Side-Channel Attacks and Countermeasures for Identity-Based Cryptographic Algorithm SM9

Identity-based cryptographic algorithm SM9, which has become the main part of the ISO/IEC 14888-3/AMD1 standard in November 2017, employs the identities of users to generate public-private key pairs. Without the support of digital certificate, it has been applied for cloud computing, cyber-physical system, Internet of Things, and so on. In this paper, the implementation of SM9 algorithm and its Simple Power Attack (SPA) are discussed. Then, we present template attack and fault attack on SPA-resistant SM9. Our experiments have proved that if attackers try the template attack on an 8-bit microcontrol unit, the secret key can be revealed by enabling the device to execute one time. Fault attack even allows the attackers to obtain the 256-bit key of SM9 by performing the algorithm twice and analyzing the two different results. Accordingly, some countermeasures to resist the three kinds of attacks above are given.

Download Full-text

An Efficient Correlation Power Analysis Attack Using Variational Mode Decomposition

JST: Smart Systems and Devices ◽

10.51316/jst.150.ssad.2021.31.1.3 ◽

2020 ◽

Vol 31 (1) ◽

pp. 17-25

Keyword(s):

Power Analysis ◽

Side Channel ◽

Variational Mode Decomposition ◽

Secret Key ◽

Intrinsic Mode Functions ◽

Side Channel Attacks ◽

Mode Decomposition ◽

Noisy Conditions ◽

Correlation Power Analysis ◽

Evaluation Board

Side channel attacks (SCAs) are now a real threat to cryptographic devices and correlation power analysis (CPA) is the most powerful attack. So far, a CPA attack usually exploits the leakage information from raw power consumption traces that collected from the attack device. In real attack scenarios, these traces collected from measurement equipment are usually contaminated by noise resulting in a decrease in attack efficiency. In this paper, we propose a variant CPA attack that exploits the leakage information from intrinsic mode functions (IMFs) of the power traces. These IMFs are the results of the variational mode decomposition (VMD) process on the raw power traces. This attack technique decreases the number of power traces for correctly recovering the secret key by approximately 13% in normal conditions and 60% in noisy conditions compared to a traditional CPA attack. Experiments were performed on power traces of AES-128 implemented in both microcontroller and FPGA by Sakura-G/W side channel evaluation board to verify the effectiveness of our method.

Download Full-text

Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i2.107-131 ◽

2019 ◽

pp. 107-131 ◽

Cited By ~ 4

Author(s):

Benjamin Timon

Keyword(s):

Neural Networks ◽

Sensitivity Analysis ◽

Deep Learning ◽

New Method ◽

Invariance Property ◽

Side Channel ◽

Translation Invariance ◽

Secret Key ◽

Side Channel Attacks ◽

Learning Techniques

Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis [MPP16]. Until now, studies have been focused on applying Deep Learning techniques to perform Profiled Side-Channel attacks where an attacker has a full control of a profiling device and is able to collect a large amount of traces for different key values in order to characterize the device leakage prior to the attack. In this paper we introduce a new method to apply Deep Learning techniques in a Non-Profiled context, where an attacker can only collect a limited number of side-channel traces for a fixed unknown key value from a closed device. We show that by combining key guesses with observations of Deep Learning metrics, it is possible to recover information about the secret key. The main interest of this method is that it is possible to use the power of Deep Learning and Neural Networks in a Non-Profiled scenario. We show that it is possible to exploit the translation-invariance property of Convolutional Neural Networks [CDP17] against de-synchronized traces also during Non-Profiled side-channel attacks. In this case, we show that this method can outperform classic Non-Profiled attacks such as Correlation Power Analysis. We also highlight that it is possible to break masked implementations in black-box, without leakages combination pre-preprocessing and with no assumptions nor knowledge about the masking implementation. To carry the attack, we introduce metrics based on Sensitivity Analysis that can reveal both the secret key value as well as points of interest, such as leakages and masks locations in the traces. The results of our experiments demonstrate the interests of this new method and show that this attack can be performed in practice.

