Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Information Security 6 Side Channel Attacks

Published byAdele Griffith Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Information Security 6 Side Channel Attacks"— Presentation transcript:

1 Advanced Information Security 6 Side Channel Attacks
Dr. Turki F. Al-Somani 2017

2 Module Outlines Introduction to Side Channel Attacks
Simple Analysis Attacks. Differential Analysis Attacks. Types of Side Channel Attacks Power Analysis Attacks Simple Power Analysis Attacks Differential Power Analysis Attacks. Countermeasures Summary

3 Introduction Security Against Side Channel Attacks
Magnetic field Operation dependent Data-and-operation dependent Fault Data-dependent Power Consumed Operation dependent Data-and-operation dependent Execution time Data-and-operation dependent Every computing device acts also as a source of additional information called side channel leak information There are many side channel attacks in the literature

4 Introduction (Contd.) Side Channel Attack (SCA)
Simple: a single observation Differential: several observations used together with statistical tools.

5 Examples of Side Channel Attacks
Time Attack Power Analysis Attacks Electromagnetic Radiations Fault-Based (induced errors) Processor-Flag (overflow or carry flag) Hamming weight Thermal Analysis

6 Simple Power Analysis Attacks
Security Against Side Channel Attacks (a) Power consumption trace of ECC scalar multiplication. (b) Power consumption trace of ECC point doubling operation.

7 Differential Power Analysis Attacks

8 Types of DPA Attacks Refined Power Analysis (RPA) attacks:
Exploits a special point with zero-value such as (0, y) or (x, 0). Zero-value Point Attack (ZPA): A generalization of RPA where it exploits any zero- value auxiliary register. Doubling Attack (DA): Based on detecting when the same operation is performed on the same operands.

9 Types of DPA Attacks Address-bit DPA (ABDPA):
Based on the idea that accessing the same location is correlated to the scalar bit value. Projective Coordinates Leak (PCL): Based on knowing the projective representation of a point obtained using a particular projective coordinate system. More ..

10 ECC Scalar Multiplication

11 SPA Countermeasures

12 DPA Countermeasures Randomization of the of the private exponent:
Each execution of the algorithm Select a random No. and multiply it by the total No. of EC points (point at infinity O). Add the result to d to have d’ Compute new Q multiplying d’ by P

13 DPA Countermeasures (Contd.)
Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

14 DPA Countermeasures (Contd.)
Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

15 Countermeasures – Cont.
Randomized projective coordinates: For new execution or also after each point addition and doubling

16 PhD Thesis .. (2006)

17 Timing Attacks Paper (2006)

18 Power Analysis Attacks Paper (2008)

19 Survey Paper (2012)

20 Survey Paper (2012)

21 Another Survey Paper (2012)

22 Another Survey Paper (2012)

23 Buffer Paper .. (2013)

24 Patents Patents: Patent Applications:
Hilal Hussain and Turki F. Al-Somani, Method for Efficiently Protecting Elliptic Curve Cryptography against Simple Power Attacks, U.S. 9,565,017 B2, 2017. Turki F. Al-Somani and Hilal Hussain, Method and apparatus for scalar multiplication secure against differential power attacks, US 9,419,789 B2, Turki F. Al-Somani, System and Method for Securing Scalar Multiplication against Simple Power Attacks, US 8,861,721 B2, 2014. Turki F. Al-Somani, System and Method for Securing Scalar Multiplication aganist Differential Power Attacks US 8,804,952 B2, 2014. Patent Applications: Turki F. Al-Somani and Hilal Hussain, Method and Apparatus For Scalar Multiplication Secure against Differential Power Attacks, U.S. Patent Application No , 2016. Turki F. Al-Somani, Method for Securing Scalar Multiplication against Power Analysis Attacks using Reference Points, U.S. Application No ,

25 KACST Project .. UQU’s SCA Kit 2017

26 Summary Resistance against DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far. To protect against the doubling attack, the projective coordinates should be randomized or a random field isomorphism should be used, while to protect against RPA and ZVP attacks, the base point P or the scalar multiplier k should be randomized. Hence, to protect against all these recent DPA attacks, randomizing the scalar multiplier and randomizing the projective coordinates, for instance, can be applied together.

27 Thanks & Good Luck Dr. Turki F. Al-Somani 2017

Download ppt "Advanced Information Security 6 Side Channel Attacks"

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.

Advanced Information Security 2 SCALAR MULTIPLICATION Dr. Turki F. Al-Somani 2015.
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.

1 Ó1998 Morgan Kaufmann Publishers Chapter 4 計算機算數.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Embedded Systems Laboratory Informatics Institute Federal University of Rio Grande do Sul Porto Alegre – RS – Brazil SRC TechCon 2005 Portland, Oregon,

Embedded Systems Laboratory Informatics Institute Federal University of Rio Grande do Sul Porto Alegre – RS – Brazil SRC TechCon 2005 Portland, Oregon,
Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.

Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Side-Channel Attack: timing attack Hiroki Morimoto.

Side-Channel Attack: timing attack Hiroki Morimoto.

Similar presentations

Ads by Google