Lecture11 Dpa

7/23/2019 Lecture11 Dpa

1/22

Differential Power Analysis

Paul Kocher, Joshua Jaffe, and Benjamin Jun

Cryptography Research, Inc.

presented by Italo Dacosta


2/22

Tamper resistant devices

Tamper resistant microprocessors

Store and process private or sensitive

information

The private information can not be extracted

Smart Cards

Self-contained microcontroller, with a

microprocessor, memory and a serial

interface integrated on to a single chip that

is packaged in a plastic card

Used in banking applications,

mobile phones, pay TV, etc.


3/22

Designing a secure smart card

Several people involved with different

assumptions

Algorithm designers

Protocol designers

Software developers

Hardware engineers


4/22

Algorithm designer assumption

from Introduction to Differential Power Analysis and Related Attacksby P. Kocher et al., Cryptography Research

Typically, the algorithm is evaluated in isolation

Differential cryptanalysis

Linear cryptanalysis


5/22

Reality!

from Introduction to Differential Power Analysis and Related Attacksby P. Kocher et al., Cryptography Research


6/22

Reality Side Channel Attacks

A correct implementation of a strong protocol is not

necessarily secure

Failures can be cause by:

Defective computation

D. Boneh, , and , On the importance of

checking cryptographic protocols for faults, EUROCRYPT '97

Information leaked during secret key operations

Timing information

Invasive measuring techniques

Electromagnetic emanations (i.e. TEMPEST)


7/22

Power analysis attacks

ICs are built out of invidual

transistors which consume

power

Monitoring and analysis of the

power consumption of a

device to extract the private

information stored in it.

Active, relatively cheap, non-

invasive attack


8/22

Simple Power Analysis

Focus on the use of visual inspection techniques to

identify relevant power fluctuations during

cryptographic operations

Interpretation of power traces

Power consumption measurements taken across a

cryptographic operation

Typically current used by a device over time


9/22

SPA DES tracesSPA trace showing an entire DES operation

SPA trace showing DES rounds 2 and 3


10/22

SPA DES trace showing differences in power

consumption of different microprocessor instructions

jump

no jump


11/22

SPA attack

SPA can reveal sequence of instructions executed

It can be use to break cryptographic implementations in

which the execution path depend on the data being

processed

DES key schedule

DES permutations

Comparisons

Multipliers

Exponentiators


12/22

Preventing SPA

In general, techniques to prevent SPA are

fairly simple.

Avoid procedures that use secret intermediatesor keys for conditional branching operations

Hard-wired implementations of symmetric

cryptography algorithms


13/22

Differential Power Analysis

Use of statistical analysis and error

correction techniques to extract information

correlated to secret keys

Based on the effects correlated to data

values being manipulated.

More powerful than SPA and is much more

difficult to prevent


14/22

DPA basic idea

Capture power traces T1...m[1...k] containing k samples each

Record the ciphertexts C1...m

Knowledge of plaintext is not required

DPA selection function D(C,b,Ks){0,1}

Compute k-sample differential trace D[1...k], where:


15/22

DPA against DES

DPA selection function D(C,b,Ks) is defined as: Returning the value of the DES intermediate L at the beginning of the 16th

(0


16/22

DPA traces for DES

Power reference

Correct Ks

Incorrect Ks

1000 samples


17/22

Quantitative DPA measurements

Reference power

consumption trace

Standard deviation

Differential trace

(m=104)


18/22


19/22

DPA against other algorithms

In general, DPA can be used to break any

symmetric or asymmetric algorithm

Public key algorithms (i.e. RSA)Asymmetric operations tend to produce stronger

signals leaking than symmetric ones

Reverse engineering using DPA


20/22

Preventing DPA

Reduce signals size

Introducing noise into power

consumption measurements

Designing cryptosystems with

realistic assumptions about the

underlying hardware.

Balanced HW and SW (i.e. leak tolerant design)

Incorporating randomness

Algorithm and protocol-level countermeasures


21/22

Take away

Power analysis techniques are of great concern:

multiple vulnerable devices, easy to implement, low

cost, and difficult to detect.

Systems must be designed with realistic assumptions

taking into account all the components (algorithms,

protocols, hardware, and software) and their

interactions.


22/22

Questions?

Lecture11 Dpa

Documents

Transcript of Lecture11 Dpa