Presentation is loading. Please wait.

Presentation is loading. Please wait.

U n u s u a l Side Channel Countermeasure Ideas (that lend themselves to some form of provability)

Similar presentations


Presentation on theme: "U n u s u a l Side Channel Countermeasure Ideas (that lend themselves to some form of provability)"— Presentation transcript:

1 U n u s u a l Side Channel Countermeasure Ideas (that lend themselves to some form of provability)

2 The Solutions Galaxy

3

4 Hamster Wheel Keys Eric Brier, David Naccache, Nigel Smart

5 k A common practice In the past several authors proposed to prevent side channel attacks by having a key evolve in time. The typical setting is the following: ID, i k 0 =f(ID,k) kiki k i =H(H(…H(k 0 )…) secure communication using k i move k i to RAM write k i+1 =H(k i ) in NVM erase k i from NVM

6 k The time consuming part ID, i k 0 =f(ID,k) kiki k i =H(H(…H(k 0 )…) secure communication using k i move k i to RAM write k i+1 =H(k i ) in NVM erase k i from NVM

7 Implemented Solutions Repeated application of H Hashing trees, even patented.

8 Issues Repeated application of H: The system slows down with time. Hashing trees: Clumsy bookkeeping and sensitive to card tearing. Most importantly: we want to quantify leakage, i.e. model leakage depending on the H we use.

9 The Alternative H(k) = a k b mod p Why? Because the terminal has an easy shortcut: H i (k) = a u k v mod p where u=(b i -1)/(b-1) mod (p) and v=b i mod (p)

10 Quick Implementation H i (k) = a u k v mod p where u=(b i -1)/(b-1) mod (p) and v=b i mod (p) Precompute C=k a 1/(b-1) Precompute D=1/a H i (k) = DC v mod p

11 Variants H(k) = {ak b mod 3, ak b mod 5,…, ak b mod p i } Advantage: Word operations instead of long-integer arithmetic. Note that different a and b values could be used for different coordinates. However, as will be seen later, this is less secure wrt side channel leakage as each coordinate can be an independent target to side channel analysis.

12 Before We Proceed We do not claim the invention of these PRNGs! The main contribution of this work is : -Stress that one can capitalize on the shortcut offered by their arithmetic properties to very simply implement key- evolving smart-card based protocols. -Analyze the resilience of these generators to leakage of a piece of the key.

13 Realistic Assumptions a, k and p can be arbitrary and secret. No penalty. b would typically be of moderate size because of the burden of exponentiation on the cards size. Hence, we should reasonably assume that b is public.

14 Leakage Model At each iteration some bits of ax b mod p and x leak. Question: Under which assumptions can we infer k? Advantage of looking at the problem from this angle: we have algebraic tools to analyze multivariate modular equations. The variables in question are the chunks of ax b that the side channel does not provide at each session.

15 H(x) = x 2 mod n This is the BBS generator. If less than log log n bits leak at each step then this is secure under the factoring assumption even when n is known to the attacker. If n is known to the attacker and each operation leaks more bits of x, then x can be inferred. Analysis of more in two slides. If leakage is in between or n unknown: open problem.

16 H(x) = x 2 mod p See Gomez, Gutierrez and Ibeas for known p. If ¾ of x leak than x is revealed. (Same performance as brutal linearization). But we can do better. Consider the equation (A+x) 2 =B+y mod p Here A and B is what leaks via side channel. Denote this equation E Gomez, Gutierrez and Ibeas Cryptanalysis of the quadratic generator

17 Consider all the equations of the type x i E j which are verified modulo n j with i+2j 2d This gives a constraint of the order of n to the power of the sum of the j for i+2j 2d, which equals d(d+1)(2d+1)/6 The degrees of freedom on all linerarized variables is of the order n to the power the sum of the (i+j) for i+2j d, which gives d(d+1)^2 We hence get a size ratio < the quotient of these two sizes, which simplfies into (2d+1)/6/(d+1). This quantity tends to 1/3 when d.

18 If H(x)=x e mod n, the constraints are sont i+ej ed. We get the same contraintes with more freedom i.e. d(d+1)(6+e+e^2+2de+2de^2). The factorized ratio is then 2(2d+1)/(6+e+e^2+2de+2de^2) This tends 2/(e^2+e) when d tends to infinity. As e increases the attackers handicap increases very quickly.

19 H(x) = x+P on an ECC See Gutierrez and Ibeas for known p. If 5/6 of x leak than x is revealed. For unknown P or unknown ECC: open problem. Same techniques should normally apply but we did not check in detail. Gutierrez and Ibeas, « inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits » H(x) = 2x on an ECC

20 Practical Recommendations H(k) = a k b mod n Use unknown a, unknown composite n and b=8. a and k should be of the size of n. Use only ¼ of the bits of H(k) as key material. Use one bit out of four in H(k) as key material.

21 Quick Implementation Let C=f(1,ID,MasterKey)=k a 1/7 Let D=f(2,ID,MasterKey)=1/a Solve and personalize k and a in the card The terminal uses the shortcut formula: H i (k) = DC v mod n where v=8 i mod (n)

22 k A Possible Implementation ID, i C=f(1,ID,k) kiki k i =DC v mod n secure communication using k i move k i to RAM write k i+1 =ak i 8 in NVM erase k i from NVM D=f(2,ID,k) v=8 i mod (n)

23 An Ideal Power Attack Countermeasure (in 3 slides) Jean-Max Dutertre, Amir Pasha Mirbaha, David Naccache, Assia Tria

24 Idea Power the µP from a photovoltaic panel facing a powerful LED Vss Vcc VccµP IO CLK RST

25 Constructing the Device We are currently ordering a photovoltaic panel about the size of a smart card and an OLED panel about the same size. Step 1: Place both panels face-to-face, have the OLED glow to its maximal capacity and check that the derived power allows to power the µP. LEDPV Panel

26 Step 2: Characterize the energy transfer-rate as function of resistor value. Step 3: Construct a generic power attack isolation board Vss Vcc VccµP IO CLK RST Constructing the Device

27 For More on PV Physics

28 Cant Do Less David Naccache, Christof Paar, Florian Praden

29 Investors deal with two questions -How to get funds? Logistics -How to spend funds rationally? Tactics & Strategy Here we address the second.

30 The Subleq Machine Subleq is a Turing-complete machine having only one instruction. subleq a b c *(b)=*(b)-*(a) if the result is negative or zero, go to c else execute the next instruction.

31 The Subleq Machine Since subleq has only three arguments and since there is no confusion of instructions possible (there is only one!), a subleq code can be regarded as a sequence of triples. a 1 b 1 c 1 a 2 b 2 c 2 a 3 b 3 c 3 :

32 …interleaved with data Since data can be embedded in the code, the sequence of triples can be interleaved with data. For instance: a 1 b 1 c 1 data 1 data 2 a 2 b 2 c 2 data 3 a 3 b 3 c 3 :

33 How does it work? *b = *b-*a; if (*b 0) program_counter = c; else program_counter = program_counter+3;

34 Genealogy Subleq is an OISC (One Instruction Set Computer) which comes from the Minsky machine concept. The Minsky machine is a register machine with only two instructions: increment and decrement-and- branch.

35 Allowing for comfort Memory is loaded with instructions and data altogether (no distinction). Hence the code can potentially self-modify and consider that any cell is a, b or c. We can pre-store constants (like 0,1 etc) e.g. we devote a cell called Z to contain zero, N to contain -1

36 What does this do? subleq Z Z c

37 JMP c subleq Z Z c

38 What does this do? subleq a a $+1

39 CLR a subleq a a $+1

40 What does this do? CLR b subleq a Z $+1 subleq Z b $+1 CLR Z

41 MOV a b subleq b b $+1*b=0 subleq a Z $+1Z=-*a subleq Z b $+1*b=0-(-*a)=*a subleq Z Z $+1 Z=0

42 What does this do? subleq a Z $+1 subleq b Z $+1 CLR c subleq Z c $+1 CLR Z

43 ADD a b c subleq a Z $+1Z=0-*a subleq b Z $+1 Z=-*a-*b subleq c c $+1*c=*c-*c=0 subleq Z c $+1*c=0+*a+*b sublez Z Z $+1Z=0

44 What does this do? CLR t CLR s subleq a t $+1 subleq b s $+1 subleq s t $+1 CLR c CLR s subleq t s $+1 subleq s c $+1

45 SUB a b c subleq t t $+1*t=0 subleq s s $+1 *s=0 subleq a t $+1*t=-*a subleq b s $+1s=-*b subleq s t $+1t=-*a+*b subleq c c $+1*c=0 subleq s s $+1*s=0 subleq t s $+1*s=0-(-*a+*b)=*a-*b subleq s c $+1*c=0-(*a-*b)=*b-*a

46 What does this do? CLR t subleq a t $+1 CLR s subleq t s $+1 subleq b s c

47 BLE a b c subleq t t $+1t=0 subleq a t $+1 *t=-*a subleq s s $+1*s=0 subleq t s $+1*s=*a subleq b s c*s=*a-*b if *a-*b 0 goto c

48 What does this do? CLR t subleq a t $+1 CLR s subleq b s $+1 subleq s t $+1 subleq N t c

49 BHI a b c subleq t t $+1*t=0 subleq a t $+1 *t=-*a subleq s s $+1*s=0 subleq b s $+1*s=-*b subleq s t $+1 *t=-*a+*b subleq N t c*t=-*a+*b-(-1) if *b-*a+1 0 goto c

50 What have we got so far? JMP agoto a MOV a b *b=*a SUB a b c*c=*b-*a ADD a b c*c=*b+*a BHI a b c if *b-*a+1 0 goto c if *b<*b+1 *a goto c if *b<*a goto c if *a>*b goto c BLE a b cif *a-*b 0 goto c if *a *b goto c CLR a*a=0

51 What does this do? CLR u;v;w MOV b v subleq N w $+1 subleq u u $+1 subleq a u$+1 CLR c subleq u c $+1 subleq w v $+4 subleq Z Z $-8

52 What does this do? CLR u;v;w*u=*v=*w=0 MOV b v*v=*b subleq N w $+1*w=0-(-1)=1 subleq u u $+1 *u=0 subleq a u$+1*u=-*a CLR c*c=0 subleq u c $+1 subleq w v $+4 subleq Z Z $-8

53 What does this do? *v=*b *w=0-(-1)=1 *u=-*a *c=0 subleq u c $+1 subleq w v $+4 subleq Z Z $-8

54 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1 subleq w v $+4 subleq Z Z $-8

55 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c-*u=*c+*a subleq w v $+4 subleq Z Z $-8

56 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v=*v-*w if… subleq Z Z $-8

57 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v=*v-1 if… subleq Z Z $-8

58 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v-- if… subleq Z Z $-8

59 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v--; if(*v 0) subleq Z Z $-8

60 What does this do? *v=*b *w=1 *u=-*a *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v--; if(*v 0) subleq Z Z $-8else

61 What does this do? *v=*b *w=1 *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v--; if(*v 0) subleq Z Z $-8else

62 What does this do? *v=*b *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v--; if(*v 0) subleq Z Z $-8else

63 What does this do? *v=*b *c=0 subleq u c $+1*c=*c+*a subleq w v $+4*v--; if(*v 0) subleq Z Z $-8else

64 What does this do? *v=*b *c=0 *c=*c+*a *v--; if(*v 0) else

65 MUL a b c *v=*b *c=0 *c=*c+*a *v--; if(*v 0) else

66 MUL a b c *v=*b *c=0 *c=*c+*a *v--; if(*v 0) else

67 MUL a b c *v=*b *c=0 *c=*c+*a *v--; if(*v 0) else

68 What does this do? MOVa L1 data Z L1: data Z

69 BRX a MOVa L1 *L1=*a data Z L1: data Z

70 What does this do? subleq b Z L1 subleq Z Z L2 L1subleq Z Z $+1 subleq Z b c L2subleq Z Z $+1

71 BEQ b c subleq b Z L1Z=-*b if Z 0 subleq Z Z L2else reset Z L1subleq Z Z $+1reset Z subleq Z b c*b=*b-0 if *b 0 L2subleq Z Z $+1 c

72 What does this do? MOV b v MOV a w CLR c subleq N c $+1 subleq w v $+4 subleq Z Z $-8

73 What does this do? MOV b v*v=*b MOV a w*w=*a CLR c*c=0 subleq N c $+1*c=*c-(-1) subleq w v $+4 subleq Z Z $-8

74 What does this do? MOV b v*v=*b MOV a w*w=*a CLR c*c=0 subleq N c $+1*c++ subleq w v $+4*v=*v-*w if(*v 0) subleq Z Z $-8else

75 What does this do? MOV b v*v=*b MOV a w*w=*a CLR c*c=0 subleq N c $+1*c++ subleq w v $+4*v=*v-*w if(*v 0) subleq Z Z $-8else

76 What does this do? *v=*b *w=*a *c=0 *c++ *v=*v-*w if(*v 0) else

77 DIV a b c *v=*b *c=0 *c++ *v=*v-*a if(*v 0) else

78 DIV a b c *v=*b *c=0 *c++ *v=*v-*a if(*v 0) else

79 DIV a b c *v=*b *c=0 *c++ *v=*v-*a if(*v 0) else

80 What else do we need? Boolean operations such as AND, XOR. Assuming that we have AND, we can design the XOR:

81 Where is all this going? The machine can do everything a smartcard can do. Still, its execution is hyper-regular. Eliminates instruction-dependent leakage. Only leakage is data-dependent.

82 Where is all this going? A reductionist approach. Push all security issues into the subleq machine. If the subleq machine is side-channel resistant then no matter what algorithm we implement on it, the implementation is side-channel resistant!

83 Where is all this going? But any algorithm can be coded on the machine. Hence it suffices to concentrate all effort on protecting the machine. But the machine is very simple, hence (conceivably!) much easier to secure than an AES or RSA coprocessor.

84 Hardware Architecture RAM We assume that we have a RAM initialized with the code. Read[i] M[i]

85 Hardware Architecture RAM We assume that we have a RAM initialized with the code. Read[i+1] M[i+1]

86 Hardware Architecture RAM We assume that we have a RAM initialized with the code. Read[i+2] M[i+2]

87 Hardware Architecture RAM We assume that we have a RAM initialized with the code. Write[i+1] M[i+1]-M[i]

88 Hardware Architecture RAM We assume that we have a RAM initialized with the code. Write[i+1] M[i+1]-M[i]

89 What Have We Done? Implemented the machine in FPGA (600 CLBs), wrote a compiler. Circa 7 subleqs per 8-bit assembler instruction. But the machine is so simple that clock can be very fast. Explored variants: SUBXORLEQ, SUBLEQXOR, SUBANDLEQ, etc. Paper underway (soon on ePrint).


Download ppt "U n u s u a l Side Channel Countermeasure Ideas (that lend themselves to some form of provability)"

Similar presentations


Ads by Google