Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2014 | Buch

Evaluation of ASIC Implementation of Physical Random Number Generators Using RS Latches Kapitel lesen Erstes Kapitel lesen

Smart Card Research and Advanced Applications

12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers

herausgegeben von: Aurélien Francillon, Pankaj Rohatgi

Verlag: Springer International Publishing

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book constitutes the thoroughly refereed post-conference proceedings of the 12th International Conference on Smart Card Research and Advanced Applications, CARDIS 2013, held in Berlin, Germany, in November 2013. The 17 revised full papers presented in this book were carefully reviewed and selected from 47 submissions. The papers are organized in topical sections on security technologies; attacks on masking; side channel attacks; software and protocol analysis; side channel countermeasures; and side channel and fault attacks.

Inhaltsverzeichnis

Frontmatter

Security Technologies - Session Chair: Benedikt Gierlichs

Frontmatter
Evaluation of ASIC Implementation of Physical Random Number Generators Using RS Latches
Abstract
Embedded devices such as smart cards and smart phones are used for secure systems, for example automated banking machines and electronic money. The security of an embedded device depends strongly on secret information; cryptographic keys, nonces for authentication or seeds for a pseudo random number generator, which is generated by a Physical True Random Number Generator (PTRNG). If a PTRNG generates random numbers with a low entropy, the security of the embedded device has a vulnerability because secret information may be predictable by attackers due to the low entropy. Hence PTRNGs are required to provide high-quality physical random numbers even in an undesirable environment, that is, low/high temperature or supply voltage. PTRNGs also must be small-scale and consume low power due to the limited hardware resources in embedded devices.
In this paper, we fabricate and evaluate 39 PTRNGs using RS Latches on 0.18\(\,\upmu \) m ASICs. Physical random numbers were generated from the exclusive-OR of 256 RS latches’ outputs. Our PTRNGs passed the SP800-90B Health Tests and the AIS31 Tests while changing both temperature (from \(-20\,^\circ \mathrm{C}\) to \(60\,^\circ \)C) and voltage (1.80 V \(\,\pm 10\,\%\)), and thus, we were able to confirm that our PTRNGs have high-robustness against environmental stress. The power consumption and circuit scale of our PTRNG are 0.27 mW and 984.5 gates, respectively. Our PTRNG using RS latches is small enough to be implemented on embedded devices.
Hirotaka Kokubo, Dai Yamamoto, Masahiko Takenaka, Kouichi Itoh, Naoya Torii
From New Technologies to New Solutions
Exploiting FRAM Memories to Enhance Physical Security
Abstract
Ferroelectric RAM (FRAM) is a promising non-volatile memory technology that is now available in low-end microcontrollers. Its main advantages over Flash memories are faster write performances and much larger tolerated number of write/erase cycles. These properties are profitable for the efficient implementation of side-channel countermeasures exploiting pre-computations. In this paper, we illustrate the interest of FRAM-based microcontrollers for physically secure cryptographic hardware with two case studies. First we consider a recent shuffling scheme for the AES algorithm, exploiting randomized program memories. We exhibit significant performance gains over previous results in an Atmel microcontroller, thanks to the fine-grained programmability of FRAM. Next and most importantly, we propose the first working implementation of the “masking with randomized look-up table” countermeasure, applied to reduced versions of the block cipher LED. This implementation provides unconditional security against side-channel attacks (of all orders!) under the assumption that pre-computations can be performed without leakage. It also provides high security levels in cases where this assumption is relaxed (e.g. for context or performance reasons).
Stéphanie Kerckhof, François-Xavier Standaert, Eric Peeters

