Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Information Security 6 Side Channel Attacks

Similar presentations


Presentation on theme: "Advanced Information Security 6 Side Channel Attacks"— Presentation transcript:

1 Advanced Information Security 6 Side Channel Attacks
Dr. Turki F. Al-Somani 2017

2 Module Outlines Introduction to Side Channel Attacks
Simple Analysis Attacks. Differential Analysis Attacks. Types of Side Channel Attacks Power Analysis Attacks Simple Power Analysis Attacks Differential Power Analysis Attacks. Countermeasures Summary

3 Introduction Security Against Side Channel Attacks
Magnetic field Operation dependent Data-and-operation dependent Fault Data-dependent Power Consumed Operation dependent Data-and-operation dependent Execution time Data-and-operation dependent Every computing device acts also as a source of additional information called side channel leak information There are many side channel attacks in the literature

4 Introduction (Contd.) Side Channel Attack (SCA)
Simple: a single observation Differential: several observations used together with statistical tools.

5 Examples of Side Channel Attacks
Time Attack Power Analysis Attacks Electromagnetic Radiations Fault-Based (induced errors) Processor-Flag (overflow or carry flag) Hamming weight Thermal Analysis

6 Simple Power Analysis Attacks
Security Against Side Channel Attacks (a) Power consumption trace of ECC scalar multiplication. (b) Power consumption trace of ECC point doubling operation.

7 Differential Power Analysis Attacks

8 Types of DPA Attacks Refined Power Analysis (RPA) attacks:
Exploits a special point with zero-value such as (0, y) or (x, 0). Zero-value Point Attack (ZPA): A generalization of RPA where it exploits any zero- value auxiliary register. Doubling Attack (DA): Based on detecting when the same operation is performed on the same operands.

9 Types of DPA Attacks Address-bit DPA (ABDPA):
Based on the idea that accessing the same location is correlated to the scalar bit value. Projective Coordinates Leak (PCL): Based on knowing the projective representation of a point obtained using a particular projective coordinate system. More ..

10 ECC Scalar Multiplication

11 SPA Countermeasures

12 DPA Countermeasures Randomization of the of the private exponent:
Each execution of the algorithm Select a random No. and multiply it by the total No. of EC points (point at infinity O). Add the result to d to have d’ Compute new Q multiplying d’ by P

13 DPA Countermeasures (Contd.)
Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

14 DPA Countermeasures (Contd.)
Blind the point P: Add a secret random point R S= dR New Q will be computed by d( R + P ) Subtract S= dR to get dP

15 Countermeasures – Cont.
Randomized projective coordinates: For new execution or also after each point addition and doubling

16 PhD Thesis .. (2006)

17 Timing Attacks Paper (2006)

18 Power Analysis Attacks Paper (2008)

19 Survey Paper (2012)

20 Survey Paper (2012)

21 Another Survey Paper (2012)

22 Another Survey Paper (2012)

23 Buffer Paper .. (2013)

24 Patents Patents: Patent Applications:
Hilal Hussain and Turki F. Al-Somani, Method for Efficiently Protecting Elliptic Curve Cryptography against Simple Power Attacks, U.S. 9,565,017 B2, 2017. Turki F. Al-Somani and Hilal Hussain, Method and apparatus for scalar multiplication secure against differential power attacks, US 9,419,789 B2, Turki F. Al-Somani, System and Method for Securing Scalar Multiplication against Simple Power Attacks, US 8,861,721 B2, 2014. Turki F. Al-Somani, System and Method for Securing Scalar Multiplication aganist Differential Power Attacks US 8,804,952 B2, 2014. Patent Applications: Turki F. Al-Somani and Hilal Hussain, Method and Apparatus For Scalar Multiplication Secure against Differential Power Attacks, U.S. Patent Application No , 2016. Turki F. Al-Somani, Method for Securing Scalar Multiplication against Power Analysis Attacks using Reference Points, U.S. Application No ,

25 KACST Project .. UQU’s SCA Kit 2017

26 Summary Resistance against DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far. To protect against the doubling attack, the projective coordinates should be randomized or a random field isomorphism should be used, while to protect against RPA and ZVP attacks, the base point P or the scalar multiplier k should be randomized. Hence, to protect against all these recent DPA attacks, randomizing the scalar multiplier and randomizing the projective coordinates, for instance, can be applied together.

27 Thanks & Good Luck Dr. Turki F. Al-Somani 2017


Download ppt "Advanced Information Security 6 Side Channel Attacks"

Similar presentations


Ads by Google