152 research outputs found
New Single-Trace Side-Channel Attacks on a Specific Class of Elgamal Cryptosystem
In 2005, Yen et al. proposed the first attack on the modular exponentiation algorithms such as BRIP and square-and-multiply-always methods. This attack makes use of the ciphertext as a distinguisher of low order to obtain a strong relation between side-channel leakages and secret exponent. The so-called attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against attack, several literatures propose the simplest solution, i.e. \textquotedblleft block the special message . In this paper, we conduct an in-depth research on the attack based on the square-and-multiply-always (SMA) and Montgomery Ladder (ML) algorithms. We show that despite the unaccepted ciphertext countermeasure, other types of attacks is applicable to specific classes of Elgamal cryptosystems. We propose new chosen-message power-analysis attacks with order-4 elements which utilize a chosen ciphertext such that where is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when . We demonstrate that ML and SMA algorithms are subjected to our new -type attack by utilizing a different ciphertext. We implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and our experiments validate the feasibility and effectiveness of the attacks by using only a single power trace
Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs
We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the ground electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer\u27s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.
Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz)
A Hybrid Cryptosystem Using Vigenère Cipher and Rabin-p Algorithm in Securing BMP Files
Vigenère cipher is a classical cryptography algorithm and similar to other classical algorithms, it produces smaller but less secure ciphertexts than a public key cryptography algorithm. Meanwhile, Rabin-p is a public key cryptography algorithm with a stronger encryption than Vigenère cipher. Nevertheless, as a public key algorithm, Rabin-p is inefficient to encrypt vast amounts of messages such as BMP image files, since the size of the cipherimages will increase manyfold and this would lead to a problem in storing and sending the cipherimages. To overcome these problems, in this study, we combined the Vigenère cipher and the Rabin-p algorithm in a hybrid cryptosystem scheme. In the experiment, the Vigenère cipher was used to encrypt the BMP files and the Rabin-p algorithm was used to encrypt the Vigenère keys. The result showed that the size of the cipherimages did not increase and the decryption procedure could recover the original BMP files while maintaining their integrity
Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging
Side-Channel Analysis plays an important role in cryptology, as
it represents an important class of attacks against cryptographic
implementations, especially in the context of embedded systems
such as hand-held mobile devices, smart cards, RFID tags, etc.
These types of attacks bypass any intrinsic mathematical security
of the cryptographic algorithm or protocol by exploiting observable
side-effects of the execution of the cryptographic operation that
may exhibit some relationship with the internal (secret) parameters
in the device. Two of the main types of side-channel attacks are
timing attacks or timing analysis, where the relationship between
the execution time and secret parameters is exploited; and power
analysis, which exploits the relationship between power consumption
and the operations being executed by a processor as well as the
data that these operations work with. For power analysis, two
main types have been proposed: simple power analysis (SPA) which
relies on direct observation on a single measurement, and
differential power analysis (DPA), which uses multiple
measurements combined with statistical processing to extract
information from the small variations in power consumption
correlated to the data.
In this thesis, we propose several countermeasures to these
types of attacks, with the main themes being timing analysis
and SPA. In addition to these themes, one of our contributions
expands upon the ideas behind SPA to present a constructive
use of these techniques in the context of embedded systems
debugging.
In our first contribution, we present a countermeasure against
timing attacks where an optimized form of idle-wait is proposed
with the goal of making the observable decryption time constant
for most operations while maintaining the overhead to a minimum.
We show that not only we reduce the overhead in terms of execution
speed, but also the computational cost of the countermeasure,
which represents a considerable advantage in the context of
devices relying on battery power, where reduced computations
translates into lower power consumption and thus increased
battery life. This is indeed one of the important themes for
all of the contributions related to countermeasures to side-
channel attacks.
Our second and third contributions focus on power analysis;
specifically, SPA. We address the issue of straightforward
implementations of binary exponentiation algorithms (or scalar
multiplication, in the context of elliptic curve cryptography)
making a cryptographic system vulnerable to SPA. Solutions
previously proposed introduce a considerable performance
penalty. We propose a new method, namely Square-and-Buffered-
Multiplications (SABM), that implements an SPA-resistant binary
exponentiation exhibiting optimal execution time at the cost of
a small amount of storage --- O(\sqrt(\ell)), where \ell is the
bit length of the exponent. The technique is optimal in the
sense that it adds SPA-resistance to an underlying binary
exponentiation algorithm while introducing zero computational
overhead.
We then present several new SPA-resistant algorithms that result
from a novel way of combining the SABM method with an alternative
binary exponentiation algorithm where the exponent is split in
two halves for simultaneous processing, showing that by combining
the two techniques, we can make use of signed-digit representations
of the exponent to further improve performance while maintaining
SPA-resistance. We also discuss the possibility of our method
being implemented in a way that a certain level of resistance
against DPA may be obtained.
In a related contribution, we extend these ideas used in SPA and
propose a technique to non-intrusively monitor a device and trace
program execution, with the intended application of assisting in
the difficult task of debugging embedded systems at deployment
or production stage, when standard debugging tools or auxiliary
components to facilitate debugging are no longer enabled in the
device. One of the important highlights of this contribution is
the fact that the system works on a standard PC, capturing the
power traces through the recording input of the sound card
Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation Attacks Haunting Post-Quantum Security
This survey is on forward-looking, emerging security concerns in post-quantum
era, i.e., the implementation attacks for 2022 winners of NIST post-quantum
cryptography (PQC) competition and thus the visions, insights, and discussions
can be used as a step forward towards scrutinizing the new standards for
applications ranging from Metaverse, Web 3.0 to deeply-embedded systems. The
rapid advances in quantum computing have brought immense opportunities for
scientific discovery and technological progress; however, it poses a major risk
to today's security since advanced quantum computers are believed to break all
traditional public-key cryptographic algorithms. This has led to active
research on PQC algorithms that are believed to be secure against classical and
powerful quantum computers. However, algorithmic security is unfortunately
insufficient, and many cryptographic algorithms are vulnerable to side-channel
attacks (SCA), where an attacker passively or actively gets side-channel data
to compromise the security properties that are assumed to be safe
theoretically. In this survey, we explore such imminent threats and their
countermeasures with respect to PQC. We provide the respective, latest
advancements in PQC research, as well as assessments and providing visions on
the different types of SCAs
Who watches the watchmen? : Utilizing Performance Monitors for Compromising keys of RSA on Intel Platforms
Asymmetric-key cryptographic algorithms when implemented
on systems with branch predictors, are subjected
to side-channel attacks
exploiting the deterministic branch
predictor behavior due to their key-dependent input sequences. We show that branch predictors can also
leak information through the hardware
performance monitors which are
accessible by an adversary at the
user-privilege level. This paper presents
an iterative attack which target the
key-bits of 1024 bit RSA, where in
offline phase, the system’s underlying
branch predictor is approximated
by a theoretical predictor in literature.
Subsimulations are performed
to classify the message-space into
distinct partitions based on the event
branch misprediction and the target key
bit value. In online phase, we ascertain
the secret key bit using branch mispredictions
obtained from the hardware performance
monitors which reflect the information of branch
miss due to the underlying predictor hardware.
We theoretically prove that the probability
of success of the attack is equivalent to the accurate
modelling of the theoretical predictor to the underlying system predictor. Experimentations reveal that the
success-rate increases with message-count and reaches such a significant value so as to consider side-channel
from the performance counters as a real threat
to RSA-like ciphers due
to the underlying branch predictors and
needs to be considered for developing secured-systems
- …