Innovative Method of the Power Analysis

This paper describes an innovative method of the power analysis which presents the typical example of successful attacks against trusted cryptographic devices such as RFID (Radio-Frequency IDentifications) and contact smart cards. The proposed method analyzes power consumption of the AES (Advanced Encryption Standard) algorithm with neural network, which successively classifies the first byte of the secret key. This way of the power analysis is an entirely new approach and it is designed to combine the advantages of simple and differential power analysis. In the extreme case, this feature allows to determine the whole secret key of a cryptographic module only from one measured power trace. This attribute makes the proposed method very attractive for potential attackers. Besides theoretical design of the method, we also provide the first implementation results. We assume that the method will be certainly optimized to obtain more accurate classification results in the future

Using a Light-Based Power Source to Defeat Power Analysis Attacks

Power analysis attacks exploit the correlation between the information processed by an electronic system and the power consumption of the system. By powering an electronic system with an optical power source, we can prevent meaningful information from being leaked to the power pins and captured in power traces. The relatively constant current draw of the optical power source hides any variability in the power consumption of the target system caused by the logic gates\u27 switching activity of the system as observed at the power pins. This thesis will provide evidence to show that using an optical power source should make it impossible for an attacker to extract meaningful information from the power trace of the monitored system, as measured at the power pins

SoC It to EM:ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip

Increased complexity in modern embedded systems has presented various important challenges with regard to side-channel attacks. In particular, it is common to deploy SoC-based target devices with high clock frequencies in security-critical scenarios; understanding how such features align with techniques more often deployed against simpler devices is vital from both destructive (i.e., attack) and constructive (i.e., evaluation and/or countermeasure) perspectives. In this paper, we investigate electromagnetic-based leakage from three different means of executing cryptographic workloads (including the general purpose ARM core, an on-chip co-processor, and the NEON core) on the AM335x SoC. Our conclusion is that addressing challenges of the type above {\em is} feasible, and that key recovery attacks can be conducted with modest resources

Side Channel Cryptanalysis

Postranní kanály v oblasti kryptografie zásadním způsobem mění pohled na bezpečnost celého kryptografického systému. Již nestačí analyzovat bezpečnost algoritmu pouze z~matematického hlediska pomocí abstraktních modelů, ale stejný důraz musí být kladen na implementaci algoritmů. Disertační práce v úvodu vysvětluje základní pojmy, princip útoku postranními kanály a jejich základní dělení. V následující části jsou určeny cíle dizertační práce. Hlavním cílem disertační práce je navrhnout a experimentálně ověřit novou metodu analýzy proudovým postranním kanálem, která bude využívat neuronové sítě. Tento hlavní cíl vznikl z rozboru používaných analýz proudovým postranním kanálem uvedených v následujících kapitolách. Tyto kapitoly obsahují podrobný rozbor současně používaných analýz proudovým postranním kanálem a rozbor šifrovacího algoritmu AES. Algoritmus AES byl vybrán, z důvodu odolnosti proti konvenčnímu způsobu analýz. Následující kapitola popisuje získané dílčí experimentální výsledky optimalizace stávajících metod, vliv parametrů ovlivňující proudovou spotřebu a výsledky navržené analýzy pomocí neuronových sítí včetně diskuze získaných výsledků. Tento typ útoku proudovým postranním kanálem nebyl dosud publikován, jedná se tedy o zcela novou myšlenku. Posledním cílem práce bylo shrnutí možných ochran proti analýze a útoku postranním kanálem.Side channels fundamentally changes the view of the cryptographic system security in cryptography. It is not enough to analyze the security algorithm only from a mathematical point of view using abstract models but it is necessary to focus on the implementation of the algorithms. The introduction of the thesis deals with the basic terms, principles of side channel attacks and basic clasification of side channels. The following chapter describes the objectives of the thesis. The main goal of the thesis is to propose and experimentally verify a new power analysis method whish will use the neural network. This main goal was based on the realized analyzes presented in the following chapters. These chapters contain a detailed analysis of currently used power analysis and analysis of AES encryption algorithm. AES was selected becouse the algorithm is resistant to the conventional cryptoanalysis. The following section describes the experimental results of the optimization of existing methods, the influence of the parameters affecting power consumption and the results of the proposed analysis using neural networks. This section includes the discussion of the results. This type of side channel attack has not been published yet thus it is a completely new idea. The final goal of the thesis was to summarize the possible countermeasures protecting against the side channel attacks.

