Electromagnetic and Machine Learning Side-Channel Attacks ..., Exercises of Cryptography and System Security

Traditional cryptography revolves around the concepts of one-way and trapdoor functions. • One-wayness: The function is easy to compute, ...

Typology: Exercises

2022/2023

Uploaded on 05/11/2023

arold
arold 🇺🇸

4.7

(24)

372 documents

1 / 128

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
SPARC Lab, ECE, Purdue ICSRL, ECE, Georgia Tech
Shreyas Sen1, Arijit Raychowdhury2
Acknowledgements: Debayan Das1, Josef Danial1, Anupam Golder2
SPARC Lab, ECE, Purdue University1
ICSRL, ECE, Georgia Institute of Technology2
August 25, 2019
Electromagnetic and Machine Learning
Side-Channel Attacks and Low-Overhead
Generic Countermeasures
CHES 2019
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Electromagnetic and Machine Learning Side-Channel Attacks ... and more Exercises Cryptography and System Security in PDF only on Docsity!

Shreyas Sen^1 , Arijit Raychowdhury^2 Acknowledgements: Debayan Das^1 , Josef Danial^1 , Anupam Golder^2 SPARC Lab, ECE, Purdue University^1 ICSRL, ECE, Georgia Institute of Technology^2 August 25, 2019

Electromagnetic and Machine Learning

Side-Channel Attacks and Low-Overhead

Generic Countermeasures

CHES 2019

Stealing Secret from Distance

Reference : https://www.fox-it.com/nl/wp- content/uploads/sites/12/Tempest_attacks_against_AES.pdf

  • Background
  • Side-Channel Attacks
  • Countermeasures
  • Remarks and Discussions

Outline

Overview: New Attacks and Defenses Power & Electro- Magnetic Side-Channel White-Box Root- Cause Analysis STELLAR: Generic EM SCA Tolerance ASNI: Attenuated Signature Noise Injection Defense SCNIFFER: Automated EM leakage point detection X-DeepSCA: Cross-Device Deep-Learning SCA Attack arxiv 2019 DAC 2019, TVLSI 2019 HOST 2017, TCAS-1 2018 HOST 2019

  • Physical Implementations of crypto algorithms leak

intermediate data

  • Data-dependent power leaks due to the switching

activity of the transistors

  • Why so powerful? Complexity of breaking AES- 128 reduced from 2 128 to 2 12 . Divide and conquer approach: Byte-wise attack, 2 8 Combinations for each byte, and 16 key bytes. 128 Key = 16 x 8 - bit key Byte-wise Attack Complexity: 16 x 𝟐 𝟖 = 𝟐 𝟏𝟐

Power Side-Channel Basics

Background Side-Channel Attacks Countermeasures Remarks 1 100000000 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ Side Channel Attack Brute Force Attack Attack Complexity Attack Complexity

  • Power Consumption

/Electromagnetic radiations

emanating from ICs

performing crypto

operations can be picked

up.

  • Using statistical analyses,

the secret key operating in

the hardware can be

revealed.

  • Most attackers treat these

EM emanations as a Black

Box!

Power/EM Side-Channel Basics Background Side-Channel Attacks Countermeasures Remarks

Attack Setup: Overview

Recording Hardware

Background Side-Channel Attacks Countermeasures Remarks

Practical Power/EM Analysis Attacks

  • Smart Cards – credit cards, etc. are vulnerable to these attacks
  • IoT devices – 8 / 16 - bit microcontrollers can be attacked
  • Counterfeiting of e-cigarettes to gain market share Kim et al., Blackhat Asia 2017 Background Side-Channel Attacks Countermeasures Remarks
  • Background
  • Side-Channel Attacks
  • Countermeasures
  • Remarks and Discussions

Outline

  • Traditional cryptography revolves around the concepts of one-way and trapdoor functions.
  • One-wayness: The function is easy to compute, but hard to invert.
  • A trapdoor one-way algorithm involves a function which is easily invertible if and only if the secret “key” is available.
  • Physical attacks occur in 2 phases:
    • Data collection: The attacker exploits certain physical characteristics (power/EM) of the device under attack.
    • Attack: Run statistical analysis on the gathered traces to recover the secret key.

Physical Attacks

Background Side-Channel Attacks Countermeasures Remarks

EM & Power Side-Channel Analysis: Attack Models

  • Power consumption (& EM radiation) proportional to the total number of bit flips.
  • Hamming Weight (HW) Model: Number of 1 ’s on the data bus
  • Hamming Distance (HD) Model: Number of bits switching from previous state to the next.
  • HW model is a special case of the HD model.
  • Dynamic Power ( 0 - > 1 ) 𝑃𝑑𝑦𝑛 = 𝐶𝐿𝑉𝐷𝐷 2 𝑃 0 → 1 𝑓 Cl - > load capacitance Vdd - > supply voltage P0->1 - > probability of a 0->1 transition f - > frequency Background Side-Channel Attacks Countermeasures Remarks
  • Hamming Weight (HW) Model: Crude model, but

useful for software implementations in

microcontrollers.

  • Hamming Distance (HD) Model: Considers both 1-

0 and 0-1 transitions equal, useful for hardware

implementations where the same register is used

to store the updated states.

Attack Models: HW vs HD

Background Side-Channel Attacks Countermeasures Remarks

Non-Profiled and Profiled attacks Background Side-Channel Attacks Countermeasures Remarks

  • Non-Profiled SCA:
    • Direct attack on a target device using HW/HD leakage model.
    • Eg. Differential/Correlational power analysis (DPA/CPA).
  • Profiled SCA attack:
    • Build offline template using an identical device
    • Perform attack on a similar device with fewer traces (more powerful attack).
    • Eg. Statistical template attacks, machine learning based attacks. EM/Power Analysis Attacks Non-Profiled Attacks Profiled Attacks