Methods increasing inherent resistance of ECC designs against horizontal attacks

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2n)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

The Montgomery kP algorithm i.e. the Montgomery ladder is reported in literature as resistant against simple SCA due to the fact that the processing of each key bit value of the scalar k is done using the same sequence of operations. We implemented the Montgomery kP algorithm using Lopez-Dahab projective coordinates for the NIST elliptic curve B-233. We instantiated the same VHDL code for a wide range of clock frequencies for the same target FPGA and using the same compiler options. We measured electromagnetic traces of the kP executions using the same input data, i.e. scalar k and elliptic curve point P, and measurement setup. Additionally, we synthesized the same VHDL code for two IHP CMOS technologies, for a broad spectrum of frequencies. We simulated the power consumption of each synthesized design during an execution of the kP operation, always using the same scalar k and elliptic curve point P as inputs. Our experiments clearly show that the success of simple electromagnetic analysis attacks against FPGA implementations as well as the one of simple power analysis attacks against synthesized ASIC designs depends on the target frequency for which the design was implemented and at which it is executed significantly. In our experiments the scalar k was successfully revealed via simple visual inspection of the electromagnetic traces of the FPGA for frequencies from 40 to 100 MHz when standard compile options were used as well as from 50 MHz up to 240 MHz when performance optimizing compile options were used. We obtained similar results attacking the power traces simulated for the ASIC. Despite the significant differences of the here investigated technologies the designs’ resistance against the attacks performed is similar: only a few points in the traces represent strong leakage sources allowing to reveal the key at very low and very high frequencies. For the “middle” frequencies the number of points which allow to successfully reveal the key increases when increasing the frequency

On wireless channel parameters for key generation in industrial environments

The advent of industry 4.0 with its idea of individualized mass production will significantly increase the demand for more flexibility on the production floor. Wireless communication provides this type of flexibility but puts the automation system at risk as potential attackers now can eavesdrop or even manipulate the messages exchanged even without getting access to the premises of the victim. Cryptographic means can prevent such attacks if applied properly. One of their core components is the distribution of keys. The generation of keys from channel parameters seems to be a promising approach in comparison to classical approaches based on public key cryptography as it avoids computing intense operations for exchanging keys. In this paper we investigated key generation approaches using channel parameters recorded in a real industrial environment. Our key results are that the key generation may take unpredictable long and that the resulting keys are of low quality with respect to the test for randomness we applied

Horizontal DEMA Attack as the Criterion to Select the Best Suitable EM Probe

Implementing cryptographic algorithms in a tamper resistant way is an extremely complex task as the algorithm used and the target platform have a significant impact on the potential leakage of the implementation. In addition the quality of the tools used for the attacks is of importance. In order to evaluate the resistance of a certain design against electromagnetic emanation attacks – as a highly relevant type of attacks – we discuss the quality of different electromagnetic (EM) probes as attack tools. In this paper we propose to use the results of horizontal attacks for comparison of measurement setup and for determining the best suitable instruments for measurements. We performed horizontal differential electromagnetic analysis (DEMA) attacks against our ECC design that is an im-plementation of the Montgomery kP algorithm for the NIST elliptic curve B-233. We experimented with 7 different EM probes under same conditions: attacked FPGA, design, inputs, measurement point and measurement equipment were the same, excepting EM probes. The used EM probe influences the success rate of performed attack significantly. We used this fact for the comparison of probes and for determining the best suitable one

Atomicity and Regularity Principles Do Not Ensure Full Resistance of ECC Designs against Single-Trace Attacks

Elliptic curve cryptography (ECC) is one of the commonly used standard methods for encrypting and signing messages which is especially applicable to resource-constrained devices such as sensor nodes that are networked in the Internet of Things. The same holds true for wearable sensors. In these fields of application, confidentiality and data integrity are of utmost importance as human lives depend on them. In this paper, we discuss the resistance of our fast dual-field ECDSA accelerator against side-channel analysis attacks. We present our implementation of a design supporting four different NIST elliptic curves to allow the reader to understand the discussion of the resistance aspects. For two different target platforms—ASIC and FPGA—we show that the application of atomic patterns, which is considered to ensure resistance against simple side-channel analysis attacks in the literature, is not sufficient to prevent either simple SCA or horizontal address-bit DPA attacks. We also evaluated an approach which is based on the activity of the field multiplier to increase the inherent resistance of the design against attacks performed

