Side Channel Leakage Analysis - Detection, Exploitation and Quantification

Ye, Xin

27 January 2015

Nearly twenty years ago the discovery of side channel attacks has warned the world that security is more than just a mathematical problem. Serious considerations need to be placed on the implementation and its physical media. Nowadays the ever-growing ubiquitous computing calls for in-pace development of security solutions. Although the physical security has attracted increasing public attention, side channel security remains as a problem that is far from being completely solved. An important problem is how much expertise is required by a side channel adversary. The essential interest is to explore whether detailed knowledge about implementation and leakage model are indispensable for a successful side channel attack. If such knowledge is not a prerequisite, attacks can be mounted by even inexperienced adversaries. Hence the threat from physical observables may be underestimated. Another urgent problem is how to secure a cryptographic system in the exposure of unavoidable leakage. Although many countermeasures have been developed, their effectiveness pends empirical verification and the side channel security needs to be evaluated systematically. The research in this dissertation focuses on two topics, leakage-model independent side channel analysis and security evaluation, which are described from three perspectives: leakage detection, exploitation and quantification. To free side channel analysis from the complicated procedure of leakage modeling, an observation to observation comparison approach is proposed. Several attacks presented in this work follow this approach. They exhibit efficient leakage detection and exploitation under various leakage models and implementations. More importantly, this achievement no longer relies on or even requires precise leakage modeling. For the security evaluation, a weak maximum likelihood approach is proposed. It provides a quantification of the loss of full key security due to the presence of side channel leakage. A constructive algorithm is developed following this approach. The algorithm can be used by security lab to measure the leakage resilience. It can also be used by a side channel adversary to determine whether limited side channel information suffices the full key recovery at affordable expense.

Side Channel Analysis

Leakage Analysis

Applied Cryptography

Embedded System Security Evaluation

Tamper-Resistant Arithmetic for Public-Key Cryptography

Gaubatz, Gunnar

01 March 2007

Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines.

Side Channel Attacks

Fault Attacks

Public-Key Cryptography

Error Detection

Error Detecting Codes

Cryptography

Efficient Side-Channel Aware Elliptic Curve Cryptosystems over Prime Fields

Karakoyunlu, Deniz

08 August 2010

"Elliptic Curve Cryptosystems (ECCs) are utilized as an alternative to traditional public-key cryptosystems, and are more suitable for resource limited environments due to smaller parameter size. In this dissertation we carry out a thorough investigation of side-channel attack aware ECC implementations over finite fields of prime characteristic including the recently introduced Edwards formulation of elliptic curves, which have built-in resiliency against simple side-channel attacks. We implement Joye's highly regular add-always scalar multiplication algorithm both with the Weierstrass and Edwards formulation of elliptic curves. We also propose a technique to apply non-adjacent form (NAF) scalar multiplication algorithm with side-channel security using the Edwards formulation. Our results show that the Edwards formulation allows increased area-time performance with projective coordinates. However, the Weierstrass formulation with affine coordinates results in the simplest architecture, and therefore has the best area-time performance as long as an efficient modular divider is available."

elliptic curve cryptography

Edwards elliptic curves

side-channel attacks

ASIC implementation

prime fields

Threshold Implementations of the Present Cipher

Farmani, Mohammad

06 September 2017

"The process of securing data has always been a challenge since it is related to the safety of people and society. Nowadays, there are many cryptographic algorithms developed to solve security problems. However, some applications have constraints which make it difficult to achieve high levels of security. Light weight cryptography aims to address this issue while trying to maintain low costs. Side-channel attacks have changed the way of cryptography significantly. In this kind of attacks, the attacker has physical access to the crypto-system and can extract the sensitive data by monitoring and measuring the side-channels such as power consumption, electromagnetic emanation, timing information, sound, etc. These attacks are based on the relationship between side-channels and secret data. Therefore, there need to be countermeasures to eliminate or reduce side channel leaks or to break the relationship between side-channels and secret data to protect the crypto systems against side-channel attacks. In this work, we explore the practicality of Threshold Implementation (TI) with only two shares for a smaller design that needs less randomness but is still leakage resistant. We demonstrate the first two-share Threshold Implementations of light-weight block cipher Present. Based on implementation results, two-share TI has a lower area overhead and better throughput when compared with a first-order resistant three-share scheme. Leakage analysis of the developed implementations reveals that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. "