Cryptanalysis of modern cryptographic devices

Práce se zaměřuje na proudovou analýzu moderních kryptografických modulů. V první části práce je krátký úvod do problematiky proudového postranního kanálu a do základních metod analýz. V textu je popsaný postup porovnání modulů a krátký popis nalezených zařízení. V praktické části byly vybrány celkem dva moduly pro implementaci šifrovacího algoritmu AES-128. První modul představoval čipovou kartu Gemalto .NET v2 a druhý modul představovalo Raspberry Pi. Pro oba moduly byly úspěšně vytvořeny experimentální pracoviště, které umožňovali měření proudové spotřeby algoritmu AES. Na získaných datech byla provedena diferenciální proudová analýza. V závěrečné části práce jsou shrnuty výsledky do tabulek, jsou vidět ukázkové kódy a grafy vytvořené z naměřených hodnot na modulu Raspberry Pi.The thesis focuses on power analysis of modern cryptographic modules. The first part contains a brief introduction to the topic of the power side channel and basic methods of analyzes. The text describes the process of comparison of modules and a short description of devices found. In the practical part two modules has been selected for the implementation of the encryption algorithm AES-128. The first module was the chip card Gemalto .NET v2 and the second one was the Raspberry Pi. A workplace has been created for these modules which allowed to measure the power consumption of the algorithm AES. Differential Power Analysis has been made using the captured results. In its conclusion the work presents the results in tables and samples of source codes. Graphs were made from the results captured on the Raspberry Pi and from the results of the Differential Power Analysis.

Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

Non-profiling power analysis attacks

Tato práce se zabývá možnostmi prolomení šifrovacího algoritmu AES pomocí neprofilujících útoků diferenciální proudovou analýzou. V úvodu jsou uvedeny v současnosti používané techniky diferenciální analýzy a pro přehled je zmíněna i jednoduchá proudová analýza. V dalších kapitolách jsou stručně popsány ochrany před útoky a popsán šifrovací algoritmus AES. Nejdůležitější část tvoří kapitoly s popisem realizace útoků na algoritmus AES-128 pomocí korelační analýzy a analýzy vzájemné informace. Tyto útoky využívají proudové průběhy ze stránek věnovaných knize Power Analysis Attacks - Revealing the Secrets of Smartcards, http://DPAbook.org a především pak proudovým průběhům ze soutěže DPA Contest 4.2, http://www.dpacontest.org. Na závěr je srovnání metod na základě počtu proudových průběhů nutných k nalezení klíče zprávy.The work is mainly concerned with the possibilities of breaking the encryption algorithm AES with using of non-template attacks. In the introduction are listed techniques of differential analysis, which are using in the present, but for the sake of completeness is there mention about simple power analysis. In the next chapters are briefly described countermeasures against power analysis and further is described the AES algorithm. Most important parts are chapters where are described attack implementation on AES-128 through correlation power analysis and mutual information analysis. These attacks exploit power traces from www pages dedicated to book Power Analysis Attacks - Revealing the Secrets of Smartcards, http://DPAbook.org and especially to power traces from DPA Contest 4.2, http://www.dpacontest.org. In conclusion is comparison of methods based on the number of power traces needed for finding the key of secret message.

SoK: Design Tools for Side-Channel-Aware Implementations

Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure the physical properties of the device. Hence, they cannot be used during the design process and fail to provide root cause analysis. An alternative approach that is gaining traction is to automate leakage detection by modeling the device. The demand to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. In this SoK, we classify approaches to automated leakage detection based on the model's source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals' effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection