• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 31
  • 10
  • 3
  • 2
  • 1
  • 1
  • Tagged with
  • 67
  • 67
  • 67
  • 22
  • 21
  • 21
  • 19
  • 18
  • 18
  • 17
  • 16
  • 13
  • 12
  • 12
  • 11
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
61

Security of cryptosystems against power-analysis attacks / Sécurité des schémas cryptographiques contre les attaques par canaux auxiliaires

Belaïd, Sonia 22 October 2015 (has links)
Les attaques par canaux auxiliaires sont les attaques les plus efficaces contre les systèmes cryptographiques. Alors que les attaques classiques n’exploitent que les entrées et sorties des algorithmes cryptographiques, les attaques par canaux auxiliaires utilisent également les fuites physiques du composant sous-jacent. Dans cette thèse, nous nous intéressons aux attaques par canaux auxiliaires qui exploitent la consommation de courant des composants pour retrouver les clefs secrètes. Ces attaques sont désignées par le terme attaques par analyse de courant. La majorité des attaques par analyse de courant existantes repose sur l’observation de variables dépendant uniquement de quelques bits de secret avec la stratégie diviser-pour-régner. Dans cette thèse, nous exhibons de nouvelles attaques qui exploitent l’observation de variables intermédiaires largement dépendantes de grands secrets. Notamment, nous montrons qu’en observant uniquement la fuite physique du résultat d’une multiplication de Galois entre une clef secrète de 128 bits et plusieurs messages connus, nous pouvons en déduire un système d’équations avec erreurs puis retrouver cette clef secrète. En parallèle, nous nous intéressons aux deux contre-mesures algorithmiques les plus répandues contre ces attaques par analyse de courant : les fonctions intrinsèquement résistantes aux fuites physiques et les schémas de masquage. Dans un premier temps, nous définissons un schéma de chiffrement résistant aux fuites physiques qui repose sur un rafraîchissement régulier de la clef secrète. Nous prouvons la sécurité de ce schéma dans le modèle de cryptographie résistante aux fuites (en anglais, leakage-resilient cryptography). Dans un second temps, nous construisons, à l’aide des méthodes formelles, un outil permettant de vérifier automatiquement la sécurité d’implémentations masquées. Nous exhibons également de nouvelles propriétés de sécurité, ainsi que des propriétés de composition qui nous permettent de générer une implémentation masquée à n’importe quel ordre à partir d’une implémentation non protégée. Finalement, nous présentons une étude de comparaison entre ces deux contre-mesures algorithmiques dans le but d’aider les experts industriels à déterminer la meilleure protection à intégrer dans leurs produits en fonction de leurs contraintes en termes de sécurité et de performances. / Side-channel attacks are the most efficient attacks against cryptosystems. While the classical blackbox attacks only exploit the inputs and outputs of cryptographic algorithms, side-channel attacks also get use of the physical leakage released by the underlying device during algorithms executions. In this thesis, we focus on one kind of side-channel attacks which exploits the power consumption of the underlying device to recover the algorithms secret keys. They are gathered under the term power-analysis attacks. Most of the existing power-analysis attacks rely on the observations of variables which only depend on a few secret bits using a divide-and-conquer strategy. In this thesis, we exhibit new kinds of attacks which exploit the observation of intermediate variables highly dependent on huge secrets. In particular, we show how to recover a 128-bit key by only recording the leakage of the Galois multiplication’s results between several known messages and this secret key. We also study two commonly used algorithmic countermeasures against side-channel attacks: leakage resilience and masking. On the one hand, we define a leakage-resilient encryption scheme based on a regular update of the secret key and we prove its security. On the other hand, we build, using formal methods, a tool to automatically verify the security of masked algorithms. We also exhibit new security and compositional properties which can be used to generate masked algorithms at any security order from their unprotected versions. Finally, we propose a comparison between these two countermeasures in order to help industrial experts to determine the best protection to integrate in their products, according to their constraints in terms of security and performances.
62

Side-channel and fault analysis in the presence of countermeasures : tools, theory, and practice / Canaux cachés et attaques par injection de fautes en présence de contre-mesures : outils, théorie et pratique

