Physical functions : the common factor of side-channel and fault attacks ?

International audienceSecurity is a key component for information technologies and communication. Among the security threats, a very important one is certainly due to vulnerabilities of the integrated circuits that implement cryptographic algorithms. These electronic devices (such as smartcards) could fall into the hands of malicious people and then could be sub-ject to "physical attacks". These attacks are generally classified into two categories : fault and side-channel attacks. One of the main challenges to secure circuits against such attacks is to propose methods and tools to estimate as soundly as possible, the efficiency of protections. Numer-ous works attend to provide tools based on sound statistical techniques but, to our knowledge, only address side-channel attacks. In this article, a formal link between fault and side-channel attacks is presented. The common factor between them is what we called the 'physical' function which is an extension of the concept of 'leakage function' widely used in side-channel community. We think that our work could make possible the re-use (certainly modulo some adjustments) for fault attacks of the strong theoretical background developed for side-channel attacks. This work could also make easier the combination of side-channel and fault attacks and thus, certainly could facilitate the discovery of new attack paths. But more importantly, the notion of physical functions opens from now new challenges about estimating the protection of circuits

Generic SCARE: reverse engineering without knowing the algorithm nor the machine

We introduce a novel side-channel-based reverse engineering technique capable of reconstructing a procedure solely from inputs, outputs, and traces of execution. Beyond generic restrictions, we do not assume any prior knowledge of the procedure or the chip it operates on. These restrictions confine our analysis to 8-bit RISC constant-time software implementations. Specifically, we demonstrate the feasibility of reconstructing a symmetric cryptographic cipher, even in scenarios where traces are sampled with information loss and noise, such as when measuring the power consumption of the chip

A unified formalism for side-channel and fault attacks on cryptographic circuits

National audienceSecurity is a key component for information technologies and communication. Security is a very large research area involved in the whole information technology, related to both hardware and software. This paper focuses on hardware security, and more specifically on hardware cryptanalysis whose aim is to extract confidential information (such as encryption keys) from cryptographic circuits. Many physical cryptanalysis techniques have been proposed in the last ten years but they always belong to one of those very distinct categories: fault and side channel attacks. In this article, a formal link between these two categories is proposed. To the best of our knowledge, this is the first time that a wide class of attacks is described in such a generic manner

Formalism for physical attacks

International audienceSecurity is a key component for information technologies and communication. Among the security threats, a very important one is certainly due to vulnerabilities of the integrated circuits that implement cryptographic algorithms to ensure confidentiality, authentication or data integrity (such as smartcards). Among them, the attacks that require a physical access to the circuit, also called “hardware attacks”, enable to retrieve the cryptographic material (such as ``keys'') in a really efficient and powerful way. There are two main kinds of such attacks. The first one, called “side channel attacks”, consists in observing some physical characteristics (such as power consumption or electromagnetic radiation) which are modified during the circuit's computation. The second technique, called “fault attacks”, consists in disrupting the circuit's behavior. Our work is, to our knowledge, the first attempt to describe these two kinds of attacks, which seem very different at first sight, with a common formalism, i.e. with a small set of concepts and algorithms.In the first part of the talk, the side channel and fault attacks will be shortly presented. Next, the concepts and the algorithms which are common to these attacks will be detailed. Then, we’ll show that our proposed formalism easily fits with several representative examples (such as DPA, DFA, DBA, FSA, etc.). At last, the perspectives of our work will be highlighted. For example, we plan to define ``new'' attacks as new combinations of the concepts and the algorithms of our formalism. Then, we plan to provide efficient and modular implementation of these attacks. The long-term aim of this work is to merge the advantages of attack-specific protections to enable a more generic set of countermeasures

A Template Attack Against VERIFY PIN Algorithms

International audienceThis paper presents the first side channel analysis from electromagnetic emissions on VERIFY PIN algorithms. To enter a PIN code, a user has a limited number of trials. Therefore the main difficulty of the attack is to succeed with very few traces. More precisely, this work implements a template attack and experimentally verifies its success rate. It becomes a new real threat, and it is feasible on a low cost and portable platform. Moreover, this paper shows that some protections for VERIFY PIN algorithms against fault attacks introduce new vulnerabilities with respect to side channel analysis

