Sandrine AGAGLIATE, FTFC 2003 1 Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.

Slides:



Advertisements
Similar presentations
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
Advertisements

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
A Fast Data Protection Technique for Mobile Agents to Avoid Attacks in Malicious Hosts Jesús Arturo Pérez Díaz Darío Álvarez Gutiérrez Department of Informatics.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.
White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
History Applications Attacks Advantages & Disadvantages Conclusion.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
Torturing OpenSSL Todd Austin University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation)
ASYMMETRIC CIPHERS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Security as a New Dimension in Embedded System Design Presented by : Vivek Srikantan Authors: Paul Kocher Ruby Lee Gary McGraw Anand Raghunathan Srivaths.
CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.
Random Encryption Program Patrick Lowe EKU - Department of Technology CEN.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Network Security Section 1: Introduction to security.
H.M.Gamaarachchi (E/10/102) P.B.H.B.B.Ganegoda (E/10/104)
New Block Cipher for Ultra-Compact Hardware   BeeM みかか A. Satoh K. Aoki.
Smart card security Nora Dabbous Security Technologies Department.
Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Public-Key Encryption
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep.
Lecture 2: Introduction to Cryptography
Enhanced Doublng Attacks on Signed-All-Bits Set Recoding 1 Graduate School of Information Management and Security, Korea University, Korea
Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.
DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.
Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
Elliptic Curve Cryptography
Cryptography and Network Security
Potential vulnerabilities of IPsec-based VPN
Future Cryptography: Standards Are Not Enough Tomáš Rosa Decros-ICZ, CTU FEE
CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.
M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter formerly: (Manchester, UK)
KEYNOTE OF THE FUTURE 2: EMMA McLARNON CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.
Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.
Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.
Public-Key encryption structure First publicly proposed by Diffie and Hellman in 1976First publicly proposed by Diffie and Hellman in 1976 Based on mathematical.
In The Name of Allah Fault attacks on ECC
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Embedded system security
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.
Overview on Hardware Security
Advanced Information Security 6 Side Channel Attacks
Survey of Crypto CoProcessor Design
Efficient CRT-Based RSA Cryptosystems
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Presentation transcript:

Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès Communications

Sandrine AGAGLIATE, FTFC The Problem A secret is hidden into a chip  Ex: Digital Signature… How to find the secret? Which protection against these attacks?

Sandrine AGAGLIATE, FTFC Side Channel Attacks Use leak of information  Power consumption  Electromagnetic radiation  Fault provocation  Computation time

Sandrine AGAGLIATE, FTFC Chip consumption

Sandrine AGAGLIATE, FTFC x Known bit XOR XOR gate consumption

Sandrine AGAGLIATE, FTFC Methods SPA = Simple Power Analysis DPA = Differential Power Analysis …

Sandrine AGAGLIATE, FTFC Counter measures Hardware  Timer  Bus encryption  … Software  Algorithms Constant timing Random Execution

Sandrine AGAGLIATE, FTFC Elliptic Curve Cryptosystems For digital signature Use the computation of Q=k.P k=private key P=data Advantages  small key, small signature size  high security P1 P2 P3=P1+P2

Sandrine AGAGLIATE, FTFC Random Execution Variables blinding  private key k  base point P Randomization of computation algorithm

Sandrine AGAGLIATE, FTFC Ternary techniques: optimisation k i  { -1, 0, 1 } 1111 = = = Q := 0 for i:=max down to 0 Q:=2Q if k i =1 then Q:=Q+P if k i =-1 then Q:=Q-P Result Q=k.P

Sandrine AGAGLIATE, FTFC Binary transducer  ternary 1 : : 0 0 : : : :

Sandrine AGAGLIATE, FTFC Sub-optimal alternate automaton 1 : : 0 0 : : : -1

Sandrine AGAGLIATE, FTFC : : 0 0 : 0 1 / p 0 / q 0 : : 0 –1 / r 1 : : 1 -1 / 1 - p 0 : -1 / 1 - q Randomized automaton 1 : -11 / 1 -r

Sandrine AGAGLIATE, FTFC Performances 2,2%2,1%Gain / previous work without DPA countermeasures 10,6%10,7%Loss / first automaton Key size

Sandrine AGAGLIATE, FTFC Conclusion Power Analysis can reveal secrets Solution: to interfere with power consumption  Ex: random execution Cost : computation speed, memory…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.