Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment

Side-channel attacks exploit the unintentional emissions from cryptographic devices to determine the secret encryption key. This research identifies methods to make attacks demonstrated in an academic environment more operationally relevant. Algebraic cryptanalysis is used to reconcile redundant information extracted from side-channel attacks on the AES key schedule. A novel thresholding technique is used to select key byte guesses for a satisfiability solver resulting in a 97.5% success rate despite failing for 100% of attacks using standard methods. Two techniques are developed to compensate for differences in emissions from training and test devices dramatically improving the effectiveness of cross device template attacks. Mean and variance normalization improves same part number attack success rates from 65.1% to 100%, and increases the number of locations an attack can be performed by 226%. When normalization is combined with a novel technique to identify and filter signals in collected traces not related to the encryption operation, the number of traces required to perform a successful attack is reduced by 85.8% on average. Finally, software-defined radios are shown to be an effective low-cost method for collecting side-channel emissions in real-time, eliminating the need to modify or profile the target encryption device to gain precise timing information

Using Relocatable Bitstreams for Fault Tolerance

This research develops a method for relocating reconfigurable modules on the Virtex-II (Pro) family of Field Programmable Gate Arrays (FPGAs). A bitstream translation program is developed which correctly changes the location of a partial bitstream that implements a module on the FPGA. To take advantage of relocatable modules, three fault-tolerance circuit designs are developed and tested. This circuit can operate through a fault by efficiently removing the faulty module and replacing it with a relocated module without faults. The FPGA can recover from faults at a known location, without the need for external intervention using an embedded fault recovery system. The recovery system uses an internal PowerPC to relocate the modules and reprogram the FPGA. Due to the limited architecture of the target FPGA and Xilinx tool errors, an FPGA with automatic fault recovery could not be demonstrated. However, the various components needed to do this type of recovery have been implemented and demonstrated individually

Regulation of sister chromosome cohesion by the replication fork tracking protein SeqA.

Analogously to chromosome cohesion in eukaryotes, newly replicated DNA in E. coli is held together by inter-sister linkages before partitioning into daughter nucleoids. In both cases, initial joining is apparently mediated by DNA catenation, in which replication-induced positive supercoils diffuse behind the fork, causing newly replicated duplexes to twist around each other. Type-II topoisomerase-catalyzed sister separation is delayed by the well-characterized cohesin complex in eukaryotes, but cohesion control in E. coli is not currently understood. We report that the abundant fork tracking protein SeqA is a strong positive regulator of cohesion, and is responsible for markedly prolonged cohesion observed at "snap" loci. Epistasis analysis suggests that SeqA stabilizes cohesion by antagonizing Topo IV-mediated sister resolution, and possibly also by a direct bridging mechanism. We show that variable cohesion observed along the E. coli chromosome is caused by differential SeqA binding, with oriC and snap loci binding disproportionally more SeqA. We propose that SeqA binding results in loose inter-duplex junctions that are resistant to Topo IV cleavage. Lastly, reducing cohesion by genetic manipulation of Topo IV or SeqA resulted in dramatically slowed sister locus separation and poor nucleoid partitioning, indicating that cohesion has a prominent role in chromosome segregation

Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios

Side-channel analysis has been used to successfully attack many cryptographic systems. However, to improve trace quality and make collection of side-channel data easier, the attacker typically modifies the target device to add a trigger signal. This trigger implies a very powerful attacker with virtually complete control over the device. This paper describes a method to collect side-channel data using a software defined radio (SDR) in real-time without requiring a collection device trigger. A correlation-based frequency-dependent leakage mapping technique is introduced to evaluate a 32-bit microprocessor, revealing that individual key bytes leak at different frequencies. Key byte-dependent leakage is observed in both SDR collected and triggered oscilloscope-based collections (which serve to validate the SDR data). This research is the first to demonstrate effective differential attack using SDRs. Successful attacks are presented using two SDRs, including a US$20 digital television receiver with modified drivers

Statistical Analysis and Comparison of Linear Regression Attacks on the Advanced Encryption Standard

This research investigates profiled linear regression-based attacks for extracting the advanced encryption standard (AES) secret key. Several methods from recent advancements are compared for their capability to correctly build the multivariate distribution for profiling. Attack performance shows greater than 98% success rate with as few as 100 training and test traces. In 8 out of 9 test cases examined, linear regression attacks using the coefficient of determination R2, adjusted coefficient of determination R2a and correlation power analysis (CPA) performed better than or equal to the original stochastic attack and attack using the symmetry metric. Our new method using R2a is proven to suppress unimportant variables and enhance important ones better than other methods. It is successful when the microcontrollers and data collection hardware differ between training and test phases and is found to be more effective in noisy environments than CPA

Improving Cross-Device Attacks using Zero-Mean Unit-Variance Normalization

Template attacks are a very powerful form of side-channel analysis. It is assumed an adversary has access to a training device, identical to the device under attack, to build a precise multivariate characterization of the side-channel emissions. The training and test devices are assumed to have identical, or at least very similar, electromagnetic emissions. Often, when evaluating the effectiveness of a template attack, training and test data are from the same-device. The effectiveness of collecting training and test data from different devices, or cross-device attacks, are evaluated here using 40 PIC microcontroller devices. When the standard template attack methodology fails to produce adequate results, each step is evaluated to identify device-dependent variations. A simple pre-processing technique, normalizing the trace means and variances from the training and test devices, is evaluated for various test data set sizes. This step improves the success key-byte extraction rate for same part number cross-device template attacks from 65.1 to 100 % and improves attacks against similar devices in the same-device family. Additionally, it is demonstrated that due to differences in device leakage, minimizing the number of distinguishing features reduces the effectiveness of cross-device attacks

Models for cohesion and cohesion-mediated chromosome segregation.