Attacks on Masking - Session Chair: Michael Hutter

Frontmatter
Low Entropy Masking Schemes, Revisited
Abstract
Low Entropy Masking Schemes (LEMS) are a recent countermeasure against side-channel attacks. They aim at reducing the randomness requirements of masking schemes under certain (adversarial and implementation) conditions. Previous works have put forward the interest of this approach when such conditions are met. We complement these investigations by analyzing LEMS against adversaries and implementations that deviate from their expected behavior, in a realistic manner. Our conclusions are contrasted: they confirm the theoretical interest of the countermeasure, while suggesting that its exploitation in actual products may be risky, because of hard(er) to control hardware assumptions.
Vincent Grosso, François-Xavier Standaert, Emmanuel Prouff
On the Vulnerability of Low Entropy Masking Schemes
Abstract
Low Entropy Masking Schemes (LEMS) have been proposed to offer a reasonable tradeoff between the good protection against side-channel attacks offered by masking countermeasures and the high overhead that results from their implementation. Besides the limited analysis done in the original proposals of LEMS, their specific leakage characteristics have not yet been analyzed. This work explores the leakage behavior of these countermeasures and shows two different methods how the leakage can be exploited, even by generic univariate attacks. In particular, an attack that exploits specific properties of RSM for AES as well as a more generic attack making very little assumptions about the underlying LEMS are introduced. All attacks are practically verified by applying them to publicly available leakage samples of the RSM countermeasure.
Xin Ye, Thomas Eisenbarth
A Machine Learning Approach Against a Masked AES
Abstract
Side-channel attacks challenge the security of cryptographic devices. One of the widespread countermeasures against these attacks is the masking approach. In 2012, Nassar et al. [21] presented a new lightweight (low-cost) Boolean masking countermeasure to protect the implementation of the AES block-cipher. This masking scheme represents the target algorithm of the DPAContest V4 [30]. In this article, we present the first machine learning attack against a masking countermeasure, using the dataset of the DPAContest V4. We succeeded to extract each targeted byte of the key of the masked AES with \(26\) traces during the attacking phase. This number of traces represents roughly twice the number of traces needed compared to an unmasked AES on the same cryptographic device. Finally, we compared our proposal to a stochastic attack and to a strategy based on template attack. We showed that an attack based on a machine learning model reduces the number of traces required during the attacking step with a factor two and four compared respectively to template attack and to stochastic attack when analyzing the same leakage information. A new strategy based on stochastic attack reduces this number to 27.8 traces (in average) during the attack but requires a larger execution time in our setting than a learning model.
Liran Lerman, Stephane Fernandes Medeiros, Gianluca Bontempi, Olivier Markowitch