Horizontale Adress-Bit Seitenkanalangriffe gegen ECC und geeignete Gegenmaßnahmen

In this work we investigated the resistance of different kP implementations based on the Montgomery ladder against horizontal, i.e. single trace, attacks. Applying statistical methods for the analysis we were able to reveal the secret value k completely. The reason causing the success of our attacks is the key-dependent addressing of the registers and other design blocks, which is an inherent feature of binary kP algorithms. This dependency was successfully exploited in the past by Itoh et al. analyzing many hundreds of kP traces, i.e. this attack is a vertical address-bit differential power analysis attack against Montgomery ladder. The vulnerability of the Montgomery ladder against horizontal address-bit attacks was detected and demonstrated during our investigations. We were able to reveal the scalar k exploiting the address-bit vulnerability in single trace attacks using not only statistical methods, but also Fourier transform, selected clustering methods as well as one of the simplest methods – the automatized simple SCA. We performed successful horizontal address-bit SCA attacks against both types of ECs, i.e. against highly regular Montgomery ladder and against a binary kP algorithm implementing atomic patterns. The success of our attacks shows that the regularity and atomicity principles are not effective against horizontal address-bit attacks. As a means for reducing the attack success, we investigated the hiding ability of the field multiplier which is usually the largest block of kP designs. We implemented our field multiplier for ECs over prime fields corresponding to the 4-segment Karatsuba multiplication formula that reduces the execution time and the energy consumption for a kP operation by about 40 % in comparison to multipliers exploiting the classical multiplication formula. However, the energy consumption per clock remained in our multiplier without significant changes, i.e. the protective hiding properties of the multiplier as a noise source were not decreased. Another advantage of our field multiplier is its inherent resistance to horizontal collision attacks, in contrast to multipliers based on the classic multiplication formula. Additionally, we proposed regular scheduling for the block addressing as an effective strategy for reducing the success of horizontal address-bit attacks. Combining this approach with the hiding features of the field multipliers can increase the resistance of the kP designs for both types of ECs against a broad spectrum of SCA attacks. The mentioned analysis methods can be successfully applied for determining SCA leakage sources in the early design phase.In dieser Arbeit haben wir die Resistenz verschiedener, auf der Montgomery-Ladder-basierenden, kP-Implementierungen gegen Single-Trace-Angriffe untersucht. Single-Trace-Angriffe sind auch als horizontale Angriffe bekannt. Mittels statistischer Analyse wurde der Wert des Skalars k in unseren Angriffen erfolgreich extrahiert. Die Ursache des Erfolges unserer Angriffe ist die schlüsselabhängige Adressierung der Register und Designblöcke, die ein inhärenter Teil der binären kP-Algorithmen ist. Diese Abhängigkeit wurde in der Vergangenheit von Itoh et al. erfolgreich verwendet, um den geheimen Skalar k mittels differenzieller Analyse mehrerer Traces zu extrahieren. Dieser Angriff ist als vertikale Adress-Bit Differential Power Analyse gegen die Montgomery-Ladder bekannt. Die Vulnerabilität des Montgomery-Ladders im Hinblick auf horizontale Adress-Bit Seitenkanalangriffe wurde im Rahmen unserer Untersuchungen entdeckt und demonstriert. Wir haben für das Extrahieren des Skalars k nicht nur statistischen Analyse-Methoden, sondern auch die Fourier-Transformation, ausgewählte Clustering-Methoden sowie simple Seitenkanalangriffe erfolgreich verwendet. Die horizontalen Adress-Bit Angriffe wurden erfolgreich gegen beide Arten der elliptischen Kurven durchgeführt. Angegriffen wurde nicht nur die hochreguläre Montgomery Ladder für die ECs über GF(2n), sondern auch ein atomic pattern kP-Algorithmus für die ECs über GF(p). Der Erfolg der durchgeführten Angriffe demonstriert, dass die regularity und atomicity Prinzipien als alleinige Gegenmaßnahmen gegen horizontale Angriffe nicht wirksam sind. Als eine weitere Schutzmaßnahme wurde in dieser Arbeit die Aktivität des Feldmultiplizierers vorgeschlagen und untersucht. Der Feldmultiplizierer ist der größte Block in kP-Designs, und kann somit als eine interne Rauschquelle genutzt werden, um die Aktivität anderer Designblöcke zu verbergen. Wir haben den Feldmultiplizierer für ECs über Primkörper nach der 4-Segment-Karatsuba-Multiplikationsformel implementiert. Das reduziert die Ausführungszeit und – dementsprechend auch – den Energieverbrauch für eine kP-Operation um etwa 40 % im Vergleich zur klassischen Multiplikationsformel. Der Energieverbrauch pro Takt bleibt aber ohne wesentliche Änderungen, d.h. die Schutzeigenschaften des Multiplizierers als Rauschquelle wurden nicht beeinträchtigt. Ein weiterer Vorteil unseres Multiplizierers ist seine inhärente Resistenz gegen horizontale Korrelationsangriffe, im Gegensatz zu den Multiplieren auf Basis der klassischen Multiplikationsformel. Außerdem wurde hier eine regelmäßige Adressierung der Designblöcke als effektive Strategie zur Reduzierung des Erfolgs horizontaler Adress-Bit Angriffe vorgeschlagen, implementiert und untersucht. Die Kombination der regelmäßigen Adressierung mit den Hiding-Eigenschaften des Feldmultiplizierers kann die Resistenz der in Hardware implementierten kP-Designs gegen ein breites Spektrum von Seitenkanalangriffen signifikant erhöhen

