Download Electromagnetic and Machine Learning Side-Channel Attacks ... and more Exercises Cryptography and System Security in PDF only on Docsity!
Shreyas Sen^1 , Arijit Raychowdhury^2 Acknowledgements: Debayan Das^1 , Josef Danial^1 , Anupam Golder^2 SPARC Lab, ECE, Purdue University^1 ICSRL, ECE, Georgia Institute of Technology^2 August 25, 2019
Electromagnetic and Machine Learning
Side-Channel Attacks and Low-Overhead
Generic Countermeasures
CHES 2019
Stealing Secret from Distance
Reference : https://www.fox-it.com/nl/wp- content/uploads/sites/12/Tempest_attacks_against_AES.pdf
- Background
- Side-Channel Attacks
- Countermeasures
- Remarks and Discussions
Outline
Overview: New Attacks and Defenses Power & Electro- Magnetic Side-Channel White-Box Root- Cause Analysis STELLAR: Generic EM SCA Tolerance ASNI: Attenuated Signature Noise Injection Defense SCNIFFER: Automated EM leakage point detection X-DeepSCA: Cross-Device Deep-Learning SCA Attack arxiv 2019 DAC 2019, TVLSI 2019 HOST 2017, TCAS-1 2018 HOST 2019
- Physical Implementations of crypto algorithms leak
intermediate data
- Data-dependent power leaks due to the switching
activity of the transistors
- Why so powerful? Complexity of breaking AES- 128 reduced from 2 128 to 2 12 . Divide and conquer approach: Byte-wise attack, 2 8 Combinations for each byte, and 16 key bytes. 128 Key = 16 x 8 - bit key Byte-wise Attack Complexity: 16 x 𝟐 𝟖 = 𝟐 𝟏𝟐
Power Side-Channel Basics
Background Side-Channel Attacks Countermeasures Remarks 1 100000000 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ 1E+ Side Channel Attack Brute Force Attack Attack Complexity Attack Complexity
/Electromagnetic radiations
emanating from ICs
performing crypto
operations can be picked
up.
- Using statistical analyses,
the secret key operating in
the hardware can be
revealed.
- Most attackers treat these
EM emanations as a Black
Box!
Power/EM Side-Channel Basics Background Side-Channel Attacks Countermeasures Remarks
Attack Setup: Overview
Recording Hardware
Background Side-Channel Attacks Countermeasures Remarks
Practical Power/EM Analysis Attacks
- Smart Cards – credit cards, etc. are vulnerable to these attacks
- IoT devices – 8 / 16 - bit microcontrollers can be attacked
- Counterfeiting of e-cigarettes to gain market share Kim et al., Blackhat Asia 2017 Background Side-Channel Attacks Countermeasures Remarks
- Background
- Side-Channel Attacks
- Countermeasures
- Remarks and Discussions
Outline
- Traditional cryptography revolves around the concepts of one-way and trapdoor functions.
- One-wayness: The function is easy to compute, but hard to invert.
- A trapdoor one-way algorithm involves a function which is easily invertible if and only if the secret “key” is available.
- Physical attacks occur in 2 phases:
- Data collection: The attacker exploits certain physical characteristics (power/EM) of the device under attack.
- Attack: Run statistical analysis on the gathered traces to recover the secret key.
Physical Attacks
Background Side-Channel Attacks Countermeasures Remarks
EM & Power Side-Channel Analysis: Attack Models
- Power consumption (& EM radiation) proportional to the total number of bit flips.
- Hamming Weight (HW) Model: Number of 1 ’s on the data bus
- Hamming Distance (HD) Model: Number of bits switching from previous state to the next.
- HW model is a special case of the HD model.
- Dynamic Power ( 0 - > 1 ) 𝑃𝑑𝑦𝑛 = 𝐶𝐿𝑉𝐷𝐷 2 𝑃 0 → 1 𝑓 Cl - > load capacitance Vdd - > supply voltage P0->1 - > probability of a 0->1 transition f - > frequency Background Side-Channel Attacks Countermeasures Remarks
- Hamming Weight (HW) Model: Crude model, but
useful for software implementations in
microcontrollers.
- Hamming Distance (HD) Model: Considers both 1-
0 and 0-1 transitions equal, useful for hardware
implementations where the same register is used
to store the updated states.
Attack Models: HW vs HD
Background Side-Channel Attacks Countermeasures Remarks
Non-Profiled and Profiled attacks Background Side-Channel Attacks Countermeasures Remarks
- Non-Profiled SCA:
- Direct attack on a target device using HW/HD leakage model.
- Eg. Differential/Correlational power analysis (DPA/CPA).
- Profiled SCA attack:
- Build offline template using an identical device
- Perform attack on a similar device with fewer traces (more powerful attack).
- Eg. Statistical template attacks, machine learning based attacks. EM/Power Analysis Attacks Non-Profiled Attacks Profiled Attacks