Side Channel Attacks - Session Chair: François-Xavier Standaert

Frontmatter
Clustering Algorithms for Non-profiled Single-Execution Attacks on Exponentiations
Abstract
Most implementations of public key cryptography employ exponentiation algorithms. Side-channel attacks on secret exponents are typically bound to the leakage of single executions due to cryptographic protocols or side-channel countermeasures such as blinding. We propose for the first time, to use a well-established class of algorithms, i.e. unsupervised cluster classification algorithms such as the k-means algorithm to attack cryptographic exponentiations and recover secret exponents without any prior profiling, manual tuning or leakage models. Not requiring profiling is of significant advantage to attackers, as are well-established algorithms. The proposed non-profiled single-execution attack is able to exploit any available single-execution leakage and provides a straight-forward option to combine simultaneous measurements to increase the available leakage. We present empirical results from attacking an FPGA-based elliptic curve scalar multiplication using the \(k\)-means clustering algorithm and successfully exploit location-based leakage from high-resolution electromagnetic field measurements to achieve a low remaining brute-force complexity of the secret exponent. A simulated multi-channel measurement even enables an error-free recovery of the exponent.
Johann Heyszl, Andreas Ibing, Stefan Mangard, Fabrizio De Santis, Georg Sigl
Optimization of Power Analysis Using Neural Network
Abstract
In power analysis, many different statistical methods and power consumption models are used to obtain the value of a secret key from the power traces measured. An interesting method of power analysis based on multi-layer perceptron was presented in [1] claiming a \(90\,\%\) success rate. The theoretical and empirical success rates were determined to be \(80\,\%\) and \(85\,\%\), respectively, which is not sufficient enough. In the paper, we propose and realize an optimization of this power analysis method which improves the success rate to almost \(100\,\%\). The optimization is based on preprocessing the measured power traces using the calculation of the average trace and the subsequent calculation of the difference power traces. In this way, the prepared power patterns were used for neural network training and of course during the attack. This optimization is computationally undemanding compared to other methods of preprocessing usually applied in power analysis, and has a great impact on classification results. In the paper, we compare the results of the optimized method with the original implementation. We highlight positive and also some negative impacts of the optimization on classification results.
Zdenek Martinasek, Jan Hajny, Lukas Malina
Time-Frequency Analysis for Second-Order Attacks
Abstract
Second-order side-channel attacks are used to break first-order masking protections. A practical reason which often limits the efficiency of second-order attacks is the temporal localisation of the leaking samples. Several pairs of leakage samples must be combined which means high computational power. For second-order attacks, the computational complexity is quadratic. At CHES ’04, Waddle and Wagner introduced attacks with complexity \(\mathcal {O}(n \log _2 n)\) on traces collected from a hardware cryptographic implementation, where \(n\) is the window size, by working on traces auto-correlation. Nonetheless, the two samples must belong to the same window which is (normally) not the case for software implementations. In this article, we introduce preprocessing tools that improve the efficiency of bi-variate attacks (while keeping a complexity of \(\mathcal {O}(n \log _2 n)\)), even if the two samples that leak are far away one from the other (as in software). We put forward two main improvements. Firstly, we introduce a method to avoid losing the phase information. Next, we empirically notice that keeping the analysis in the frequency domain can be beneficial for the attack. We apply these attacks in practice on real measurements, publicly available under the DPA Contest v4, to evaluate the proposed techniques. An attack using a window as large as 4000 points is able to reveal the key in only 3000 traces.
Pierre Belgarric, Shivam Bhasin, Nicolas Bruneau, Jean-Luc Danger, Nicolas Debande, Sylvain Guilley, Annelie Heuser, Zakaria Najm, Olivier Rioul

Software and Protocol Analysis - Session Chair: Lex Schoonen

Frontmatter
Vulnerability Analysis of a Commercial .NET Smart Card
Abstract
In this paper we discuss the operating system security measures of a commercial .NET smart card for mitigating risks of malicious smart card applications. We also investigate how these security measures relate to the card resident binary by analysing its proprietary file format to develop a new vulnerability research tool for .NET card applications. This tool enables us to modify compiled card applications for creating vulnerability research test cases. We then present the details of the vulnerabilities in the target .NET virtual machine (VM) which have been discovered using this tool. The vulnerabilities relate to potential misuse of administrator privileges, therefore, we conclude with recommending countermeasures to be implemented in the card manager application and .NET VM to fix those vulnerabilities.
Behrang Fouladi, Konstantinos Markantonakis, Keith Mayes
Manipulating the Frame Information with an Underflow Attack
Abstract
This paper presents an underflow attack performed on Java Card platforms. This underflow is based on the dup_x instruction that can be used in order to read and modify the current context of execution of the attacker’s application. We first detail the theoretical and practical attack path by describing the method that can be used to characterize the platform and exploit the obtained information. Secondly, we show how it is possible to set up this underflow attack in a way that makes it bypass the current concept of Byte Code Verifier. Finally, we describe some countermeasures that can be implemented to prevent this kind of attack.
Emilie Faugeron
Formal Security Analysis and Improvement of a Hash-Based NFC M-Coupon Protocol
Abstract
Near field communication (NFC) is a Radio Frequency (RF) technology that allows data to be exchanged between devices that are in close proximity. We formally analyse a hash based NFC mobile coupon protocol using formal methods (Casper/FDR2). We discover a few possible attacks which break the requirements of the protocol. We propose solutions to address these attacks based on two different threat models. In addition, we illustrate the modelling from the perspective of the underlying theory perspective, which is beyond the knowledge required for modelling using CasperFDR tool (black-box approach). Therefore, this paper is a facilitating case study for a “black-box” CasperFDR user to become a more powerful analyser.
Ali Alshehri, Steve Schneider

