Power Analysis AttacksEngineering 9877

Lee StewartMarch 2015

2

Background Simple Power Analysis (SPA) Attacks Differential Power Analysis (DPA) Attacks Stages of a DPA Attack Example Countermeasures References

Outline

3

Side-channel attack -  hardware cryptanalytic techniques which exploits the physical behavior of an IC to extract secrets implied in cryptographic operations. [4]◦ Timing◦ Power consumption◦ Electromagnetic emission [3]

Background

4

Power Analysis Attack – technique which involves examining the power consumed by a device running public-key cryptographic algorithms over time. [3]

Background

5

A technique that involves directly interpreting power consumption measurements (i.e. traces) collected during cryptographic operations. [2]

Simple Power Analysis Attack

6

A statistical method for analyzing sets of measurements to identify data-dependent correlations. [2]

Differential Power Analysis Attack

7

Device instrumentation◦ Smart card: R in series with ground line◦ FPGA: R in series with Vcc [2]

Stages of DPA Attack

8

Measurement◦ Power traces are recorded while device performs

cryptographic operations and stored on a PC. Signal processing (optional)

◦ Isolate/highlight signal and reduce noise. Prediction and selection function

generation◦ Used to assign traces to subsets◦ Typically based on an educated guess as to a possible

value for one or more intermediates within a cryptographic calculation.

◦ Selection function is single bit (0/1) or multi-bit. [2]

Stages of DPA Attack

9

Averaging ◦ the averages of the input trace subsets defined

by the selection function outputs. Evaluation

◦ Large peaks in the trace = correct guess◦ Small peaks = incorrect guess [2]

Stages of DPA Attack

10

Moradi, Barenghi, Kasper, and Paar used DPA to extract the secret key of a triple DES bitstream encryption from a Virtex-II Pro XC2CP7 FPGA

Time: 3 minutes Traces: 25,000 [5]

Example

11

Leakage reduction◦ Factor k decrease in SNR = k2 increase in number

of traces Balancing

◦ Make power less dependent on data/operations [2] Masking – conceal x with mask m

◦ Boolean mask: ◦ Arithmetic mask:

[1]

Countermeasures

12

[1] Danger, J. L., Guilley, S., Barthe, L., Benoit, P. (2011). Countermeasures against physical attacks in FPGAs. Security trends for FPGAS (pp. 73-100) Springer. [2] Kocher, P., Jaffe, J., Jun, B., & Rohatgi, P. (2011). Introduction to differential power analysis. Journal of Cryptographic Engineering, 1(1), 5-27. [3] Li, H., Wu, K., Xu, G., Yuan, H., & Luo, P. (2011). Simple power analysis attacks using chosen message against ECC hardware implementations. Paper presented at the Internet Security (WorldCIS), 2011 World Congress on, 68-72. [4] Lomne, V., Dehaboui, A., Maurine, P., Torres, L., & Robert, M. (2011). Side channel attacks. Security trends for FPGAS (pp. 47-72) Springer. [5] Moradi, A., Barenghi, A., Kasper, T., & Paar, C. (2011). On the vulnerability of FPGA bitstream encryption against power analysis attacks: Extracting keys from xilinx virtex-II FPGAs. Paper presented at the Proceedings of the 18th ACM Conference on Computer and Communications Security, 111-124. mobile devices. Paper presented at the Proceedings of the World Congress on Engineering, 1

References

13

Thank YouQuestions?