Korkikian, Roman 27 October 2016 (has links)
Dans cette thèse nous développons et améliorons des attaques de systèmes cryptographiques. Un nouvel algorithme de décomposition de signal appelé transformation de Hilbert-Huang a été adapté pour améliorer l’efficacité des attaques parcanaux auxiliaires. Cette technique permet de contrecarrer certaines contre-mesures telles que la permutation d’opérations ou l’ajout de bruit à la consommation de courant. La seconde contribution de ce travail est l’application de certaines distributions statistiques de poids de Hamming à l’attaque d’algorithmes de chiffrement par bloc tels que AES, DES ou LED. Ces distributions sont distinctes pour chaque valeur de sous-clef permettent donc de les utiliser comme modèles intrinsèques. Les poids de Hamming peuvent être découverts par des analyses de canaux auxiliaires sans que les clairs ni les chiffrés ne soient accessibles. Cette thèse montre que certaines contremesures peuvent parfois faciliter des attaques. Les contre-mesures contagieuses proposées pour RSA protègent contre les attaques par faute mais ce faisant et moyennant des calculs additionnels facilitent la découverte de la clef. Finalement, des contre-mesures à faible complexité calculatoire sont proposées. Elles sont basées sur le masquage antagoniste, c’est-à-dire, l’exécution d’une opération d’équilibrage sur des données sensibles pour masquer la consommation de courant. / The goal of the thesis is to develop and improve methods for defeating protected cryptosystems. A new signal decompositionalgorithm, called Hilbert Huang Transform, was adapted to increase the efficiency of side-channel attacks. This technique attempts to overcome hiding countermeasures, such as operation shuffling or the adding of noise to the power consumption. The second contribution of this work is the application of specific Hamming weight distributions of block cipher algorithms, including AES, DES, and LED. These distributions are distinct for each subkey value, thus they serve as intrinsic templates. Hamming weight data can be revealed by side-channel and fault attacks without plaintext and ciphertext. Therefore these distributions can be applied against implementations where plaintext and ciphertext are inaccessible. This thesis shows that some countermeasures serve for attacks. Certain infective RSA countermeasures should protect against single fault injection. However, additional computations facilitate key discovery. Finally, several lightweight countermeasures are proposed. The proposed countermeasures are based on the antagonist masking, which is an operation occurring when targeting data processing, to intelligently mask the overall power consumption.
63

Security analysis for pseudo-random number generators / Analyse de sécurité pour les générateurs de nombre pseudo-aléatoires

Ruhault, Sylvain 30 June 2015 (has links)
La génération d’aléa joue un rôle fondamental en cryptographie et en sécurité. Des nombres aléatoires sont nécessaires pour la production de clés cryptographiques ou de vecteurs d’initialisation et permettent également d’assurer que des protocoles d’échange de clé atteignent un niveau de sécurité satisfaisant. Dans la pratique, les bits aléatoires sont générés par un processus de génération de nombre dit pseudo-aléatoire, et dans ce cas, la sécurité finale du système dépend de manière cruciale de la qualité des bits produits par le générateur. Malgré cela, les générateurs utilisés en pratique ne disposent pas ou peu d’analyse de sécurité permettant aux utilisateurs de connaître exactement leur niveau de fiabilité. Nous fournissons dans cette thèse des modèles de sécurité pour cette analyse et nous proposons des constructions prouvées sûres et efficaces qui répondront à des besoins de sécurité forts. Nous proposons notamment une nouvelle notion de robustesse et nous étendons cette propriété afin d’adresser les attaques sur la mémoire et les attaques par canaux cachés. Sur le plan pratique, nous effectuons une analyse de sécurité des générateurs utilisés dans la pratique, fournis de manière native dans les systèmes d’exploitation (/dev/random sur Linux) et dans les librairies cryptographiques (OpenSSL ou Java SecureRandom) et nous montrons que ces générateurs contiennent des vulnérabilités potentielles. / In cryptography, randomness plays an important role in multiple applications. It is required in fundamental tasks such as key generation and initialization vectors generation or in key exchange. The security of these cryptographic algorithms and protocols relies on a source of unbiased and uniform distributed random bits. Cryptography practitioners usually assume that parties have access to perfect randomness. However, quite often this assumption is not realizable in practice and random bits are generated by a Pseudo-Random Number Generator. When this is done, the security of the scheme depends of course in a crucial way on the quality of the (pseudo-)randomness generated. However, only few generators used in practice have been analyzed and therefore practitioners and end users cannot easily assess their real security level. We provide in this thesis security models for the assessment of pseudo-random number generators and we propose secure constructions. In particular, we propose a new definition of robustness and we extend it to capture memory attacks and side-channel attacks. On a practical side, we provide a security assessment of generators used in practice, embedded in system kernel (Linux /dev/random) and cryptographic libraries (OpenSSL and Java SecureRandom), and we prove that these generators contain potential vulnerabilities.
64