Masking

Countermeasure

Side channel countermeasure

Present cipher

FPGA

Lightweight cryptography

Cryptography

Threshold implementation

Implicit Cache Lockdown on ARM: An Accidental Countermeasure to Cache-Timing Attacks

Green, Marc

20 January 2017

As Moore`s law continues to reduce the cost of computation at an exponential rate, embedded computing capabilities spread to ever-expanding application scenarios, such as smartphones, the Internet of Things, and automation, among many others. This trend has naturally caused the underlying technology to evolve and has introduced increasingly complex microarchitectures into embedded processors in attempts to optimize for performance. While other microarchitectures, like those used in personal computers, have been extensively studied, there has been relatively less research done on embedded microarchitectures. This is especially true in terms of their security, which is growing more important as widespread adoption increases. This thesis explores an undocumented cache behavior found in ARM Cortex processors that we call implicit cache lockdown. While it was presumably implemented for performance reasons, it has a large impact on the recently popular class of cybersecurity attacks that utilize cache-timing side-channels. These attacks leverage the underlying hardware, specifically, the small timing differences between algorithm executions due to CPU caches, to glean sensitive information from a victim process. Since the affected processors are found in an overwhelming majority of smart phones, this sensitive information can include cryptographic secrets, credit card information, and passwords. As the name implies, implicit cache lockdown limits the ability for an attacker to evict certain data from a CPU`s cache. Since this is precisely what known cache-timing attacks rely on, they are rendered ineffective in their current form. This thesis analyzes implicit cache lockdown in great detail, including the methodology we used to discover it, its implications on all existing cache-timing attacks, and how it can be circumvented by an attacker.

side-channel

lockdown

arm

cache-timing

security

cache

countermeasure

cross-core

Towards security limits of embedded hardware devices : from practice to theory

Peeters, Eric

16 November 2006

Mobile appliances and especially smart cards have found more and more applications in the past two decades. A little more than ten years ago, the security of those devices still only relied on mathematical complexity and computational infeasibility to force cryptographic systems. Unfortunately, during the execution of cryptographic algorithms, unintentional leakage may be observed. Indeed, the power consumption or the electromagnetic emanations of the device are correlated to the encryption/decryption process. Those unintended channels are called “sidechannel”. Our work was not targeted at the discovery of new “side-channel” sources but rather at a thorough investigation of two of them: the power consumption and the electromagnetic emanation in the near-field domain. In this respect, we dealt with three different aspects of the problem: 1. We carried out many experiments on small microcontrollers but also on FPGAs in order to provide an explanation on the sources and on the set up of an efficient measurement process. Moreover, we provide the first XY scanning pictures of the electromagnetic field radiated by a small microcontroller. 2. Obtaining several measures of the observed side-channel, how is it possible to statistically analyzed these observations? We detail here the different methods available and we introduce an enhancement in the Template Attack process with Principal Component Analysis. 3. Finally, on the basis of this experience, we tried to answer the following question: “Is it possible to provide a theoretical tool to evaluate secure implementations?” The idea was to follow the notion of “Physical Computer” introduced by Micali and Reyzin. In this respect, we provide here two metrics that we consider necessary to evaluate both the strength of the adversary and the information held in the leakage. Respectively we choose the average success rate and the Shannon's mutual information.

Electromagnetic analysis

Secure hardware

Smart card

Physical computer

Cryptography

DPA

EMA

Side-channel

Side-Channel Monitoring of Contactless Java Cards

Berkes, Jem

21 January 2008

Smart cards are small, portable, tamper-resistant computers used in security-sensitive applications ranging from identification and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer ``contactless'' cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identification (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodified hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the first fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodified, commercial off-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports.

smart card

contactless

RFID

side channel

Java Card

attack

Electrical and Computer Engineering

Side-Channel Monitoring of Contactless Java Cards

Berkes, Jem

21 January 2008

Smart cards are small, portable, tamper-resistant computers used in security-sensitive applications ranging from identification and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer ``contactless'' cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identification (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodified hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the first fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodified, commercial off-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports.

smart card

contactless

RFID

side channel

Java Card

attack

Electrical and Computer Engineering

Παροχή ασφαλών υπηρεσιών με φερέγγυες υποδομές / Secure service provision through trusted infrastructures

