Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented

Electromagnetic side channel attack

Cílem této práce je navrhnou a sestavit měřicí pracoviště pro zkoumání elektromagnetického postranního kanálu v kryptografii. A dále pak seznámit čtenáře se základními způsoby útoků elektromagnetickými a výkonovými postranními kanály, které představují efektivní způsob kryptoanalýzy moderních kryptosystémů. V teoretické části práce jsou uvedeny základní útoky postranními kanály, včetně jejich historie a modelů, z nichž vychází. Stěžejní část práce se věnuje vysvětlení základních principů útoků výkonovými a elektromagnetickými postranními kanály. Následně jsou v práci popsány fyzikální principy vzniku elektromagnetického pole a jsou zároveň popsány i metody, kterými lze vzniklé pole měřit. Uveden je rovněž příklad vzniku elektromagnetického pole u mikroprocesorů. V další části této práce jsou uvedeny teoretické základy potřebné pro úspěšnou realizací měření elektromagnetického pole mikroprocesorů PIC. Další část kapitoly je věnována šifrovacímu standardu AES, jehož činnost je zkoumána v praktické části. Dále jsou v této práci popsány parametry sond, které byly sestrojeny podle teoretických znalostí. V této kapitole je rovněž popsáno navržené měřicí pracoviště. A jsou zde zároveň uvedeny jednotlivé přístroje, používané v praktické části práce. V praktické části jsou popsány realizační aspekty, které mají za cíl dosažení ideálních podmínek měření jako je například volba vhodné sondy, zajištění vhodné polohy a vzdálenosti sondy od měřeného zařízení a v neposlední řadě správné nastavení osciloskopu a synchronizačního signálu. Dále jsou v práci zobrazeny naměřené elektromagnetické průběhy pro vybrané instrukce. Následuje analýza jednotlivých rund šifrovacího standardu AES i jeho analýza jako celku. Posléze jsou ještě provedeny metody jednoduché a diferenciální elektromagnetické analýzy. Na základě poznatků získaných v praktické části práce jsou popsány možná protiopatření, zaváděná proti útokům výkonovým a elektromagnetickým postranním kanálem. V závěru je provedeno stručné zhodnocení výsledků práce.The aim of this thesis is, firstly, to design and create the measuring environment for the research of electromagnetic side-channel attacks in cryptography; and secondly, to inform readers about the basics of electromagnetic and power side-channel attacks which present effective ways of the modern cryptosystems’ cryptoanalysis. In the theoretical part, the basic side-channel attacks, including their history and models, are described. The main part is focused on the explanation of the basic principles of power and electromagnetic side-channel attacks. Then, the work describes the basic physical principles of electromagnetic fields; and also the methods which can be used to measure the electromagnetic field. An example of the origination of the electromagnetic field in microprocessors is included. In the next part of the work the theoretical foundation necessary for successful implementation of the measurement of electromagnetic fields on the PIC microprocessor is presented. Next part of the chapter is devoted to the AES encryption standard, the activity of which is examined in the practical part. Furthermore, the magnetic probes, designed according to the theoretical knowledge are described. Also the research environment is described in this chapter. The list of measuring instruments used in the practical part is also included. The practical part of the work deals with the implementation aspects designed to achieve the ideal measurement conditions, such as the choice of appropriate probe, the appropriate location and distance between the probe and the measured system, setup of the oscilloscope and signal synchronization. Furthermore, the measured electromagnetic waveforms for selected instructions are presented. After that follows an analysis of the individual rounds of the AES encryption standard; the analysis of whole AES standard is also included. Then, the methods of simple and differential electromagnetic analysis are implemented. With regard to the knowledge gained in the practical part of the work, the possible countermeasures implemented against the power and electromagnetic side channel attacks are described. The final part of the work comprises a brief review of results.

Virtualization Technology: Cross-VM Cache Side Channel Attacks make it Vulnerable

Cloud computing provides an effective business model for the deployment of IT infrastructure, platform, and software services. Often, facilities are outsourced to cloud providers and this offers the service consumer virtualization technologies without the added cost burden of development. However, virtualization introduces serious threats to service delivery such as Denial of Service (DoS) attacks, Cross-VM Cache Side Channel attacks, Hypervisor Escape and Hyper-jacking. One of the most sophisticated forms of attack is the cross-VM cache side channel attack that exploits shared cache memory between VMs. A cache side channel attack results in side channel data leakage, such as cryptographic keys. Various techniques used by the attackers to launch cache side channel attack are presented, as is a critical analysis of countermeasures against cache side channel attacks

IDPAL - Input Decoupled Partially Adiabatic Logic Family: Theory and Implementation of Side-Channel Attack Resistant Circuits

The Input Decoupled Partially Adiabatic Logic (IDPAL) family was developed by Cutitaru to consume less power than other logic families as well as producing a resistance to side-channel attacks. With modifications made to IDPAL, the side-channel attack resistance is being revisited and quantified. The three logic families are compared in the work are CMOS, 2N2P, and IDPAL. An AND/NAND gate was created using each logic family and compared with two tests: 1) a simulated side-channel attack and 2) an energy analysis. In this work, a side-channel attack is the ability to predict the inputs of a logic circuit based on the electrical current waveform. For the Test 1, a higher prediction error suggests a higher resistance to attack. IDPAL produced the highest error in this test at 50.000%, which is 40.625% higher than in CMOS and 28.125% higher than in 2N2P. In Test 2, two primary statistics that were observed the variance in current trace (NSD and NED). Lower values of these measures implies a higher chance of a model resisting a side-channel attack. For the individual logic gates, the IDPAL model showed a lower variance in one of the two measures. For the Kogge-Stone adder, a more complex circuit, the IDPAL model was superior in both tests. With the results of the small and larger scale experiments in agreement, the final conclusion is that IDPAL does, indeed, resist side-channel attacks in a stronger fashion than other logic families