digital Systems Implementation Programmable Logic Devices
3 Digital Systems Implementation Programmable Logic Devices Basic FPGA Architectures Why Programmable Logic Devices (PLDs)? Low cost, low risk way of implementing digital circuits as application specific
More informationCorrelated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher
Correlated Power Noise Generator as a Low Cost DPA Countermeasures to Secure Hardware AES Cipher Najeh Kamoun 1, Lilian Bossuet 2, and Adel Ghazel 1 1 CIRTA COM, SUP COM 2 IMS, University of Bordeaux Tunis,
More informationClock Glitch Fault Injection Attacks on an FPGA AES Implementation
Journal of Electrotechnology, Electrical Engineering and Management (2017) Vol. 1, Number 1 Clausius Scientific Press, Canada Clock Glitch Fault Injection Attacks on an FPGA AES Implementation Yifei Qiao1,a,
More informationCOPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS. Ben Johnstone
COPACOBANA: RECONFIGURABLE COMPUTING IN CRYPTANALYSIS Ben Johnstone Overview Goals Architecture DES Performance Conclusion What is COPACOBANA? Cost Optimized Parallel Code Breaker History Developed at
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationEfficient DPA Attacks on AES Hardware Implementations
I. J. Communications, Network and System Sciences. 008; : -03 Published Online February 008 in SciRes (http://www.srpublishing.org/journal/ijcns/). Efficient DPA Attacks on AES Hardware Implementations
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationCorrelated Power Noise Generator as a Low Cost DPA Countermeasure to Secure Hardware AES Cipher
Author manuscript, published in "Proceeding of the 3rd IEEE International Conference on Signals, Circuits and Systems, SCS 2009, pp. 1-6, Djerba, Tunisa, November 2009., Tunisia (2009)" Correlated Power
More informationProgrammable Logic Devices FPGA Architectures II CMPE 415. Overview This set of notes introduces many of the features available in the FPGAs of today.
Overview This set of notes introduces many of the features available in the FPGAs of today. The majority use SRAM based configuration cells, which allows fast reconfiguation. Allows new design ideas to
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationThreshold Implementations of the Present Cipher
Threshold Implementations of the Present Cipher by Mohammad Farmani A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements for the Degree of
More informationPerformance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers
Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sören Rinne, Thomas Eisenbarth, and Christof Paar Horst Görtz Institute for IT Security Ruhr-Universität Bochum,
More informationSecure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationCorrelation-Enhanced Power Analysis Collision Attack
Correlation-Enhanced Power Analysis Collision Attack Amir Moradi 1, Oliver Mischke 1, and Thomas Eisenbarth 2 1 Horst Görtz Institute for IT Security Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationFPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES
, suitable for DFA on AES Jonas Krautter, Dennis R.E. Gnad, Mehdi B. Tahoori 10.09.2018 INSTITUTE OF COMPUTER ENGINEERING CHAIR OF DEPENDABLE NANO COMPUTING KIT Die Forschungsuniversität in der Helmholtz-Gemeinschaft
More informationON PRACTICAL RESULTS OF THE DIFFERENTIAL POWER ANALYSIS
Journal of ELECTRICAL ENGINEERING, VOL. 63, NO. 2, 212, 125 129 COMMUNICATIONS ON PRACTICAL RESULTS OF THE DIFFERENTIAL POWER ANALYSIS Jakub Breier Marcel Kleja This paper describes practical differential
More informationDesign Techniques for Side-channel Resistant Embedded Software
Design Techniques for Side-channel Resistant Embedded Software Ambuj Sudhir Sinha Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the
More informationA PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS
Bulletin of the Transilvania University of Braşov Series I: Engineering Sciences Vol. 6 (55) No. 2-2013 A PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS C.L.
