adishamir sca
TRANSCRIPT
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 1/50
A Top Viewof
Side Channel Attacks
Adi Shamir
Computer Science DeptThe Weizmann Institute
Israel
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 2/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 3/50
The SCA FAQ
In this part of the talk I will address some broad
questions related to side channel attacks:
Power (simple, differential, …)
EM (wires in chips, whole PC’s, …)Timing (in programs, across networks, …)Fault (power glitch, time jitter, …)
Visual (CRT’s, router LED’s, …)Acoustic (PC’s, keyboards, …)Cache (on RSA, AES, …)…
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 4/50
Are side channel attacks new?
Academic researchers started working on SCAbetween 1996-1999
Crypto as a war betweencryptographers and cryptanalysts
Sun Tzu, The Art of War: In war, avoid what isstrong and attack what is weak
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 5/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 6/50
Are side channel attacks new?Foreign embassies vs smart cards: Common themes
Externally supplied power and communication links
Vulnerable to probing with microwave radiation
EM and acoustic and eavesdropping attacks
Vulnerable to fault attacks (bribes, blackmail)
Many SCA’s invented and perfected in this environment
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 7/50
Are side channel attacks new?A few weeks ago, the NSA released the table of contents
of its top secret internal technical journal from the years 1956-1980
It covers many topics related to the design and analysis
of cryptosystems
Side channel attacks (especially tempest) is extensivelycovered
Surprisingly, there is absolutely no mention of public keycryptography in any of the titles
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 8/50
First page of the released document:
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 9/50
A typical collection of papers on cryptanalysis:
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 10/50
Did SCA’s have any impact on the
theoretical foundations of crypto?The “standard model” of cryptography:
A cryptosystem is a mathematical function
Its security is a mathematical theorem
Protocols are interacting Turing Machines
A dishonest party can do anything, but an honest partydoes ONLY what it is supposed to do
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 11/50
The difference between
theory and practice:
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 12/50
Is this model still relevant?
The standard model of cryptography is increasinglyproblematic due to the existence of SCA’s
Many scenarios today do not fit our assumptions
However, there is little theoretical analysis of SCA’sin academic research papers
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 13/50
How did SCA’s affect RSA?
A personal perspective
For 20 years I have studied the provable properties ofthe RSA function: Bit security, relationship to factoring,reductions, RSA vs Rabin, provably secure applications
RSA seemed to be very robust and well understood
In 1996: Boneh Demillo and Lipton proved that in RSA-CRT, making any single computational mistake completely
breaks the scheme by factoring the public key
This exposes the incredible fragility of cryptosystems
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 14/50
Is there a systematic approach to SCA’s?
Unfortunately, the situation is similar to airport security:
Each attack utilized a completely different approach
Each countermeasure works only against a specific attack
We have no way to predict the next attack andprotecting against all conceivable attacks is impossible
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 15/50
Is there a systematic approach to SCA’s?This is very different than the classical cryptanalyticproblem of block ciphers in which:
We do not know all the possible attacks, but the numberof completely different ideas seems to be very limited
New attacks are often only of theoretical interest
Most of the attacks can be overcome in principle by thecommon strategy of having sufficiently many rounds, andhaving large margins of safety against known attacks
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 16/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 17/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 18/50
Should we change the way we
design new cryptosystems?SCA’s even put in doubt our main construction tool:
To build a strong block cipher, compose a large numberof weak steps.
This ignores the fact that intermediate values mayleak out, and weak steps are easy to analyze
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 19/50
Should we change the way we
design new cryptosystems?Perhaps we should:
Use only large chunks of key and data (e.g., 64 bits) tomake it harder to exploit Hamming weight info and toexhaustively search for explanations for partially
exposed intermediate values
Use in a better way the inherent parallelism of modernmicroprocessors
Ask Intel to add a dedicated security coprocessor toimplement AES/RSA in its future microprocessors
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 20/50
Which SCA has a lot of untapped potential?
Timing attacks provide only a few bits of data, and are the
easiest to avoid
Probing attacks on smart cards typically record few wires
Differential power analysis ignores most of the data,looking just for differences in behavior between averages
Simple power analysis provides a huge amount of data, butwe do not currently know how to exploit it. I expect a lotof progress in this area in the next few years
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 21/50
Which area is likely to be least
affected by SCA’s?
Hash functions have no secrets
Collisions are not likely to be known by anyone
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 22/50
Which area is likely to be most
affected by SCA’s?
Quantum cryptography
Its main claim for fame is its perfect provable security
At least two attacks described so far, and others are likely:– Acoustic attack– Light pulse attack
If found, they can make this expensive and cumbersomesolution unattractive
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 23/50
What are the latest trends in SCA’s?
