Documente Academic
Documente Profesional
Documente Cultură
researchers started working on SCA between 1996-1999 as a war between cryptographers and cryptanalysts Tzu, The Art of War: In war, avoid what is strong and attack what is weak
Crypto
Sun
Are side channel attacks new? There is nothing new under the sun
Spy letters with invisible ink identified by torn fibers Secret notes torn from a writing pad read from page below Tempest attack on phone lines during WW1 Finding spy receivers in London during 1950s Breaking Egyptian rotor machines with acoustic attack Trojaned equipment: sold Enigmas after WW2, CRYPTO AG
Externally supplied power and communication links Vulnerable to probing with microwave radiation EM and acoustic and eavesdropping attacks Vulnerable to fault attacks (bribes, blackmail) Many SCAs invented and perfected in this environment
It covers many topics related to the design and analysis of cryptosystems Side channel attacks (especially tempest) is extensively covered Surprisingly, there is absolutely no mention of public key cryptography in any of the titles
A cryptosystem is a mathematical function Its security is a mathematical theorem Protocols are interacting Turing Machines A dishonest party can do anything, but an honest party does ONLY what it is supposed to do
The standard model of cryptography is increasingly problematic due to the existence of SCAs Many scenarios today do not fit our assumptions However, there is little theoretical analysis of SCAs in academic research papers
For 20 years I have studied the provable properties of the RSA function: Bit security, relationship to factoring, reductions, RSA vs Rabin, provably secure applications RSA seemed to be very robust and well understood In 1996: Boneh Demillo and Lipton proved that in RSACRT, making any single computational mistake completely breaks the scheme by factoring the public key This exposes the incredible fragility of cryptosystems
Each attack utilized a completely different approach Each countermeasure works only against a specific attack We have no way to predict the next attack and protecting against all conceivable attacks is impossible
We do not know all the possible attacks, but the number of completely different ideas seems to be very limited New attacks are often only of theoretical interest Most of the attacks can be overcome in principle by the common strategy of having sufficiently many rounds, and having large margins of safety against known attacks
choose a good cryptosystem such as AES which resist all the classical cryptanalytic attacks let us implement them in a way that avoids the known side channel attacks Implementors often do not know the choice of platform, or it can change over time, but the countermeasures (e.g., against timing or cache attacks) can depend on the microprocessor
Separately,
Problem:
Longer keys are more vulnerable to timing attacks Larger s-boxes are more vulnerable to cache attacks A large variety of different types of operations makes it easier to apply simple power analysis
To build a strong block cipher, compose a large number of weak steps. This ignores the fact that intermediate values may leak out, and weak steps are easy to analyze
Use only large chunks of key and data (e.g., 64 bits) to make it harder to exploit Hamming weight info and to exhaustively search for explanations for partially exposed intermediate values Use in a better way the inherent parallelism of modern microprocessors Ask Intel to add a dedicated security coprocessor to implement AES/RSA in its future microprocessors
Timing attacks provide only a few bits of data, and are the easiest to avoid Probing attacks on smart cards typically record few wires Differential power analysis ignores most of the data, looking just for differences in behavior between averages Simple power analysis provides a huge amount of data, but we do not currently know how to exploit it. I expect a lot of progress in this area in the next few years
Hash functions have no secrets Collisions are not likely to be known by anyone
Quantum cryptography Its main claim for fame is its perfect provable security At least two attacks described so far, and others are likely:
Acoustic attack Light pulse attack
If found, they can make this expensive and cumbersome solution unattractive
There is new emphasis now on larger systems such as PCs There is some initial interest in tiny systems such as RFID tags
Example: How can we apply a lunchtime power analysis attack to desktop PCs ?
The attacker cannot easily cut the power cord or open the box
A possible solution: the USB connector It supplies both power and data to external devices Many security programs control the USB connection
The real-time signal of USB power at 294 KHz during OPENSSL decryption
Cache Attacks:
A new family of side-channel attacks, developed simultaneously in 2005/6 by: Bernstein (basic idea, partial AES key recovery) Percival (attack on RSA) Osvik Shamir and Tromer (full attack on AES)
Cache Attacks:
(e.g., full AES key extraction from Linux encrypted file system in 65 ms; require only the ability to run code in parallel on the target machine) NSA Compromise otherwise well-secured systems US Pa t (e.g., VPNs using AES) 6,922 ent ,774
Can be used to attack virtualized machines (e.g., jail(), Xen, UML, Virtual PC, VMware) using untrusted code (e.g., ActiveX, Java applets, managed .NET, JavaScript)
CPU
CPU core
(60% speed increase per year)
DRAM
cache
DRAM
cache
DRAM
T0
cache
DRAM
1. Completely evict tables from cache 2. Trigger a single encryption DRAM cache
T0
1. Completely evict tables from cache 2. Trigger a single encryption 3. Access attacker memory again and see which cache sets are slow DRAM cache
T0
Experimental example
Measuring a Linux 2.6.11 dm-crypt encrypted filesystem with ECB AES on Athlon 64, using 30,000 samples. Horizontal axis: evicted cache set Vertical axis: p[0] Brightness: encryption time (normalized) Left: raw. Right: after subtracting cache set average.
RFID tag is a very simple computer, usually associate with a physical object Tags communicate with a powerful reader over a wireless link EPC tags: passive tags, radiatively coupled, 900MHz, read/write memory
reader has a powerful antenna and an external power supply The reader surrounds itself with an electromagnetic field The tag is illuminated by this field
Tag
Reader
reader sends commands to the tag via pulse amplitude modulation The tag sends responses to the reader via backscatter modulation
Tag
Reader
RF power reflected by an RFID tag is dependent on its internal power consumption This property allows power analysis attacks to be performed over a distance in a completely passive way In the short term, it can be used to extract the kill or access passwords of EPC tags
send the password to a secure device bit by bit The first wrong bit is very exciting Allows password to be recovered in linear time
shows the signal reflected from a Generation 1 tag during a kill command Tag is supposed to be completely silent Is it? Lets zoom in
Power Time
distinctive saw-tooth pattern is added by the tag to the clean reader signal Probably caused by tags power extraction circuit We can show that thirsty tags reflect more power
power supply from consumers Compatible with current RF front ends Often used in embassies
Power Extraction
Tag Logic
Summary:
New
types of side channel attacks are found and published every few months. Recent discoveries of side channel attacks far outnumber those of classical cryptanalytic attacks are much more practically significant than classical attacks, but they are receiving less attention, especially by the theoretical and academic communities should completely rethink the issues of how to develop and implement new crypto applications
SCAs
We
Thank you!