Download Full-text

Continuous Leakage-Resilient Identity-Based Encryption with Tight Security

The Computer Journal ◽

10.1093/comjnl/bxy144 ◽

2019 ◽

Vol 62 (8) ◽

pp. 1092-1105 ◽

Cited By ~ 3

Author(s):

Yanwei Zhou ◽

Bo Yang ◽

Hongxia Hou ◽

Lina Zhang ◽

Tao Wang ◽

...

Keyword(s):

Standard Model ◽

Side Channel ◽

Side Channel Attacks ◽

Identity Based Encryption ◽

The Standard Model ◽

Communication Efficiency ◽

Leakage Resilient ◽

Novel Method ◽

Identity Based ◽

Tight Security

Abstract In the actual applications, an adversary can break the security of cryptography scheme through various leakage attacks (e.g. side-channel attacks, cold-boot attacks, etc.), even the continuous leakage attacks. That is, a practical cryptography scheme must maintain its claimed security in the continuous leakage setting. However, the previous constructions on the leakage-resilient identity-based encryption (IBE) scheme could tolerate a leakage that is bounded, and cannot resist the continuous leakage attacks. In order to further achieve the better security, a novel method to build the continuous leakage-resilient IBE scheme with tight security is presented in this paper, and the scheme’s security is proved, in the standard model, based on a stronger security assumption that depends on the number of queries made by the adversary. In addition, our proposal has several advantages over previous such constructions, e.g. shorter public parameters, higher communication efficiency, tight security, etc.

Download Full-text

Efficiency through Diversity in Ensemble Models applied to Side-Channel Attacks

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.60-96 ◽

2021 ◽

pp. 60-96

Author(s):

Gabriel Zaid ◽

Lilian Bossuet ◽

Amaury Habrard ◽

Alexandre Venelli

Keyword(s):

Deep Learning ◽

Model Performance ◽

Public Key ◽

Side Channel ◽

Ensemble Model ◽

Secret Key ◽

Side Channel Attacks ◽

Ensemble Models ◽

Remaining Time ◽

Multiple Scenarios

Deep Learning based Side-Channel Attacks (DL-SCA) are considered as fundamental threats against secure cryptographic implementations. Side-channel attacks aim to recover a secret key using the least number of leakage traces. In DL-SCA, this often translates in having a model with the highest possible accuracy. Increasing an attack’s accuracy is particularly important when an attacker targets public-key cryptographic implementations where the recovery of each secret key bits is directly related to the model’s accuracy. Commonly used in the deep learning field, ensemble models are a well suited method that combine the predictions of multiple models to increase the ensemble accuracy by reducing the correlation between their errors. Linked to this correlation, the diversity is considered as an indicator of the ensemble model performance. In this paper, we propose a new loss, namely Ensembling Loss (EL), that generates an ensemble model which increases the diversity between the members. Based on the mutual information between the ensemble model and its related label, we theoretically demonstrate how the ensemble members interact during the training process. We also study how an attack’s accuracy gain translates to a drastic reduction of the remaining time complexity of a side-channel attacks through multiple scenarios on public-key implementations. Finally, we experimentally evaluate the benefits of our new learning metric on RSA and ECC secure implementations. The Ensembling Loss increases by up to 6.8% the performance of the ensemble model while the remaining brute-force is reduced by up to 222 operations depending on the attack scenario.