Use of simulators for side-channel analysis: Leakage detection and analysis of cryptographic systems in early stages of development

Veshchikov, Nikita 23 August 2017 (has links) (PDF)
Cryptography is the foundation of modern IT security,it provides algorithms and protocols that can be usedfor secure communications. Cryptographic algorithmsensure properties such as confidentiality and data integrity.Confidentiality can be ensured using encryption algorithms.Encryption algorithms require a secret information called a key.These algorithms are implemented in cryptographic devices.There exist many types of attacks against such cryptosystems,the main goal of these attacks is the extraction of the secret key.Side-channel attacks are among the strongest types of attacksagainst cryptosystems. Side-channel attacks focus on the attacked device, they measure its physicalproperties in order to extract the secret key. Thus, these attacks targetweaknesses in an implementation of an algorithm rather than the abstract algorithm itself.Power analysis is a type of side-channel attacks that can be used to extract a secretkey from a cryptosystem through the analysis of its power consumption whilethe target device executes an encryption algorithm. We can say that the secret information is leaking from the device through itspower consumption. One of the biggest challenges in the domain of side-channel analysisis the evaluation of a device from the perspective of side-channel attacksor in other words the detection of information leakage.A device can be subject to several sources of information leakageand it is actually relatively easy to find just one side-channel attack that works(by exploiting just one source of leakage),however it is very difficult to find all sources of information leakage or to show that there is no information leakage in the givenimplementation of an encryption algorithm. Evaluators use various statistical tests during the analysis of a cryptographic device to checkthat it does not leak the secret key. However, in order to performsuch tests the evaluation lab needs the device to acquire the measurementsand analyse them. Unfortunately, the development process of cryptographicsystems is rather long and has to go through several stages. Thus, an information leakagethat can lead to a side-channel attackcan be discovered by an evaluation lab at the very last stage using the finalproduct. In such case, the whole process has to be restarted in order to fix the issue,this can lead to significant time and budget overheads. The rationale is that developers of cryptographic systems would like to be able to detect issues related to side-channel analysis during the development of the system,preferably on the early stages of its development. However, it is far from beinga trivial task because the end product is not yet available andthe nature of side-channel attacks is such that it exploits the properties ofthe final version of the cryptographic device that is actually available to the end user. The goal of this work is to show how simulators can be used for the detection of issues related to side-channel analysis during the development of cryptosystems.This work lists the advantages of simulators compared to physical experimentsand suggests a classification of simulators for side-channel analysis.This work presents existing simulators that were created for side-channel analysis,more specifically we show that there is a lack of available simulation toolsand that therefore simulators are rarely used in the domain. We present threenew open-source simulators called Silk, Ascold and Savrasca.These simulators are working at different levels of abstraction,they can be used by developers to perform side-channel analysisof the device during different stages of development of a cryptosystem.We show how Silk can be used during the preliminary analysisand development of cryptographic algorithms using simulations based on high level of abstraction source code. We used it to compare S-boxesas well as to compare shuffling countermeasures against side-channel analysis.Then, we present the tool called Ascold that can be used to find side-channel leakagein implementations with masking countermeasure using the analysis of assembly code of the encryption.Finally, we demonstrate how our simulator called Savrasca can be used to find side-channelleakage using simulations based on compiled executable binaries. We use Savrascato analyse masked implementation of a well-known contest on side-channel analysis (the 4th edition of DPA Contest),as a result we demonstrate that the analysed implementation contains a previouslyundiscovered information leakage. Through this work we alsocompared results of our simulated experiments with real experiments comingfrom implementations on microcontrollers and showed that issues found using our simulatorsare also present in the final product. Overall, this work emphasises that simulatorsare very useful for the detection of side-channel leakages in early stages of developmentof cryptographic systems. / Option Informatique du Doctorat en Sciences / info:eu-repo/semantics/nonPublished
65

Implantation sécurisée de protocoles cryptographiques basés sur les codes correcteurs d'erreurs / Secure implementation of cryptographic protocols based on error-correcting codes

Richmond, Tania 24 October 2016 (has links)
Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape / The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step
66

Elliptic curve cryptography algorithms resistant against power analysis attacks on resource constrained devices / Algorithmes cryptographiques à base de courbes elliptiques résistant aux attaques par analyse de consommation

