Desenvolvimento de um Sistema de Ataques Side-Channel

Nowadays consumers expect their IoT devices and data to be adequately protected against any vulnerability. As such, the implementation of protection layers should no longer be taken into account once the device is fully developed. The most common method of ensuring the security of the devices is based on the encryption of the communication sent and received by the device. Regardless of the complexity of the algorithm and the theoretical protection against brute force attacks, the attackers have evolved their strategies. Despite the developers’ best efforts to secure and encrypt the device’s communications, there will always be some leakage of information somewhere in the device. Similarly, the attackers have now started to exploit and analyze these leaks in order to successfully break into the so-called secure devices. By its very nature, these leaks of information will always exist, and consequently, the developers should find countermeasures to either confuse the attacker with worthless information or somehow decorrelating the leaked information from the truth. In this context, the work presented in this report presents the development of methods to verify the difficulty of decryption of the different AES 128-bit modes through power analysis, and an application developed to simplify this task for future use. Lastly, the results of the attacks performed on different targets are presented. These include a Raspberry Pi 4 and an Arduino Nano which were not successful due to the overpowering existing noise, and the ChipWhisperer Lite ARM target with 5 different AES 128-bit modes which were successfully attacked, even with countermeasures implemented.Atualmente, os consumidores esperam que os seus dispositivos IoT e respetivos dados sejam adequadamente protegidos contra qualquer vulnerabilidade. Como tal, a implementação de camadas de proteção deverá deixar de ser tido em conta uma vez que o dispositivo esteja completamente desenvolvido. O método mais comum para garantir a segurança dos dispositivos é baseado na encriptação das comunicações do dispositivo. Independentemente da complexidade do algoritmo usado e a proteção teórica contra-ataques por força bruta, os atacantes evoluíram as suas estratégias. Apesar dos melhores esforços dos criadores para proteger e codificar as comunicações do dispositivo, há sempre alguma fuga de informação algures no dispositivo (informação side-channel) em forma de vibrações, flutuações na alimentação do sistema, radiação eletromagnética, etc. Os atacantes já começaram a explorar e analisar estas fugas de modo a invadir com sucesso os dispositivos e devido à sua própria natureza, estas fugas de informação existirão sempre. Consequentemente, os criadores dos sistemas devem desenvolver e implementar contramedidas para confundir o atacante com informação inútil ou de alguma forma descorrelacionar a informação libertada da verdade. Neste contexto, o trabalho apresentado neste relatório apresenta o desenvolvimento de métodos para verificar a dificuldade de descodificação dos diferentes modos AES de 128 bits através da análise da alimentação e uma aplicação desenvolvida para simplificar esta tarefa para utilização futura. Finalmente, são apresentados os resultados dos ataques realizados aos diferentes alvos. Estes incluem um Raspberry Pi 4 e um Arduino Nano os quais não foram bem sucedidos devido ao ruído excessivo existente, e o alvo ARM do ChipWhisperer Lite com 5 diferentes modos AES 128-bit que foram atacados com sucesso, mesmo com contramedidas implementadas

RSA algoritmasının Raspberry Pi üzerinde gerçeklemesine elektromanyetik yayınım analizi

In this paper, security analysis of RSA implementation on a Raspberry Pi against electromagnetic radiation analysis is evaluated. Two different RSA algorithm is implemented on Raspberry Pi. Simple Electromagnetic Analysis and Differential Electromagnetic Analysis attacks are performed. Using Simple Electromagnetic Analysis attack on an unprotected implementation, all key bits are found with one measurement. Also, Differential Electromagnetic Analysis attack is performed against an improved implemantation that has countermeasure against Simple Electromagnetic Analysis attack. One key bit is found using 2500 measurements with a correlation analysis in Differential Electromagnetic Analysis attack

Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations

Although power LEDs have been integrated in various devices that perform cryptographic operations for decades, the cryptanalysis risk they pose has not yet been investigated. In this paper, we present optical cryptanalysis, a new form of cryptanalytic side-channel attack, in which secret keys are extracted by using a photodiode to measure the light emitted by a device’s power LED and analyzing subtle fluctuations in the light intensity during cryptographic operations. We analyze the optical leakage of power LEDs of various consumer devices and the factors that affect the optical SNR. We then demonstrate end-to-end optical cryptanalytic attacks against a range of consumer devices (smartphone, smartcard, and Raspberry Pi, along with their USB peripherals) and recover secret keys (RSA, ECDSA, SIKE) from prior and recent versions of popular cryptographic libraries (GnuPG, Libgcrypt, PQCrypto-SIDH) from a maximum distance of 25 meter

Fault Injection using Crowbars on Embedded Systems

Causing a device to incorrectly execute an instruction or store faulty data is well-known strategy for attacking cryptographic implementations on embedded systems. One technique to generate such faults is to manipulate the supply voltage of the device. This paper introduces a novel technique to introduce those supply voltage manipulations onto existing digital systems, requiring minimal modifications to the device being attacked. This uses a crowbar to short the power supply for controlled periods of time. High-accuracy faults are demonstrated on the 8-bit AVR microcontroller, which can generate both single and multi-bit faults with high repeatability. Additionally this technique is demonstrated on a FPGA where it is capable of generating faults in both internal registers and the configuration fabric

Intelligent Circuits and Systems

ICICS-2020 is the third conference initiated by the School of Electronics and Electrical Engineering at Lovely Professional University that explored recent innovations of researchers working for the development of smart and green technologies in the fields of Energy, Electronics, Communications, Computers, and Control. ICICS provides innovators to identify new opportunities for the social and economic benefits of society.　 This conference bridges the gap between academics and R&D institutions, social visionaries, and experts from all strata of society to present their ongoing research activities and foster research relations between them. It provides opportunities for the exchange of new ideas, applications, and experiences in the field of smart technologies and finding global partners for future collaboration. The ICICS-2020 was conducted in two broad categories, Intelligent Circuits & Intelligent Systems and Emerging Technologies in Electrical Engineering

Interference Suppression in Massive MIMO VLC Systems

The focus of this dissertation is on the development and evaluation of methods and principles to mitigate interference in multiuser visible light communication (VLC) systems using several transmitters. All components of such a massive multiple-input multiple-output (MIMO) system are considered and transformed into a communication system model, while also paying particular attention to the hardware requirements of different modulation schemes. By analyzing all steps in the communication process, the inter-channel interference between users is identified as the most critical aspect. Several methods of suppressing this kind of interference, i.e. to split the MIMO channel into parallel single channels, are discussed, and a novel active LCD-based interference suppression principle at the receiver side is introduced as main aspect of this work. This technique enables a dynamic adaption of the physical channel: compared to solely software-based or static approaches, the LCD interference suppression filter achieves adaptive channel separation without altering the characteristics of the transmitter lights. This is especially advantageous in dual-use scenarios with illumination requirements. Additionally, external interferers, like natural light or transmitter light sources of neighboring cells in a multicell setting, can also be suppressed without requiring any control over them. Each user's LCD filter is placed in front of the corresponding photodetector and configured in such a way that only light from desired transmitters can reach the detector by setting only the appropriate pixels to transparent, while light from unwanted transmitters remains blocked. The effectiveness of this method is tested and benchmarked against zero-forcing (ZF) precoding in different scenarios and applications by numerical simulations and also verified experimentally in a large MIMO VLC testbed created specifically for this purpose

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research