advanced information security 6 side channel attacks dr. turki f. al-somani 2015
TRANSCRIPT
Advanced Information Security 6 SIDE CHANNEL ATTACKS
Dr. Turki F. Al-Somani2015
2
Module Outlines
Introduction to Side Channel Attacks Simple Analysis Attacks. Differential Analysis Attacks.
Types of Side Channel Attacks Power Analysis Attacks
Simple Power Analysis Attacks Differential Power Analysis Attacks.
Countermeasures Summary
3
Introduction
Security Against Side Channel Attacks
Every computing device acts also as a source of additional information called side channel leak information
There are many side channel attacks in the literature
FaultData-dependent
Power ConsumedOperation dependent
Data-and-operation dependent
Execution timeData-and-operation dependent
Magnetic fieldOperation dependent
Data-and-operation dependent
4
Introduction (Contd.)
Side Channel Attack (SCA) Simple: a single observation Differential: several observations used
together with statistical tools.
5
Examples of Side Channel Attacks Time Attack Power Analysis Attacks Electromagnetic Radiations Fault-Based (induced errors) Processor-Flag (overflow or carry flag) Hamming weight Thermal Analysis
6
Simple Power Analysis Attacks Security Against Side Channel Attacks
(a) Power consumption trace of ECC scalar multiplication.
(b) Power consumption trace of ECC point doubling operation.
7
Differential Power Analysis Attacks
8
Types of DPA Attacks
Refined Power Analysis (RPA) attacks: Exploits a special point with zero-value
such as (0, y) or (x, 0). Zero-value Point Attack (ZPA):
A generalization of RPA where it exploits any zero-value auxiliary register.
Doubling Attack (DA): Based on detecting when the same
operation is performed on the same operands.
9
Types of DPA Attacks
Address-bit DPA (ABDPA): Based on the idea that accessing the same
location is correlated to the scalar bit value. Projective Coordinates Leak (PCL):
Based on knowing the projective representation of a point obtained using a particular projective coordinate system.
More ..
10
ECC Scalar Multiplication
11
SPA Countermeasures
12
DPA Countermeasures
Randomization of the of the private exponent: Each execution of the algorithm Select a random No. and multiply it by the
total No. of EC points (point at infinity O). Add the result to d to have d’ Compute new Q multiplying d’ by P ECkdd #
13
DPA Countermeasures (Contd.) Blind the point P:
Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP
14
DPA Countermeasures (Contd.) Blind the point P:
Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP
15
Countermeasures – Cont.
Randomized projective coordinates: For new execution or also after each point addition and
doubling
),,(),,( ZYXZYX
16
PhD Thesis .. (2006)
17
Timing Attacks Paper (2006)
18
Power Analysis Attacks Paper (2008)
19
Survey Paper (2012)
20
Survey Paper (2012)
21
Another Survey Paper (2012)
22
Another Survey Paper (2012)
23
Buffer Paper .. (2013)
24
Patents
Turki F. Al-Somani, Method for Securing Scalar Multiplication aganist Simple Power Attacks, US 8,861,721 B2, 2014.
Turki F. Al-Somani, System and Method for Securing Scalar Multiplication aganist Differential Power Attacks US 8,804,952 B2, 2014.
Turki F. Al-Somani and M. K. Ibrahim, Method for Generic-Point Parallel Scalar Multiplication without Precomputations, US 8,755,517 B2, 2014.
Turki F. Al-Somani and Alaaeldin Amin, Method for elliptic curve scalar multiplication, U.S. 2012/0008780 A1, 2012 .
Turki F. Al-Somani and Ayman Fayomi, Method for Efficient Postcomputation-Based Generic-Point Parallel Scalar Multiplication (submitted in Dec 2012).
Hilal Hussain and Turki F. Al-Somani, Method for Securing Elliptic Curve Cryptography against Simple Power Attacks. (submitted in Dec 2012).
Hilal Hussain and Turki F. Al-Somani, Method for Securing Elliptic Curve Cryptography against Differential Power Attacks (submitted in Dec 2012).
Turki F. Al-Somani, Method for Elliptic Curve Scalar Multiplication using Reference Points (submitted in May 2012).
Turki F. Al-Somani, Method for Method for Securing Scalar Multiplication agaanist Power Analysis Attacks using Reference Points (submitted in May 2012).
25
Summary
Resistance against DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far.
To protect against the doubling attack, the projective coordinates should be randomized or a random field isomorphism should be used, while to protect against RPA and ZVP attacks, the base point P or the scalar multiplier k should be randomized.
Hence, to protect against all these recent DPA attacks, randomizing the scalar multiplier and randomizing the projective coordinates, for instance, can be applied together.
THANKS & GOOD LUCK
Dr. Turki F. Al-Somani2015