scholarly journals Key Bit-Dependent Side-Channel Attacks on Protected Binary Scalar Multiplication †

2018 ◽  
Vol 8 (11) ◽  
pp. 2168 ◽  
Author(s):  
Bo-Yeon Sim ◽  
Junki Kang ◽  
Dong-Guk Han
Keyword(s):  
Success Rate ◽  
Electromagnetic Emission ◽  
Scalar Multiplication ◽  
Statistical Characteristics ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Software Implementations ◽  
Channel Analysis ◽  
Single Trace

Binary scalar multiplication, which is the main operation of elliptic curve cryptography, is vulnerable to side-channel analysis. It is especially vulnerable to side-channel analysis using power consumption and electromagnetic emission patterns. Thus, various countermeasures have been reported. However, they focused on eliminating patterns of conditional branches, statistical characteristics according to intermediate values, or data inter-relationships. Even though secret scalar bits are directly loaded during the check phase, countermeasures for this phase have not been considered. Therefore, in this paper, we show that there is side-channel leakage associated with secret scalar bit values. We experimented with hardware and software implementations, and experiments were focused on the Montgomery–López–Dahab ladder algorithm protected by scalar randomization in hardware implementations. We show that we could extract secret key bits with a 100% success rate using a single trace. Moreover, our attack did not require sophisticated preprocessing and could defeat existing countermeasures using a single trace. We focused on the key bit identification functions of mbedTLS and OpenSSL in software implementations. The success rate was over 94%, so brute-force attacks could still be able to recover the whole secret scalar bits. We propose a countermeasure and demonstrate experimentally that it can be effectively applied.

scholarly journals Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis

Cryptography ◽  
2021 ◽  
Vol 5 (3) ◽  
pp. 24
Author(s):  
Dor Salomon ◽  
Amir Weiss ◽  
Itamar Levi
Keyword(s):  
Information Gain ◽  
Computational Cost ◽  
Statistical Characteristics ◽  
Side Channel ◽  
Band Pass Filter ◽  
Pass Filter ◽  
Side Channel Analysis ◽  
Main Challenge ◽  
Channel Analysis ◽  
Single Trace

Side-channel analysis (SCA) attacks constantly improve and evolve. Implementations are therefore designed to withstand strong SCA adversaries. Different side channels exhibit varying statistical characteristics of the sensed or exfiltrated leakage, as well as the embedding of different countermeasures. This makes it crucial to improve and adapt pre-processing and denoising techniques, and abilities to evaluate the adversarial best-case scenario. We address two popular SCA scenarios: (1) a single-trace context, modeling an adversary that captures only one leakage trace, and (2) a multi-trace (or statistical) scenario, that models the classical SCA context. Given that horizontal attacks, localized electromagnetic attacks and remote-SCA attacks are becoming evermore powerful, both scenarios are of interest and importance. In the single-trace context, we improve on existing Singular Spectral Analysis (SSA) based techniques by utilizing spectral property variations over time that stem from the cryptographic implementation. By adapting overlapped-SSA and optimizing over the method parameters, we achieve a significantly shorter computation time, which is the main challenge of the SSA-based technique, and a higher information gain (in terms of the Signal-to-Noise Ratio (SNR)). In the multi-trace context, a profiling strategy is proposed to optimize a Band-Pass Filter (BPF) based on a low-computational cost criterion, which is shown to be efficient for unprotected and low protection level countermeasures. In addition, a slightly more computationally intensive optimized ’shaped’ filter is presented that utilizes a frequency-domain SNR-based coefficient thresholding. Our experimental results exhibit significant improvements over a set of various implementations embedded with countermeasures in hardware and software platforms, corresponding to varying baseline SNR levels and statistical leakage characteristics.

scholarly journals Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis?