Side Channel Countermeasures - Session Chair: Svetla Nikova

Frontmatter
Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves
Abstract
This paper deals with the protection of elliptic curve scalar multiplications against side-channel analysis by using the atomicity principle. Unlike other atomic patterns, we investigate new formulæ with same cost for both doubling and addition. This choice is particularly well suited to evaluate double scalar multiplications with the Straus-Shamir trick. Thus, in situations where this trick is used to evaluate single scalar multiplications our pattern allows an average improvement of \(40\,\%\) when compared with the most efficient atomic scalar multiplication published so far. Surprisingly, in other cases our choice remains very efficient. Besides, we also point out a security threat when the curve parameter \(a\) is null and propose an even more efficient pattern in this case.
Franck Rondepierre
Efficient and First-Order DPA Resistant Implementations of Keccak
Abstract
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against side-channel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak in the sense that the latter did not achieve uniformity of shares. In our proposals we do achieve uniformity at the cost of an extra share in a four-share version or at the cost of injecting a small number of fresh random bits for each computed round. The proposed implementations are efficient and provably secure against first-order side-channel attacks.
Begül Bilgin, Joan Daemen, Ventzislav Nikov, Svetla Nikova, Vincent Rijmen, Gilles Van Assche
Practical Analysis of RSA Countermeasures Against Side-Channel Electromagnetic Attacks
Abstract
This paper analyzes the robustness of RSA countermeasures against electromagnetic analysis and collision attacks. The proposed RSA cryptosystem uses residue number systems (RNS) for fast executions of the modular calculi with large numbers. The parallel architecture is protected at arithmetic and algorithmic levels by using the Montgomery Ladder and the Leak Resistant Arithmetic countermeasures. Because the architecture can leak information through control and memory executions, the hardware RNS-RSA also relies on the randomization of RAM accesses. Experimental results, obtained with and without randomization of the RNS moduli sets, suggest that the RNS-based RSA with bases randomization and secured RAM accesses is protected.
Guilherme Perin, Laurent Imbert, Lionel Torres, Philippe Maurine

Side Channel and Fault Attacks - Session Chair: Berndt Gammel

Frontmatter
The Temperature Side Channel and Heating Fault Attacks
Abstract
In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel—a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limited by the physical properties of thermal conductivity and capacitance. We further present heating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show how to recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.
Michael Hutter, Jörn-Marc Schmidt
Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection
Abstract
Fault analysis poses a serious threat to embedded security devices, especially smart cards. In particular, modeling faults and finding effective practical approaches that are also generic is considered to be of interest for smart card industry. In this work we propose a novel methodology to deal with a difficult question of choosing multiple parameters required for effective faults. To this aim, we investigate several algorithms and find a new promising direction using evolutionary computation. Our experimental results on some of the smart cards used today show the potential of this new approach. Our best algorithm is a tailored search strategy especially developed for the purpose of finding the best choice of parameters for glitching. With this approach we found some of off-the-shelf devices, although secured against this type of attacks, still vulnerable.
Rafael Boix Carpi, Stjepan Picek, Lejla Batina, Federico Menarini, Domagoj Jakobovic, Marin Golub
Efficient Template Attacks
Abstract
Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.
Omar Choudary, Markus G. Kuhn
Backmatter
Metadaten
Titel
Smart Card Research and Advanced Applications
herausgegeben von
Aurélien Francillon
Pankaj Rohatgi
Copyright-Jahr
2014
Electronic ISBN
978-3-319-08302-5
Print ISBN
978-3-319-08301-8
DOI
https://doi.org/10.1007/978-3-319-08302-5

Premium Partner

    Bildnachweise