5,427 research outputs found
Side-Channel Attacks and Countermeasures for the MK-3 Authenticated Encryption Scheme
In the field of cryptography, the focus is often placed on security in a mathematical or information-theoretic sense; for example, cipher security is typically evaluated by the difficulty of deducing the plaintext from the ciphertext without knowledge of the key. However, once these cryptographic schemes are implemented in electronic devices, another class of attack presents itself. Side-channel attacks take advantage of the side effects of performing a computation, such as power consumption or electromagnetic emissions, to extract information outside of normal means. In particular, these side-channels can reveal parts of the internal state of a computation. This is important because intermediate values occurring during computation are typically considered implementation details, invisible to a potential attacker. If this information is revealed, then the assumptions of a non-side-channel-aware security analysis based only on inputs and outputs will no longer hold, potentially enabling an attack. This work tests the effectiveness of power-based side-channel attacks against MK-3, a customizable authenticated encryption scheme developed in a collaboration between RIT and L3Harris Technologies. Using an FPGA platform, Correlation Power Analysis (CPA) is performed on several different implementations of the algorithm to evaluate their resistance to power side-channel attacks. This method does not allow the key to be recovered directly; instead, an equivalent 512-bit intermediate state value is targeted. By applying two sequential stages of analysis, a total of between 216 and 322 bits are recovered, dependent on customization parameters. If a 128-bit key is used, then this technique has no benefit to an attacker over brute-forcing the key itself; however, in the case of a 256-bit key, CPA may provide up to a 66-bit advantage. In order to completely defend MK-3 against this type of attack, several potential countermeasures are discussed at the implementation, design, and overall system levels
Mitigating Differential Power Analysis Attacks on AES using NeuroMemristive Hardware
Cryptographic algorithms such as the Advanced Encryption Standard (AES) are vulnerable to side channel attacks. AES was once thought to be impervious to attacks, but this proved to be true only for a mathematical model of AES, not a physical realization. Hard- ware implementations leak side channel information such as power dissipation. One of the practical SCA attacks is the Differential power analysis (DPA) attack, which statistically analyzes power measurements to ïŹnd data-dependent correlations.
Several countermeasures against DPA have been proposed at the circuit and logic level in conventional technologies. These techniques generally include masking the data inside the algorithm or hiding the power proïŹle. Next generation processors bring in additional challenges to mitigate DPA attacks, by way of heterogeneity of the devices used in the hardware realizations. Neuromemristive systems hold potential in this domain and also bring new challenges to the hardware security of cryptosystems.
In this exploratory work, a neuromemristive architecture was designed to compute an AES transformation and mitigate DPA attacks. The random power proïŹle of the neuromemristive architecture reduces the correlations between data and power consumption. Hardware primitives, such as neuron and synapse circuits were developed along with a framework to generate neural networks in hardware.
An attack framework was developed to run DPA attacks using different leakage models. A baseline AES cryptoprocessor using only CMOS technology was attacked successfully.
The SubBytes transformation was replaced by a neuromemristive architecture, and the proposed designs were more resilient against DPA attacks at the cost of increased power consumption
An n-sided polygonal model to calculate the impact of cyber security events
This paper presents a model to represent graphically the impact of cyber
events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The
approach considers information about all entities composing an information
system (e.g., users, IP addresses, communication protocols, physical and
logical resources, etc.). Every axis is composed of entities that contribute to
the execution of the security event. Each entity has an associated weighting
factor that measures its contribution using a multi-criteria methodology named
CARVER. The graphical representation of cyber events is depicted as straight
lines (one dimension) or polygons (two or more dimensions). Geometrical
operations are used to compute the size (i.e, length, perimeter, surface area)
and thus the impact of each event. As a result, it is possible to identify and
compare the magnitude of cyber events. A case study with multiple security
events is presented as an illustration on how the model is built and computed.Comment: 16 pages, 5 figures, 2 tables, 11th International Conference on Risks
and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France,
September 201
CIDPro: Custom Instructions for Dynamic Program Diversification
Timing side-channel attacks pose a major threat to embedded systems due to
their ease of accessibility. We propose CIDPro, a framework that relies on
dynamic program diversification to mitigate timing side-channel leakage. The
proposed framework integrates the widely used LLVM compiler infrastructure and
the increasingly popular RISC-V FPGA soft-processor. The compiler automatically
generates custom instructions in the security critical segments of the program,
and the instructions execute on the RISC-V custom co-processor to produce
diversified timing characteristics on each execution instance. CIDPro has been
implemented on the Zynq7000 XC7Z020 FPGA device to study the performance
overhead and security tradeoffs. Experimental results show that our solution
can achieve 80% and 86% timing side-channel capacity reduction for two
benchmarks with an acceptable performance overhead compared to existing
solutions. In addition, the proposed method incurs only a negligible hardware
area overhead of 1% slices of the entire RISC-V system
Secure Cryptographic Algorithm Implementation on Embedded Platforms
Sensitive systems that are based on smart cards use well-studied and well-developed
cryptosystems. Generally these cryptosystems have been subject to rigorous mathematical
analysis in an effort to uncover cryptographic weaknesses in the system.