2020 ◽  
pp. 49-85
Author(s):  
Anh-Tuan Hoang ◽  
Neil Hanley ◽  
Maire O’Neill
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Large Body ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Filter Kernel ◽  
Secret Keys ◽  
Channel Analysis ◽  
Template Attacks

Deep learning (DL) has proven to be very effective for image recognition tasks, with a large body of research on various model architectures for object classification. Straight-forward application of DL to side-channel analysis (SCA) has already shown promising success, with experimentation on open-source variable key datasets showing that secret keys can be revealed with 100s traces even in the presence of countermeasures. This paper aims to further improve the application of DL for SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms when protected with SCA countermeasures. We propose a new model, CNN-based model with Plaintext feature extension (CNNP) together with multiple convolutional filter kernel sizes and structures with deeper and narrower neural networks, which has empirically proven its effectiveness by outperforming reference profiling attack methods such as template attacks (TAs), convolutional neural networks (CNNs) and multilayer perceptron (MLP) models. Our model generates state-of-the art results when attacking the ASCAD variable-key database, which has a restricted number of training traces per key, recovering the key within 40 attack traces in comparison with order of 100s traces required by straightforward machine learning (ML) application. During the profiling stage an attacker needs no additional knowledge on the implementation, such as the masking scheme or random mask values, only the ability to record the power consumption or electromagnetic field traces, plaintext/ciphertext and the key. Additionally, no heuristic pre-processing is required in order to break the high-order masking countermeasures of the target implementation.

scholarly journals Single Trace Side Channel Analysis on NTRU Implementation

2018 ◽  
Vol 8 (11) ◽  
pp. 2014 ◽  
Author(s):  
Soojung An ◽  
Suhri Kim ◽  
Sunghyun Jin ◽  
HanBit Kim ◽  
HeeSeok Kim
Keyword(s):  
Power Consumption ◽  
Quantum Computer ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Side Channel Analysis ◽  
Channel Analysis ◽  
Post Quantum Cryptography ◽  
Single Trace ◽  
Secure Implementation ◽  
Single Power

As researches on the quantum computer have progressed immensely, interests in post-quantum cryptography have greatly increased. NTRU is one of the well-known algorithms due to its practical key sizes and fast performance along with the resistance against the quantum adversary. Although NTRU has withstood various algebraic attacks, its side-channel resistance must also be considered for secure implementation. In this paper, we proposed the first single trace attack on NTRU. Previous side-channel attacks on NTRU used numerous power traces, which increase the attack complexity and limit the target algorithm. There are two versions of NTRU implementation published in succession. We demonstrated our attack on both implementations using a single power consumption trace obtained in the decryption phase. Furthermore, we propose a countermeasure to prevent the proposed attacks. Our countermeasure does not degrade in terms of performance.

scholarly journals A novel side-channel analysis for physical-domain security in cyber-physical systems

2019 ◽  
Vol 15 (8) ◽  
pp. 155014771986786 ◽  
Author(s):  
Min Wang ◽  
Kama Huang ◽  
Yi Wang ◽  
Zhen Wu ◽  
Zhibo Du
Keyword(s):  
Information Leakage ◽  
Cyber Physical Systems ◽  
Cyber Attacks ◽  
Side Channel ◽  
Learning Technology ◽  
Physical Domain ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Physical Systems ◽  
Channel Analysis

Security of cyber-physical systems against cyber attacks is an important yet challenging problem. Cyber-physical systems are prone to information leakage from the physical domain. The analog emissions, such as magnetic and power, can turn into side channel revealing valuable data, even the crypto key of the system. Template attack is a popular type of side-channel analysis using machine learning technology. Malicious attackers can use template attack to profile the analog emission, then recover the secret key of the system. But conventional template attack requires that the adversary has access to an identical experiment device that he can program to his choice. This study proposes a novel side-channel analysis for physical-domain security in cyber-physical systems. Our contributions are the following three points: (1) Major peak region method for finding points of interests correctly is proposed. (2) A method for establishing templates on the basis of those points of interest still without requiring knowledge of the key is proposed. Several techniques are proposed to improve the quality of the templates as well. (3) A method for choosing attacking traces is proposed to significantly improve the attacking efficiency. Our experiments on three devices show that the proposed method is significantly more effective than conventional template attack. By doing so, we will highlight the importance of performing similar analysis during design time to secure the cyber-physical system.

scholarly journals Make Some Noise. Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis

2019 ◽  
pp. 148-179 ◽  
Author(s):  
Jaehun Kim ◽  
Stjepan Picek ◽  
Annelie Heuser ◽  
Shivam Bhasin ◽  
Alan Hanjalic
Keyword(s):  
Neural Network ◽  
Neural Networks ◽  
Convolutional Neural Network ◽  
Convolutional Neural Networks ◽  
High Performance ◽  
Artificial Noise ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Channel Analysis