<p>(A) SeqA-dependent precatenane removal. Positive supercoils migrate behind the replisome, entwining newly replicated sister regions. Resolution of precatenanes by Topo IV (green) is delayed by SeqA (red), which binds to hemimethylated DNA tracts behind the fork. Five to ten minutes after fork passage, DNA is remethylated by Dam (blue), releasing SeqA, and allowing Topo IV to resolve inter-sister links. SeqA may inhibit Topo IV by restraining supercoils, which transforms Topo IV-reactive hooked juxtaposition crossings (lower left brackets) to Topo IV-unreactive unhooked crossings (lower right brackets). (B) Simultaneous release of cohesion along right-arm snap regions (red) promotes abrupt sister separation and results in individualized daughter nucleoids (middle). Premature cohesion loss results in poor sister individualization (top). Deficient removal of cohesion results in late/unfinished sister separation (bottom).</p

Synchronized cell analysis of Δ<i>seqA</i>, Δ<i>mukB and parE10</i> strains.

<p>(A) Timing of replication and segregation of the <i>gln</i> locus. Cells were synchronized by baby machine in minimal alanine media at the indicated temperature and assayed for <i>gln</i> copy number (grey triangles) and number of TetR-YFP foci per cell (black circles) during the cell cycle. Values are means of two experiments ±1 SD. Dashed lines indicate the cumulative percentage of cells in the synchronized fraction that have replicated and segregated the <i>gln</i> locus (right ordinate), with times at 50% shown in minutes after birth. (B) Cell cycle diagrams are shown based on the timing of <i>oriC</i>, <i>gln</i> and <i>ter</i> duplication by qPCR (<a href="http://www.plosgenetics.org/article/info:doi/10.1371/journal.pgen.1003673#s4" target="_blank">Materials and Methods</a>). Doubling times in minimal alanine media were: WT/30°C, 119 min; WT/37°C, 98 min; Δ<i>seqA</i>/30°C, 134 min; Δ<i>mukB</i>/30°C, 211 min; <i>parE10</i>/30°C, 147 min; <i>parE10</i>/37°C, 174 min.</p

Topo IV reduces cohesion at both snap and non-snap loci.

<p>(A–B) Raw cohesion values at <i>gln</i> (<i>A</i>) and <i>dnaB</i> (<i>B</i>) after Topo IV inactivation. Copy number per TetR-YFP focus was determined in <i>parE10</i> (dark shaded symbols) and <i>par⁺</i> control (light shaded symbols) cells after shift to restrictive temperature. Values are means of 3–4 experiments ±1 SD. Cells were grown to early log phase at 30°C in minimal succinate medium, shifted to 42°C, and assayed as described in <a href="http://www.plosgenetics.org/article/info:doi/10.1371/journal.pgen.1003673#pgen-1003673-g001" target="_blank">Figure 1</a>. (C) Relative <i>gln</i> and <i>dnaB</i> cohesion after Topo IV inactivation, normalized to 30°C. The difference in cohesion (copies/focus) between <i>parE10</i> and WT at each time point relative to the difference at t = 0 is shown for <i>gln</i> and <i>dnaB</i>. (D) Representative micrographs of wild-type and <i>parE10</i> cells at 30°C and 42°C.</p

Cohesion in <i>E. coli</i> chromosome structure mutants.

<p>(A) Cohesion assay. Cohesion values (<i>gln</i> copies per focus) are determined by independently measuring <i>gln</i> copy number and resolvable <i>gln</i> foci per cell in asynchronous exponential cells bearing a <i>tetO</i> array at <i>gln</i> and expressing fluorescent TetR-YFP. See text for details. (B) <i>gln</i> copy number and TetR-YFP foci per cell in wild-type and mutant cells bearing a <i>tetO</i> array at the <i>gln</i> locus. Cells were grown exponentially in minimal alanine media, and <i>gln</i> copy number and foci per cell were determined (<a href="http://www.plosgenetics.org/article/info:doi/10.1371/journal.pgen.1003673#s4" target="_blank">Materials and Methods</a>). Cells were grown continually at 30°C or shifted to the indicated temperature 4 hours prior to analysis. Values are means of three independent experiments ±1 standard deviation (SD). (C) Cohesion values (average number of <i>gln</i> copies per <i>gln</i> focus) for candidate mutant strains. Focus values were adjusted for small inefficiencies of fluorescent detection (<a href="http://www.plosgenetics.org/article/info:doi/10.1371/journal.pgen.1003673#s4" target="_blank">Materials and Methods</a>).</p