A FORMALISM FOR PHYSICAL ATTACKS ON CRYPTOGRAPHIC DEVICES AND ITS EXPLOITATION TO COMPARE AND RESEARCH NEWS ATTACKS

Cette thèse se situe dans la cryptanalyse physique des algorithmes de chiffrement par blocs. Un algorithme cryptographique est conçu pour être mathématiquement robuste. Cependant, une fois implémenté dans un circuit, il est possible d'attaquer les failles de ce dernier. Par opposition à la cryptanalyse classique, on parle alors d'attaques physiques. Celles-ci ne permettent pas d'attaquer l'algorithme en soi, mais son implémentation matérielle. Il existe deux grandes familles d'attaques physiques différentes : les attaques par observation du circuit durant le chiffrement, et les attaques par injections de fautes, qui analysent l'effet d'une perturbation intentionnelle sur le fonctionnement du circuit. Les attaques physiques ont deux types d'objectifs : rechercher la clé ou faire de la rétro-conception (retrouver une partie d'un algorithme de chiffrement privé, ex : s-boxes modifiées). Bien que leurs principes semblent distincts, cette thèse présente un formalisme qui permet d'unifier toutes ces attaques. L'idée est de décrire les attaques physiques de façon similaire, afin de pouvoir les comparer. De plus, ce formalisme a permis de mettre en évidence de nouvelles attaques. Des travaux novateurs ayant pour objet de retrouver la clé de chiffrement d'un AES, uniquement avec la consommation de courant ont été menés. Une nouvelle attaque de type FIRE (Fault Injection for Reverse Engineering) pour retrouver les s-boxes d'un pseudo DES est également présentée dans la thèse. Ce travail a abouti sur une réflexion plus générale, sur les attaques par injections de fautes dans les schémas de Feistel classiques et généralisés.The main subject of this work is the physical cryptanalysis of blocks ciphers. Even if cryptographic algorithms are properly designed mathematically, they may be vulnerable to physical attacks. Physical attacks are mainly divided in two families: the side channel attacks which are based on the observation of the circuit behaviour during the computation, and the fault injection attacks which consist in disturbing the computation in order to alter the correct progress of the algorithm. These attacks are used to target the cipher key or to reverse engineer the algorithm. A formalism is proposed in order to describe the two families in a unified way. Unifying the different attacks under a same formalism allows to deal with them with common mathematical tools. Additionally, it allows a comparison between different attacks. Using this framework, a generic method to assess the vulnerabilities of generalized Feistel networks to differential fault analysis is presented. This work is furthermore extended to improve a FIRE attack on DES-like cryptosystems with customized s-boxes

UN FORMALISME UNIFIANT LES ATTAQUES PHYSIQUES SUR CIRCUITS CRYTOGRAPHIQUES ET SON EXPLOITATION AFIN DE COMPARER ET RECHERCHER DE NOUVELLES ATTAQUES

The main subject of this work is the physical cryptanalysis of blocks ciphers. Even if cryptographic algorithms are properly designed mathematically, they may be vulnerable to physical attacks. Physical attacks are mainly divided in two families: the side channel attacks which are based on the observation of the circuit behaviour during the computation, and the fault injection attacks which consist in disturbing the computation in order to alter the correct progress of the algorithm. These attacks are used to target the cipher key or to reverse engineer the algorithm. A formalism is proposed in order to describe the two families in a unified way. Unifying the different attacks under a same formalism allows to deal with them with common mathematical tools. Additionally, it allows a comparison between different attacks. Using this framework, a generic method to assess the vulnerabilities of generalized Feistel networks to differential fault analysis is presented. This work is furthermore extended to improve a FIRE attack on DES-like cryptosystems with customized s-boxes.Cette thèse se situe dans la cryptanalyse physique des algorithmes de chiffrement par blocs. Un algorithme cryptographique est conçu pour être mathématiquement robuste. Cependant, une fois implémenté dans un circuit, il est possible d'attaquer les failles de ce dernier. Par opposition à la cryptanalyse classique, on parle alors d'attaques physiques. Celles-ci ne permettent pas d'attaquer l'algorithme en soi, mais son implémentation matérielle. Il existe deux grandes familles d'attaques physiques différentes : les attaques par observation du circuit durant le chiffrement, et les attaques par injections de fautes, qui analysent l'effet d'une perturbation intentionnelle sur le fonctionnement du circuit. Les attaques physiques ont deux types d'objectifs : rechercher la clé ou faire de la rétro-conception (retrouver une partie d'un algorithme de chiffrement privé, ex : s-boxes modifiées). Bien que leurs principes semblent distincts, cette thèse présente un formalisme qui permet d'unifier toutes ces attaques. L'idée est de décrire les attaques physiques de façon similaire, afin de pouvoir les comparer. De plus, ce formalisme a permis de mettre en évidence de nouvelles attaques. Des travaux novateurs ayant pour objet de retrouver la clé de chiffrement d'un AES, uniquement avec la consommation de courant ont été menés. Une nouvelle attaque de type FIRE (Fault Injection for Reverse Engineering) pour retrouver les s-boxes d'un pseudo DES est également présentée dans la thèse. Ce travail a abouti sur une réflexion plus générale, sur les attaques par injections de fautes dans les schémas de Feistel classiques et généralisés

Des attaques informatiques utilisant la physique

National audienceQuand on parle de sécurité informatique, la plupart des gens pensent aux mathématiques et à la cryptographie au sens logique théorique, mais peu pensent à la physique. Or dans la physique se cachent actuellement de nombreuses failles de sécurité, extrêmement difficiles à anticiper