The cryptosystems used in smart cards are, therefore, not usually vulnerable to
these types of attacks. Since smart cards are small objects that can be easily placed
in an environment where physical vulnerabilities can be exploited, adversaries have
turned to different avenues of attack.
This thesis describes the current state-of-the-art in side channel and fault analysis
against smart cards, and the countermeasures necessary to provide a secure
implementation. Both attack techniques need to be taken into consideration when
implementing cryptographic algorithms in smart cards.
In the domain of side-channel analysis a new application of using cache accesses
to attack an implementation of AES by observing the power consumption is described,
including an unpublished extension.
Several new fault attacks are proposed based on finding collisions between a
correct and a fault-induced execution of a secure secret algorithm. Other new fault
attacks include reducing the number of rounds of an algorithm to make a differential
cryptanalysis trivial, and fixing portions of the random value used in DSA to allow
key recovery.
Countermeasures are proposed for all the attacks described. The use of random
delays, a simple countermeasure, is improved to render it more secure and less
costly to implement. Several new countermeasures are proposed to counteract the
particular fault attacks proposed in this thesis. A new method of calculating a
modular exponentiation that is secure against side channel analysis is described,
based on ideas which have been proposed previously or are known within the smart
card industry. A novel method for protecting RSA against fault attacks is also
proposed based on securing the underlying Montgomery multiplication.
The majority of the fault attacks detailed have been implemented against actual
chips to demonstrate the feasibility of these attacks. Details of these experiments
are given in appendices. The experiments conducted to optimise the performance
of random delays are also described in an appendix
Power analysis on smartcard algorithms using simulation
This paper presents the results from a power analysis of the AES and RSA algorithms by\ud
simulation using the PINPAS tool. The PINPAS tool is capable of simulating the power\ud
consumption of assembler programs implemented in, amongst others, Hitachi H8/300\ud
assembler. The Hitachi H8/300 is a popular CPU for smartcards. Using the PINPAS tool, the\ud
vulnerability for power analysis attacks of straightforward AES and RSA implementations is\ud
examined. In case a vulnerability is found countermeasures are added to the implementation\ud
that attempt to counter power analysis attacks. After these modifications the analysis is\ud
performed again and the new results are compared to the original results
Secure and Efficient RNS Approach for Elliptic Curve Cryptography
Scalar multiplication, the main operation in elliptic
curve cryptographic protocols, is vulnerable to side-channel
(SCA) and fault injection (FA) attacks. An efficient countermeasure
for scalar multiplication can be provided by using alternative
number systems like the Residue Number System (RNS). In RNS,
a number is represented as a set of smaller numbers, where each
one is the result of the modular reduction with a given moduli
basis. Under certain requirements, a number can be uniquely
transformed from the integers to the RNS domain (and vice
versa) and all arithmetic operations can be performed in RNS.
This representation provides an inherent SCA and FA resistance
to many attacks and can be further enhanced by RNS arithmetic
manipulation or more traditional algorithmic countermeasures.
In this paper, extending our previous work, we explore the
potentials of RNS as an SCA and FA countermeasure and provide
an description of RNS based SCA and FA resistance means. We
propose a secure and efficient Montgomery Power Ladder based
scalar multiplication algorithm on RNS and discuss its SCAFA
resistance. The proposed algorithm is implemented on an
ARM Cortex A7 processor and its SCA-FA resistance is evaluated
by collecting preliminary leakage trace results that validate our
initial assumptions
- âŠ