Download Full-text

Cross-VM Branch Prediction Analysis Attack: Scope Assessment and Simulation

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b3553.078219 ◽

2019 ◽

Vol 8 (2) ◽

pp. 4868-4873

Keyword(s):

Cloud Computing ◽

Resource Sharing ◽

Cloud Security ◽

Branch Prediction ◽

Side Channel ◽

Shared Resource ◽

Prediction Analysis ◽

Private Key ◽

Cryptographic Algorithm ◽

Primary Focus

Growing scope of cloud computing has made cloud security a challenging parameter. Among all the security parameters, virtualization security requires primary focus as it hides internal resource sharing details of the system. Side Channel Attack (SCA) is an attack that exploits the shared resource for extracting the private key of a cryptographic algorithm. Considering the significance of virtualization security, we need to analyze the SCA in a virtualization environment. In this paper, we target the Branch Prediction Analysis (BPA) Attack, one type of SCA. We have carried out an analysis to verify the scope of various BPA attack launching methods in virtualization environment along with the simulation. We have also analyzed the scope of existing solutions handling BPA attack.

Download Full-text

On the Security of Practical Mail User Agents against Cache Side-Channel Attacks

Applied Sciences ◽

10.3390/app10113770 ◽

2020 ◽

Vol 10 (11) ◽

pp. 3770

Author(s):

Hodong Kim ◽

Hyundo Yoon ◽

Youngjoo Shin ◽

Junbeom Hur

Keyword(s):

Third Party ◽

Side Channel ◽

Software Components ◽

Side Channel Attack ◽

Side Channel Attacks ◽

User Agent ◽

Root Cause ◽

Private Key ◽

The Third ◽

And Control

Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email.

Download Full-text

Information Theoretic Security for Shannon Cipher System under Side-Channel Attacks †

Entropy ◽

10.3390/e21050469 ◽

2019 ◽

Vol 21 (5) ◽

pp. 469 ◽

Cited By ~ 3

Author(s):

Bagus Santoso ◽

Yasutada Oohama

Keyword(s):

Linear Codes ◽

Source Coding ◽

Achievable Rate ◽

Side Channel ◽

Secret Key ◽

Side Channel Attacks ◽

Rate Region ◽

Physical Information ◽

Shannon Cipher ◽

The One

In this paper, we propose a new theoretical security model for Shannon cipher systems under side-channel attacks, where the adversary is not only allowed to collect ciphertexts by eavesdropping the public communication channel but is also allowed to collect the physical information leaked by the devices where the cipher system is implemented on, such as running time, power consumption, electromagnetic radiation, etc. Our model is very robust as it does not depend on the kind of physical information leaked by the devices. We also prove that in the case of one-time pad encryption, we can strengthen the secrecy/security of the cipher system by using an appropriate affine encoder. More precisely, we prove that for any distribution of the secret keys and any measurement device used for collecting the physical information, we can derive an achievable rate region for reliability and security such that if we compress the ciphertext using an affine encoder with a rate within the achievable rate region, then: (1) anyone with a secret key will be able to decrypt and decode the ciphertext correctly, but (2) any adversary who obtains the ciphertext and also the side physical information will not be able to obtain any information about the hidden source as long as the leaked physical information is encoded with a rate within the rate region. We derive our result by adapting the framework of the one helper source coding problem posed and investigated by Ahlswede and Körner (1975) and Wyner (1975). For reliability and security, we obtain our result by combining the result of Csizár (1982) on universal coding for a single source using linear codes and the exponential strong converse theorem of Oohama (2015) for the one helper source coding problem.

Download Full-text

Strengthening Sequential Side-Channel Attacks Through Change Detection

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i3.1-21 ◽

2020 ◽

pp. 1-21

Author(s):

Luca Frittoli ◽

Matteo Bocchi ◽

Silvia Mella ◽

Diego Carrera ◽

Beatrice Rossi ◽

...

Keyword(s):

Change Detection ◽

Computing Time ◽

Side Channel ◽

Channel Measurements ◽

Success Rates ◽

Secret Key ◽

Side Channel Attacks ◽

Sequential Structure ◽

Timing Attack ◽

Alternative Solutions

The sequential structure of some side-channel attacks makes them subject to error propagation, i.e. when an error occurs during the recovery of some part of a secret key, all the following guesses might as well be chosen randomly. We propose a methodology that strengthens sequential attacks by automatically identifying and correcting errors. The core ingredient of our methodology is a change-detection test that monitors the distribution of the distinguisher values used to reconstruct the secret key. Our methodology includes an error-correction procedure that can cope both with false positives of the change-detection test, and inaccuracies of the estimated location of the wrong key guess. The proposed methodology is general and can be included in several attacks. As meaningful examples, we conduct two different side-channel attacks against RSA-2048: an horizontal power-analysis attack based on correlation and a vertical timing attack. Our experiments show that, in all the considered cases, strengthened attacks outperforms their original counterparts and alternative solutions that are based on thresholds. In particular, strengthened attacks achieve high success rates even when the side-channel measurements are noisy or limited in number, without prohibitively increasing the computing time.

Download Full-text

Advanced Encryption Standard With Randomized Round Keys for Communication Security in IoT Networks

The IoT and the Next Revolutions Automating the World - Advances in Web Technologies and Engineering ◽

10.4018/978-1-5225-9246-4.ch017 ◽

2019 ◽

pp. 280-288

Author(s):

Ishpal Singh Gill ◽

Dharm Singh Jat

Keyword(s):

Smart Cities ◽

Health Sector ◽

Smart Devices ◽

Advanced Encryption Standard ◽

Side Channel ◽

Side Channel Attacks ◽

Public And Private ◽

Private Key ◽

The World ◽

In Transit

Internet of things (IoT) is a rapidly emerging architecture connecting smart devices all across the world in various fields like smart homes, smart cities, health sector, security, etc. Security is a very important aspect of IoT. As more and more devices are connecting to the Internet, it becomes a lucrative target for hackers. The communication between the various devices, nodes, and between nodes and the cloud, needs to be secured. A combination of public and private key cryptography systems is used to secure the IoT networks. The Advanced Encryption Standard (AES) is used for encrypting the data in transit. However, the AES is known to be prone to brute force attacks, side channel attacks, and other forms of cryptanalysis. This chapter proposes a more secure AES algorithm with randomised round keys, which provides better security with negligible overheads, and is ideal for use in IoT networks.

Download Full-text

Victims Can Be Saviors

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3439189 ◽

2021 ◽

Vol 17 (2) ◽

pp. 1-31

Author(s):

Manaar Alam ◽

Sarani Bhattacharya ◽

Debdeep Mukhopadhyay

Keyword(s):

Machine Learning ◽

Security Analysis ◽

False Positives ◽

Machine Learning Techniques ◽

Side Channel ◽

Detection Accuracy ◽

Secret Key ◽

Side Channel Attacks ◽

Detection Mechanism ◽

Novel Approach

Micro-architectural side-channel attacks are major threats to the most mathematically sophisticated encryption algorithms. In spite of the fact that there exist several defense techniques, the overhead of implementing the countermeasures remains a matter of concern. A promising strategy is to develop online detection and prevention methods for these attacks. Though some recent studies have devised online prevention mechanisms for some categories of these attacks, still other classes remain undetected. Moreover, to detect these side-channel attacks with minimal False Positives is a challenging effort because of the similarity of their behavior with computationally intensive applications. This article presents a generalized machine learning--based multi-layer detection technique that targets these micro-architectural side-channel attacks, while not restricting its attention only on a single category of attacks. The proposed mechanism gathers low-level system information by profiling performance counter events using Linux perf tool and then applies machine learning techniques to analyze the data. A novel approach using time-series analysis of the data is implemented to find out the correlation of the execution trace of the attack process with the secret key of encryption, which helps in dealing with False-Positives and unknown attacks. This article also provides a detailed theoretical analysis of the detection mechanism of the proposed model along with its security analysis. The experimental results show that the proposed method is superior to the state-of-the-art reported techniques with high detection accuracy, low False Positives, and low implementation overhead while being able to detect before the completion of the attack.

Download Full-text