Atomicity and Regularity Principles Do Not Ensure Full Resistance of ECC Designs against Single-Trace Attacks

Elliptic curve cryptography (ECC) is one of the commonly used standard methods for encrypting and signing messages which is especially applicable to resource-constrained devices such as sensor nodes that are networked in the Internet of Things. The same holds true for wearable sensors. In these fields of application, confidentiality and data integrity are of utmost importance as human lives depend on them. In this paper, we discuss the resistance of our fast dual-field ECDSA accelerator against side-channel analysis attacks. We present our implementation of a design supporting four different NIST elliptic curves to allow the reader to understand the discussion of the resistance aspects. For two different target platforms—ASIC and FPGA—we show that the application of atomic patterns, which is considered to ensure resistance against simple side-channel analysis attacks in the literature, is not sufficient to prevent either simple SCA or horizontal address-bit DPA attacks. We also evaluated an approach which is based on the activity of the field multiplier to increase the inherent resistance of the design against attacks performed

Non-Profiled Unsupervised Horizontal Iterative Attack against Hardware Elliptic Curve Scalar Multiplication Using Machine Learning

While IoT technology makes industries, cities, and homes smarter, it also opens the door to security risks. With the right equipment and physical access to the devices, the attacker can leverage side-channel information, like timing, power consumption, or electromagnetic emanation, to compromise cryptographic operations and extract the secret key. This work presents a side channel analysis of a cryptographic hardware accelerator for the Elliptic Curve Scalar Multiplication operation, implemented in a Field-Programmable Gate Array and as an Application-Specific Integrated Circuit. The presented framework consists of initial key extraction using a state-of-the-art statistical horizontal attack and is followed by regularized Artificial Neural Networks, which take, as input, the partially incorrect key guesses from the horizontal attack and correct them iteratively. The initial correctness of the horizontal attack, measured as the fraction of correctly extracted bits of the secret key, was improved from 75% to 98% by applying the iterative learning

On the Complexity of Attacking Elliptic Curve Based Authentication Chips

In this paper we discuss the difficulties of mounting successful attacks against crypto implementations if essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to the Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. If attacking commercial designs without signing NDAs, we were forced to intensively search the Internet for information about the designs. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. But we could not reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, as we did not knew the used keys we could not evaluate the success of our attack. To summarize, the effort of such an attack is significantly higher than the one of attacking a well-known implementation

On Wireless Channel Parameters for Key Generation in Industrial Environments

The advent of industry 4.0 with its idea of individualized mass production will significantly increase the demand for more flexibility on the production floor. Wireless communication provides this type of flexibility but puts the automation system at risk as potential attackers now can eavesdrop or even manipulate the messages exchanged even without getting access to the premises of the victim. Cryptographic means can prevent such attacks if applied properly. One of their core components is the distribution of keys. The generation of keys from channel parameters seems to be a promising approach in comparison to classical approaches based on public key cryptography as it avoids computing intense operations for exchanging keys. In this paper we investigated key generation approaches using channel parameters recorded in a real industrial environment. Our key results are that the key generation may take unpredictable long and that the resulting keys are of low quality with respect to the test for randomness we applied