Houssain, Hilal 21 December 2012 (has links)
Les systèmes de cryptographie à base de courbe elliptique (ECC) ont été adoptés comme des systèmes standardisés de cryptographie à clé publique (PKC) par l'IEEE, ANSI, NIST, SEC et WTLS. En comparaison avec la PKC traditionnelle, comme RSA et ElGamal, l'ECC offre le même niveau de sécurité avec des clés de plus petites tailles. Cela signifie des calculs plus rapides et une consommation d'énergie plus faible ainsi que des économies de mémoire et de bande passante. Par conséquent, ECC est devenue une technologie indispensable, plus populaire et considérée comme particulièrement adaptée à l’implémentation sur les dispositifs à ressources restreintes tels que les réseaux de capteurs sans fil (WSN). Le problème majeur avec les noeuds de capteurs chez les WSN, dès qu'il s'agit d’opérations cryptographiques, est les limitations de leurs ressources en termes de puissance, d'espace et de temps de réponse, ce qui limite la capacité du capteur à gérer les calculs supplémentaires nécessaires aux opérations cryptographiques. En outre, les mises en oeuvre actuelles de l’ECC sur WSN sont particulièrement vulnérables aux attaques par canaux auxiliaires (SCA), en particulier aux attaques par analyse de consommation (PAA), en raison de l'absence de la sécurité physique par blindage, leur déploiement dans les régions éloignées et le fait qu’elles soient laissées sans surveillance. Ainsi, les concepteurs de crypto-processeurs ECC sur WSN s'efforcent d'introduire des algorithmes et des architectures qui ne sont pas seulement résistants PAA, mais également efficaces sans aucun supplément en termes de temps, puissance et espace. Cette thèse présente plusieurs contributions dans le domaine des cryptoprocesseurs ECC conscientisés aux PAA, pour les dispositifs à ressources limitées comme le WSN. Premièrement, nous proposons deux architectures robustes et efficaces pour les ECC conscientisées au PAA. Ces architectures sont basées sur des algorithmes innovants qui assurent le fonctionnement de base des ECC et qui prévoient une sécurisation de l’ECC contre les PAA simples (SPA) sur les dispositifs à ressources limitées tels que les WSN. Deuxièmement, nous proposons deux architectures additionnelles qui prévoient une sécurisation des ECC contre les PAA différentiels (DPA). Troisièmement, un total de huit architectures qui incluent, en plus des quatre architectures citées ci-dessus pour SPA et DPA, deux autres architectures dérivées de l’architecture DPA conscientisée, ainsi que deux architectures PAA conscientisées. Les huit architectures proposées sont synthétisées en utilisant la technologie des réseaux de portes programmables in situ (FPGA). Quatrièmement, les huit architectures sont analysées et évaluées, et leurs performances comparées. En plus, une comparaison plus avancée effectuée sur le niveau de la complexité du coût (temps, puissance, et espace), fournit un cadre pour les concepteurs d'architecture pour sélectionner la conception la plus appropriée. Nos résultats montrent un avantage significatif de nos architectures proposées par rapport à la complexité du coût, en comparaison à d'autres solutions proposées récemment dans le domaine de la recherche. / Elliptic Curve Cryptosystems (ECC) have been adopted as a standardized Public Key Cryptosystems (PKC) by IEEE, ANSI, NIST, SEC and WTLS. In comparison to traditional PKC like RSA and ElGamal, ECC offer equivalent security with smaller key sizes, in less computation time, with lower power consumption, as well as memory and bandwidth savings. Therefore, ECC have become a vital technology, more popular and considered to be particularly suitable for implementation on resource constrained devices such as the Wireless Sensor Networks (WSN). Major problem with the sensor nodes in WSN as soon as it comes to cryptographic operations is their extreme constrained resources in terms of power, space, and time delay, which limit the sensor capability to handle the additional computations required by cryptographic operations. Moreover, the current ECC implementations in WSN are particularly vulnerable to Side Channel Analysis (SCA) attacks; in particularly to the Power Analysis Attacks (PAA), due to the lack of secure physical shielding, their deployment in remote regions and it is left unattended. Thus designers of ECC cryptoprocessors on WSN strive to introduce algorithms and architectures that are not only PAA resistant, but also efficient with no any extra cost in terms of power, time delay, and area. The contributions of this thesis to the domain of PAA aware elliptic curve cryptoprocessor for resource constrained devices are numerous. Firstly, we propose two robust and high efficient PAA aware elliptic curve cryptoprocessors architectures based on innovative algorithms for ECC core operation and envisioned at securing the elliptic curve cryptoprocessors against Simple Power Analysis (SPA) attacks on resource constrained devices such as the WSN. Secondly, we propose two additional architectures that are envisioned at securing the elliptic curve cryptoprocessors against Differential Power Analysis (DPA) attacks. Thirdly, a total of eight architectures which includes, in addition to the two SPA aware with the other two DPA awareproposed architectures, two more architectures derived from our DPA aware proposed once, along with two other similar PAA aware architectures. The eight proposed architectures are synthesized using Field Programmable Gate Array (FPGA) technology. Fourthly, the eight proposed architectures are analyzed and evaluated by comparing their performance results. In addition, a more advanced comparison, which is done on the cost complexity level (Area, Delay, and Power), provides a framework for the architecture designers to select the appropriate design. Our results show a significant advantage of our proposed architectures for cost complexity in comparison to the other latest proposed in the research field.
67

