Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ali Galip Bayrak EPFL, Switzerland June 7th, 2011

Published byReynold Franklin Modified over 6 years ago

Similar presentations

Presentation on theme: "Ali Galip Bayrak EPFL, Switzerland June 7th, 2011"— Presentation transcript:

1 Ali Galip Bayrak EPFL, Switzerland June 7th, 2011
A First Step Towards Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak EPFL, Switzerland June 7th, 2011 and Francesco Regazzoni (UCL and Alari) Philip Brisk (UC Riverside, USA) François-Xavier Standaert (UCL, Belgium) Paolo Ienne (EPFL, Switzerland)

2 Side-Channel Attacks Cryptographic Algorithm Plaintext Ciphertext
(e.g., “Encrypt me”) Ciphertext (e.g., “aB14t752s”) Secret Key (e.g., “I’m unknown”) Leakage (power consumption, EM radiation, timing etc.) 2

3 Power Analysis Attacks
3

4 They are handled manually!!!
Motivation PROBLEM: They are handled manually!!! VS ATTACK! COUNTERMEASURE! Software Implementation Analyze the algorithm Determine the weaknesses Apply the countermeasure Protected Implementation 4

5 Automatic Protection Flow
5

6 Step I: Information Leakage Analysis
Normalized Mutual Information of Key and Leakage Main point: Determine the leaking parts of the software!

7 Step II: Transformation Target Identification
Local Modifications: Protect each sensitive instruction (peephole optimization). Random Precharging (used here) Global Modifications: Protect all the nodes between two sensitive nodes. Masking sbci r28,0xfd ld r25,r28:r29 movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,r28:r29 Main point: Determine the portions of the implementation that need to be protected!

8 Step III: Code Transformation
sbci r28,0xfd ld r25,r28:r29 movw r18,r26 subi r18,0x4f sbci r19,0xfd movw r28,r18 ld r30,r28:r29 sbci r28,0xfd lds r25,rnd mov r24,r25 ld r25,r28:r29 movw r18,r26 subi r18,0x4f Main point: Apply the given protection on the determined portions of the implementation!

9 Experimental Results (Security)
Advanced Encryption Standard (AES) is used. Traces are collected from board with 8-bit AVR MCU. Correlation-based DPA attack is used for attack. ρ = 0.437 ρ = 0.048 Correlation values for unprotected and protected implementations are shown. Number of necessary traces to mount a successful attack increases over 76 times. 9

10 Experimental Results (Performance)
# of clock cycles during the execution of three different implementations 4212 100% 2700 64% 1190 10

11 Conclusions Software Implementation Protected Implementation
AUTOMATIC PROTECTION Software Implementation Protected Implementation Off-the-Shelf Compiler AP Security-Aware Compiler security vs. performance vs. energy etc. 11

Download ppt "Ali Galip Bayrak EPFL, Switzerland June 7th, 2011"

Similar presentations

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April 2011 1.

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April
Code optimization: –A transformation to a program to make it run faster and/or take up less space –Optimization should be safe, preserve the meaning of.

Code optimization: –A transformation to a program to make it run faster and/or take up less space –Optimization should be safe, preserve the meaning of.
Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.

GSM Security Threats and Countermeasures Saravanan Bala Tanvir Ahmed Samuel Solomon Travis Atkison.
CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.

CryptoBlaze: 8-Bit Security Microcontroller. Quick Start Training Agenda What is CryptoBlaze? KryptoKit GF(2 m ) Multiplier Customize CryptoBlaze Attacks.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
White-Box Cryptography

White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.

Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.
Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.

Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.
Counting Stream Registers: An Efficient and Effective Snoop Filter Architecture Aanjhan Ranganathan (ETH Zurich), Ali Galip Bayrak (EPFL), Theo Kluter.

Counting Stream Registers: An Efficient and Effective Snoop Filter Architecture Aanjhan Ranganathan (ETH Zurich), Ali Galip Bayrak (EPFL), Theo Kluter.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
Accurate Emulation of Wireless Sensor Networks Hejun Wu Joint work with Qiong Luo, Pei Zheng*, Bingsheng He, and Lionel M. Ni Department of Computer Science.

Accurate Emulation of Wireless Sensor Networks Hejun Wu Joint work with Qiong Luo, Pei Zheng*, Bingsheng He, and Lionel M. Ni Department of Computer Science.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
Fault Tolerant Infective Countermeasure for AES

Fault Tolerant Infective Countermeasure for AES
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Similar presentations

Ads by Google