More informationOutline. Embedded Security. Black-box Security. B. Gierlichs CryptArchi, Trégastel, June 2008
Outline Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration Nele Mentens 1,2, Benedikt Gierlichs 1, Ingrid Verbauwhede 1 1 K.U. Leuven, ESAT/SCD-Cosic 2 KH Limburg, IWT firstname.lastname@esat.kuleuven.be
More informationEfficient Practical Key Recovery for Side- Channel Attacks
Aalto University School of Science Degree Programme in Security and Mobile Computing Kamran Manzoor Efficient Practical Key Recovery for Side- Channel Attacks Master s Thesis Espoo, June 30, 2014 Supervisors:
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationFPGA VHDL Design Flow AES128 Implementation
Sakinder Ali FPGA VHDL Design Flow AES128 Implementation Field Programmable Gate Array Basic idea: two-dimensional array of logic blocks and flip-flops with a means for the user to configure: 1. The interconnection
More informationSide-Channel Attack against RSA Key Generation Algorithms
Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information
More informationELECTRONICS DEPARTMENT
ELECTRONICS DEPARTMENT By Eng. 28 th Mar MUSTAFA 2012 M. Efficient SHIPLEImplementation of AES Algorithm Immune to DPA Attack Cryptography processing plaintext cipher text format Block Cipher Stream Cipher
More informationOnce upon a time... A first-order chosen-plaintext DPA attack on the third round of DES
A first-order chosen-plaintext DPA attack on the third round of DES Oscar Reparaz, Benedikt Gierlichs KU Leuven, imec - COSIC CARDIS 2017 Once upon a time... 14 November 2017 Benedikt Gierlichs - DPA on
More informationSecond-Order Power Analysis Attacks against Precomputation based Masking Countermeasure
, pp.259-270 http://dx.doi.org/10.14257/ijsh.2016.10.3.25 Second-Order Power Analysis Attacks against Precomputation based Masking Countermeasure Weijian Li 1 and Haibo Yi 2 1 School of Computer Science,
More informationEM Analysis in the IoT Context: Lessons Learned from an Attack on Thread
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1, Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationSIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)
SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM) A Major Qualifying Project Report Submitted to the Faculty of WORCESTER POLYTECHNIC INSTITUTE By Zachary Goddard Nicholas LaJeunesse 1 Abstract While
More informationECE-493 Final Paper. Differential Power Analysis Testbed
ECE-493 Final Paper Differential Power Analysis Testbed Differential power analysis is a type of side channel attack used to compromise a cryptographically secure system by obtaining the secret key the
More informationSusceptibility of estream Candidates towards Side Channel Analysis
Susceptibility of estream Candidates towards Side Channel Analysis Benedikt Gierlichs 1, Lejla Batina 1, Christophe Clavier 2, Thomas Eisenbarth 3, Aline Gouget 4, Helena Handschuh 5, Timo Kasper 3, Kerstin
More informationLecture 41: Introduction to Reconfigurable Computing
inst.eecs.berkeley.edu/~cs61c CS61C : Machine Structures Lecture 41: Introduction to Reconfigurable Computing Michael Le, Sp07 Head TA April 30, 2007 Slides Courtesy of Hayden So, Sp06 CS61c Head TA Following
More informationInvestigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures
Investigation of a Masking Countermeasure against Side-Channel Attacks for RISC-based Processor Architectures L. BARTHE, P. BENOIT, L. TORRES LIRMM - CNRS - University of Montpellier 2 FPL 10 - Tuesday
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationIntroduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014
Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014 Page 1 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers Permutation ciphers
More informationHow Far Should Theory be from Practice?
How Far Should Theory be from Practice? Evaluation of a Countermeasure Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi,mischke}@crypto.rub.de
More informationRiceNIC. Prototyping Network Interfaces. Jeffrey Shafer Scott Rixner
RiceNIC Prototyping Network Interfaces Jeffrey Shafer Scott Rixner RiceNIC Overview Gigabit Ethernet Network Interface Card RiceNIC - Prototyping Network Interfaces 2 RiceNIC Overview Reconfigurable and
More informationLowering the Bar: Deep Learning for Side Channel Analysis. Guilherme Perin, Baris Ege, Jasper van December 4, 2018
Lowering the Bar: Deep Learning for Side Channel Analysis Guilherme Perin, Baris Ege, Jasper van Woudenberg @jzvw December 4, 2018 1 Before Signal processing Leakage modeling 2 After 3 Helping security
More informationExperiments in Attacking FPGA-Based Embedded Systems using Differential Power Analysis
Experiments in Attacking FPGA-Based Embedded Systems using Differential Power Analysis Song Sun Zijun Yan Joseph Zambreno Dept. of Electrical and Computer Engineering Iowa State University Ames, IA 50011
More informationFPGA for Complex System Implementation. National Chiao Tung University Chun-Jen Tsai 04/14/2011
FPGA for Complex System Implementation National Chiao Tung University Chun-Jen Tsai 04/14/2011 About FPGA FPGA was invented by Ross Freeman in 1989 SRAM-based FPGA properties Standard parts Allowing multi-level
More informationOCB3 Block Specification
OCB3 Block Specification Version 1.0.07.04.2010 By Tariq Bashir Ahmad Supervisors: Guy Hutchison Professor Phillip Rogaway 1 1 Introduction and Overview OCB3 (Offset Code Book 3) is an authenticated encryption
More informationENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions
ENEE 457: Computer Systems Security 09/12/16 Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions Charalampos (Babis) Papamanthou Department of Electrical and Computer
More informationA Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua CHEN
2017 International Conference on Computer, Electronics and Communication Engineering (CECE 2017) ISBN: 978-1-60595-476-9 A Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationL2: FPGA HARDWARE : ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA
L2: FPGA HARDWARE 18-545: ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA 18-545: FALL 2014 2 Admin stuff Project Proposals happen on Monday Be prepared to give an in-class presentation Lab 1 is
More informationOn the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme Thomas Eisenbarth 1,TimoKasper 1, Amir Moradi 2,, Christof Paar 1, Mahmoud Salmasizadeh 2, and Mohammad
More information