Αντωνόπουλος, Αλέξανδρος

17 March 2014

H διατριβή αντιμετωπίζει το πρόβλημα της σχεδίασης ασφαλών υποσυστημάτων που μπορούν να υπάρξουν σε μη-εμπιστεύσιμα συστήματα διασφαλίζοντας τη δική τους ασφάλεια στο μεγαλύτερο δυνατό βαθμό. Στα πλαίσια της διατριβής προσεγγίστικε το πρόβλημα της ασφάλειας γενικά εντοπίζοντας παράλληλα περιοχές οι οποίες κρίθηκαν σημαντικές για περαιτέρω διερεύνηση. Αρχικά παρουσιάζεται η μεθοδολογία που ακολουθήθηκε για το σχεδιασμό και την ανάπτυξη αρχιτεκτονικής ασφάλειας για ένα δικτυο-κεντρικό σύστημα. Εστιάζοντας στα ενσωματωμένα συστήματα εξετάστηκαν θέματα απόδοσης κρυπτογραφίας μνήμης δεδομένου ότι η κρυπτογραφία μνήμης αποτελεί βασικό κομμάτι για την ασφάλεια ενός ενσωματωμένου συστήματος. Στη συνέχεια εξετάζεται ένα είδος επίθεσης πλαγίου καναλιού και εισάγεται μια μεθοδολογία προστασίας από μια τέτοια επίθεση. Δεδομένου ότι θέματα ασφαλείας που υπάρχουν σε συστήματα γενικού σκοπού μπορούν να αποτελέσουν μελλοντικούς κινδύνους για συστήματα ενσωματωμένου σκοπού παράλληλα με την επίβλεψη/υποστήριξη διπλωματικών εργασιών αναπτύχθηκαν λύσεις για ασφαλή εκκίνηση όπως και για τον εντοπισμό και αφαίρεση rootkit. Τέλος ως «τελευταίο» επίπεδο και δεδομένου ότι όλα τα συστήματα χρησιμοποιούνται για την ποιοτική και ασφαλή λειτουργία μιας υπηρεσίας, η διατριβή εστίασε σε θέματα ασφαλειας στο επίπεδο των εφαρμογών. Παρουσιάζεται μια μελέτη του Spam και μεθοδολογία καταπολέμησης του και τέλος επιθέσεις cross-scripting και εφαρμογή για την ανίχνευση μη επιθυμητών συναλλαγών που πραγματοποιούνται από κακόβουλες εφαρμογές. / This dissertation addresses the problem of designing secure subsystems that can exist in non-trusted infrastructures ensuring their own safety to the greatest extent possible. The problem of security was approached in a holistic view identifying areas important for further investigation. Initially we present the methodology used for the design and development of the security architecture for a network-centric system. Later we focus on embedded systems were the performance of memory encryption was examined, since memory encryption can be crucial for embedded system security. Side- channel attacks are also presented and a methodology for protection against such attacks is presented. Keeping in mind that the increase in power in embedded systems makes even more complicated attacks possible solutions were developed for secure boot and for identifying and removing rootkit. At last "last" and with the idea that all sub-systems are used for the qualitative and safe operation of a service, dissertation focused on security issues at the application level. A study of Spam is presented along with a fight-back methodology. Finally cross-scripting attacks are presented.

Ασφάλεια

005.8

Security

Security architecture

Side-channel attacks

A simple and low cost platform to perform Power Analysis Attacks

Carmona, Manuel Bejarano

January 2012

Power Analysis Attacks use the fact that power consumption in modern microprocessors and cryptographic devices depends on the instructions executed on them and so, it varies with time. This leak- age is mainly used to deduce cryptographic keys as well as algorithms by direct observation of power traces. Power Analysis is a recent field of study that has been developed for the last decade. Since then, the techniques used have evolved into more complex forms, that some- times require a variety of skills that makes the subject difficult to start with. Nowadays it is changeling to tackle the problem without expen- sive equipment; what is more, the off-the-shelf solutions to do Power Analysis Attacks are rare and expensive. This thesis aim to provide a low cost and open platform as an entry point to Power Analysis for a price under 10 USD. Besides that, it is designed to be able to per- form Simple Power Analysis and Differential Power Analysis attacks to a 8 bit microcontroller, including the software needed to automate the process of taking the measurements. Finally, the platform can be extended to cover a wide range of microcontrollers, microprocessors and cryptographic devices by simple insertion in a bread board, which makes it the perfect device for new comers to the field.

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation