"The generation of random numbers is too important to be left to chance.” 1 -- Robert R. Coveyou Oak Ridge National Laboratory

n (modulus) = product of secret primes p and q e (public key) = relatively prime to (p-1)(q-1) d (private key) = e -1 mod ((p-1)(q-1))) Encrypt c=m e mod n Decrypt m=c d mod n Eve gets ciphertext message c from Alice, wants to read it i.e., she wants to find m = c d Choose random r < n, and use Alice’s public key e x=r e mod n y=xc mod n t=r -1 mod n Note if x=r e mod n, then r=x d mod n ! Eve tricks Alice into encrypting (signing) y with her d Alice sends Eve u=y d mod n Eve then calculates tu mod n = r -1 y d mod n = r -1 x d c d mod n = c d mod n = m 2 Chosen ciphertext attack against RSA -Schneier

ECRYPT 2012 Key Length Advice 3 See

Captured One-Time Pads

Russian One-Time Pad captured by MI5 5

Don’t reuse those one-time pads! If C1=P1  K1 C2=P2  K1 C3=P3  K1 Then try C1  C2 => P1  K1  P2  K1 => P1  P2 C1  C3 => P1  K1  P3  K1 => P1  P3 C2  C3 => P2  K1  P3  K1 => P2  P3 and (P1  P2)  (P1  P3) => (P2  P3) (P1  P2)  (P2  P3) => (P1  P3) … 6

   From Rick Smith: Don’t reuse those one-time pads!

Key? What Key? Alice encrypts: P  K=>C Bob knows the key and decrypts: C  K=>P They agree on a dummy plaintext D and if they’re ever captured, they will give up the key K’=C  D If the authorities decrypt C  K’ => D 8

Case study: Heartbleed SSL Bug struct { HeartbeatMessageType type; uint16 payload_length; uchar payload [HeartbeatMessage.payload_length]; uchar padding[padding_length]; } HeartbeatMessage; 9

10

Power Analysis 11

Simple Power Analysis: `DES Parity Check DES-CheckParity(byte Key[8]) for i = 8 down to 1 parity=0; for j = 8 down to 1 if (bit j of Key[i] is set) // CONDITIONAL parity = parity+1 // OPERATION endif endfor if (parity is even) parity_error(); endfor end DES-CheckParity 12

SPA Attack on DES-Parity 13

EM History Classified TEMPEST standards. Some parts declassified Jan '01, Published work – EM Leakages from Peripherals, E.g., Monitors: Van Eck, Anderson & Kuhn. – EM Leakage from smart-cards during Computation. J.-J. Quisquater & David Samyde, E-smart 2001, Gemplus Team [GMO ’01], CHES ’01. – SEMA/DEMA attacks. Best results require "decapsulation" of chip packaging and/or precise micro-antennas positioning on chip surface

Rao et.al.’s Work` Deeper understanding of the EM leakages. – Similar to declassified TEMPEST literature. Key Insights/Results – Plenty of EM signals are available, provided you know what to look for and where. Superior signals and attacks possible without micro- antennas or decapsulation. Some attacks possible from a distance. – EM side-channel(s) >> Power side-channel EM can break DPA-resistant implementations.

EM Emanations Background Origin/Types of EM Emanations – Direct emanations from intended currents. Maxwell’s equations, Ampere’s and Faraday’s laws. – Unintentional emanations from coupling effects. Depend on physical factors, e.g., circuit geometry. Most couplings ignored by circuit designers. Manifest as modulation of carriers (e.g. clock harmonics) present/generated/introduced in device. – AM or Angle (FM/Phase) Modulation. Compromising signals available via demodulation. Propagation of EM – Radiation, Conduction, Combination of both. E.g., Faint EM signals riding on power line.

EM Capturing Equipment Antennas (Far-field) and Near-field probes Current probes. Analog processing: Filters/Amplifiers, Tunable wideband receiver or equivalent $$ Digital sampling hardware.

ICOM wideband radio receiver with IF output

MAKE YOUR OWN

EM vs. Power Sometimes, EM is the only side-channel available. – Filtered power supplies, restricted access… – E.g. Crypto Tokens, SSL Accelerators,...

Time (10ns) Amplitude EM Signal from SSL Accelerator S at 15 feet

EM vs. Power Is EM useful in the presence of power? Yes, several EM carriers: Generated, Ambient, Introduced… – Experimentally verified: Different carriers carry different information. Some EM leakages substantially different from Power leakages.

Bad Instructions Instructions where some EM leakage >> Power leakage. Typically CPU intensive rather than bus intensive. All architectures have BAD Instructions. Example: Bit-test on several 6805 based systems leaks tested bit.

EM Attack Example 2 signals, different data, same exp & modulus 24

O TESTED BIT = 0 IN BOTH TRACES

O TESTED BIT DIFFERENT

Countermeasures Require sound vulnerability assessment. Countermeasures include: – Circuit redesign to reduce unintentional emanations. – Reducing S/N ratio EM Shielding Noise introduction Physically secure zones. – Randomization based software countermeasures similar to DPA countermeasures.

28

29 Xkcd

Netscape 1.1 Seeding Process 30 RNG_CreateContext() { (seconds, microseconds) = time of day; /* Time elapsed since 1970 */ pid = process ID; ppid = parent process ID; a = mklcpr(microseconds); b = mklcpr(pid + seconds + (ppid << 12)); seed = MD5(a, b); /* seed is a global variable */ } mklcpr(x) { /* not cryptographically significant; shown for completeness */ return ((0xDEECE66D * x + 0x2BBB62DC) >> 1); } From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January 1996.

Netscape 1.1 Key Generation 31 From Goldberg and Wagner, “Randomness and the Netscape Browser”, Dr. Dobb’s, January RNG_GenerateRandomBytes() { x = MD5(seed); seed = seed + 1; return x; } global variable challenge, secret_key; create_key() { RNG_CreateContext(); tmp = RNG_GenerateRandomBytes(); challenge = RNG_GenerateRandomBytes(); secret_key = RNG_GenerateRandomBytes(); }

Jone’s RNG Rules 1.Don’t use system generators 2.Use a known good RNG you implemented 3.Properly seed the RNG 32

KISS Generator (G. Marsaglia) static unsigned int /* Seed variables */ x = , y = , z = , c = ; unsigned int KISS() { unsigned long long t, a = ULL; x = 69069*x+12345; // y never == 0! */ y ^= (y >17); y ^= (y >32); // Also avoid setting z=c=0! return x+y+(z=t); } 33