Profiled side-channel analysis based on deep learning, and more precisely Convolutional Neural Networks, is a paradigm showing significant potential. The results, although scarce for now, suggest that such techniques are even able to break cryptographic implementations protected with countermeasures. In this paper, we start by proposing a new Convolutional Neural Network instance able to reach high performance for a number of considered datasets. We compare our neural network with the one designed for a particular dataset with masking countermeasure and we show that both are good designs but also that neither can be considered as a superior to the other one.Next, we address how the addition of artificial noise to the input signal can be actually beneficial to the performance of the neural network. Such noise addition is equivalent to the regularization term in the objective function. By using this technique, we are able to reduce the number of measurements needed to reveal the secret key by orders of magnitude for both neural networks. Our new convolutional neural network instance with added noise is able to break the implementation protected with the random delay countermeasure by using only 3 traces in the attack phase. To further strengthen our experimental results, we investigate the performance with a varying number of training samples, noise levels, and epochs. Our findings show that adding noise is beneficial throughout all training set sizes and epochs.

scholarly journals When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

2020 ◽  
pp. 196-221
Author(s):  
Alejandro Cabrera Aldaya ◽  
Billy Bob Brumley
Keyword(s):  
Side Channel ◽  
Security Threats ◽  
Integer Factorization ◽  
Success Rates ◽  
Side Channel Attacks ◽  
Side Channel Analysis ◽  
Factorization Problem ◽  
Integer Factorization Problem ◽  
Channel Analysis ◽  
Single Trace

Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves.We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. It reduces mbedTLS ECDSA security to an integer factorization problem. An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%.

scholarly journals SITM: See-In-The-Middle Side-Channel Assisted Middle Round Differential Cryptanalysis on SPN Block Ciphers

2019 ◽  
pp. 95-122
Author(s):  
Shivam Bhasin ◽  
Jakub Breier ◽  
Xiaolu Hou ◽  
Dirmanto Jap ◽  
Romain Poussier ◽  
...  
Keyword(s):  
Block Cipher ◽  
State Of The Art ◽  
Block Ciphers ◽  
Differential Cryptanalysis ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Cryptographic Algorithms ◽  
Channel Analysis ◽  
Symmetric Block

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

scholarly journals Electromagnetic and Power Side-Channel Analysis: Advanced Attacks and Low-Overhead Generic Countermeasures through White-Box Approach

Cryptography ◽  
2020 ◽  
Vol 4 (4) ◽  
pp. 30
Author(s):  
Debayan Das ◽  
Shreyas Sen
Keyword(s):  
Deep Learning ◽  
State Of The Art ◽  
Side Channel ◽  
Secret Key ◽  
Embedded Devices ◽  
Side Channel Analysis ◽  
Root Cause ◽  
Channel Analysis ◽  
Metal Layers ◽  
A Current

Electromagnetic and power side-channel analysis (SCA) provides attackers a prominent tool to extract the secret key from the cryptographic engine. In this article, we present our cross-device deep learning (DL)-based side-channel attack (X-DeepSCA) which reduces the time to attack on embedded devices, thereby increasing the threat surface significantly. Consequently, with the knowledge of such advanced attacks, we performed a ground-up white-box analysis of the crypto IC to root-cause the source of the electromagnetic (EM) side-channel leakage. Equipped with the understanding that the higher-level metals significantly contribute to the EM leakage, we present STELLAR, which proposes to route the crypto core within the lower metals and then embed it within a current-domain signature attenuation (CDSA) hardware to ensure that the critical correlated signature gets suppressed before it reaches the top-level metal layers. CDSA-AES256 with local lower metal routing was fabricated in a TSMC 65 nm process and evaluated against different profiled and non-profiled attacks, showing protection beyond 1B encryptions, compared to ∼10K for the unprotected AES. Overall, the presented countermeasure achieved a 100× improvement over the state-of-the-art countermeasures available, with comparable power/area overheads and without any performance degradation. Moreover, it is a generic countermeasure and can be used to protect any crypto cores while preserving the legacy of the existing implementations.

Sign in / Sign up

Export Citation Format

Share Document