The original SCA attacks concentrated on small
systems such as smart cards or peripherals
There is new emphasis now on larger systems such asPC’s
There is some initial interest in tiny systems such asRFID tags
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 24/50
Example: How can we apply a lunchtime
power analysis attack to desktop PC’s ?
The attacker cannot easily cut the power cord or
open the box
A possible solution: the USB connector
It supplies both power and data to external devices
Many security programs control the USB connection
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 25/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 26/50
The spectrum of USB power
with power cutoff
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 27/50
The real-time signal of USB power at
294 KHz during OPENSSL decryption
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 28/50
Cache Attacks:A new family of side-channel attacks, developed
simultaneously in 2005/6 by:
Bernstein (basic idea, partial AES key recovery)
Percival (attack on RSA)
Osvik Shamir and Tromer (full attack on AES)
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 29/50
Cache Attacks:
Pure software attacks
Very efficient(e.g., full AES key extraction from Linux encrypted file system in65 ms; require only the ability to run code in parallel on the target
machine)
Compromise otherwise well-secured systems(e.g., VPN’s using AES)
Can be used to attack virtualized machines (e.g., j ai l (), Xen, UML, Virtual PC, VMware) using untrustedcode (e.g., ActiveX, Java applets, managed .NET,JavaScript)
N S A U S P ate nt6 ,9 22,7 7 4
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 30/50
CPU core(60% speedincreaseper year)
Main memory(7-9% latency
decrease per year)
CPU CPU cachememory
Basic cache technology
Typical latency: 50-150ns
Typical latency: 0.3ns
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 31/50
D R A M
c
a c h e
cache line
(64 bytes)
memory block
(64 bytes)
c a c h
e s e t
( 4 c a
c h e l i n e
s )
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 32/50
Measuring the effect of the encryption on
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 33/50
Measuring the effect of the encryption onthe cache:
D R A M
c
a c h e
T 0
A t t
a c
k e r
m e m
o r y
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 34/50
Programs compete for cache locations:
D R A M
c
a c h e
T 0
A t t
a c
k e r
m e m
o r y
Measurement via effect of encryption on
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 35/50
Measurement via effect of encryption oncache
D R A M
c
a c h e
T 0
A t t
a c
k e r
m e m
o r y
1. Completelyevict tables
from cache
Measurement via effect of encryption on
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 36/50
Measurement via effect of encryption oncache
D R A M
c
a c h e
T 0
A t t
a c
k e r
m e m
o r y
1. Completelyevict tables
from cache
2. Trigger asingleencryption
Measurement via effect of encryption on
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 37/50
Measurement via effect of encryption oncache
D R A M
c
a c h e
T 0
A t t
a c
k e r
m e m
o r y
1. Completelyevict tables
from cache
2. Trigger asingleencryption
3. Accessattacker memoryagain andsee whichcache setsare slow
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 38/50
Experimental example
Measuring a Linux 2.6.11 dm-crypt encrypted filesystem
with ECB AES on Athlon 64, using 30,000 samples.Horizontal axis: evicted cache setVertical axis: p[0]Brightness: encryption time (normalized)
Left: raw. Right: after subtracting cache set average.
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 39/50
Power Analysis of RFID Tags An RFID tag is a very simple computer,
usually associate with a physical object Tags communicate with a powerful reader
over a wireless link
EPC tags: passive tags, radiativelycoupled, 900MHz, read/write memory
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 40/50
Components of the EPC RFID System
T a g
The reader has a powerful antenna and anexternal power supply
The reader surrounds itself with anelectromagnetic field
The tag is illuminated by this field
Reader
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 41/50
ReaderÙ
Tag Data Exchange
T a g
The reader sends commands to the tagvia pulse amplitude modulation
The tag sends responses to the readervia backscatter modulation
Reader
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 42/50
The lab setup
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 43/50
Summary of the attack:The RF power reflected by an RFID
tag is dependent on its internal powerconsumption
This property allows power analysisattacks to be performed over adistance in a completely passive way
In the short term, it can be used toextract the kill or access passwordsof EPC tags
Cracking passwords with power
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 44/50
Cracking passwords with power
analysisWe send the password to a
secure device bit by bitThe first wrong bit is very
“exciting”Allows password to be
recovered in linear time
Existence of parasitic backscatter
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 45/50
Existence of parasitic backscatter
(1) Trace shows the signal reflected from a
Generation 1 tag during a kill command
Tag is supposed to be completely silent
Is it? Let’s zoom in…
Power Time
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 46/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 47/50
Extracting one password bit
Here, the tag is expecting “1111 1111”
Here, it is expecting “0000 0001”
In both cases, tag gets “0000
0000”
Power Time
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 48/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 49/50
7/28/2019 AdiShamir SCA
http://slidepdf.com/reader/full/adishamir-sca 50/50