Advanced EM/Power Side-Channel Attacks and Low-overhead Circuit-level Countermeasures

Debayan Das (11178318) 27 July 2021 (has links)
<div>The huge gamut of today’s internet-connected embedded devices has led to increasing concerns regarding the security and confidentiality of data. To address these requirements, most embedded devices employ cryptographic algorithms, which are computationally secure. Despite such mathematical guarantees, as these algorithms are implemented on a physical platform, they leak critical information in the form of power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and so on, leading to side-channel analysis (SCA) attacks. Non-profiled SCA attacks like differential/correlational power/EM analysis (DPA/CPA/DEMA/CEMA) are direct attacks on a single device to extract the secret key of an encryption algorithm. On the other hand, profiled attacks comprise of building an offline template (model) using an identical device and the attack is performed on a similar device with much fewer traces.</div><div><br></div><div>This thesis focusses on developing efficient side-channel attacks and circuit-level low-overhead generic countermeasures. A cross-device deep learning-based profiling power side-channel attack (X-DeepSCA) is proposed which can break the secret key of an AES-128 encryption engine running on an Atmel microcontroller using just a single power trace, thereby increasing the threat surface of embedded devices significantly. Despite all these advancements, most works till date, both attacks as well as countermeasures, treat the crypto engine as a black box, and hence most protection techniques incur high power/area overheads.</div><div><br></div><div>This work presents the first white-box modeling of the EM leakage from a crypto hardware, leading to the understanding that the critical correlated current signature should not be passed through the higher metal layers. To achieve this goal, a signature attenuation hardware (SAH) is utilized, embedding the crypto core locally within the lower metal layers so that the critical correlated current signature is not passed through the higher metals, which behave as efficient antennas and its radiation can be picked up by a nearby attacker. Combination of the 2 techniques – current-domain signature suppression and local lower metal routing shows >350x signature attenuation in measurements on our fabricated 65nm test chip, leading to SCA resiliency beyond 1B encryptions, which is a 100x improvement in both EM and power SCA protection over the prior works with comparable overheads. Moreover, this is a generic countermeasure and can be utilized for any crypto core without any performance degradation.</div><div><br></div><div>Next, backed by our physics-level understanding of EM radiation, a digital library cell layout technique is proposed which shows >5x reduction in EM SCA leakage compared to the traditional digital logic gate layout design. Further, exploiting the magneto-quasistatic (MQS) regime of operation for the present-day CMOS circuits, a HFSS-based framework is proposed to develop a pre-silicon EM SCA evaluation technique to test the vulnerability of cryptographic implementations against such attacks during the design phase itself.</div><div><br></div><div>Finally, considering the continuous growth of wearable and implantable devices around a human body, this thesis also analyzes the security of the internet-of-body (IoB) and proposes electro-quasistatic human body communication (EQS-HBC) to form a covert body area network. While the traditional wireless body area network (WBAN) signals can be intercepted even at a distance of 5m, the EQS-HBC signals can be detected only up to 0.15m, which is practically in physical contact with the person. Thus, this pioneering work proposing EQS-HBC promises >30x improvement in private space compared to the traditional WBAN, enhancing physical security. In the long run, EQS-HBC can potentially enable several applications in the domain of connected healthcare, electroceuticals, augmented and virtual reality, and so on. In addition to these physical security guarantees, side-channel secure cryptographic algorithms can be augmented to develop a fully secure EQS-HBC node.</div>

Page generated in 0.0545 seconds