Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Electrical substation wikipedia , lookup
Audio power wikipedia , lookup
Electric power system wikipedia , lookup
Alternating current wikipedia , lookup
Power engineering wikipedia , lookup
Power over Ethernet wikipedia , lookup
Earthing system wikipedia , lookup
Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009 Outline • More on side-channel attacks • Fault injection attacks • Generic attacks on cryptosystems Slides are mostly courtesy of Michael Tunstall [email protected] Simple power analysis (SPA) example SPA example (cont’d) SPA example (cont’d) • Unprotected modular exponentiation – square and multiply algorithm Possible counter measure – randomizing RSA exponentiation Statistical power analysis • Two categories – Differential power analysis (DPA) – Correlation power analysis (CPA) • Based on the relationship b/w power consumption & hamming weight of the data Modeling the power consumption • Hamming weight model – Typically measured on a bus, Y=aH(X)+b – Y: power consumption; X: data value; H: Hamming weight • The Hamming distance model – Y=aH(PX)+b – Accounting for the previous value on the bus (P) Differential power analysis (DPA) • DPA can be performed in any algo that has operation =S(K), – is known and K is the segment key The waveforms are caotured by a scope and Sent to a computer for analysis What is available after acquisition? DPA (cont’d) The bit will classify the wave wi – Hypothesis 1: bit is zero – Hypothesis 2: bit is one – A differential trace will be calculated for each bit! DPA (cont’d) DPA (cont’d) DPA -- testing DPA -- testing DPA – the wrong guess DPA (cont’d) • The DPA waveform with the highest peak will validate the hypothesis DPA curve example DPA (cont’d) Attacking a secret key algorithm Typical DPA Target Example -- DPA Example – hypothesis testing DPA (Cont’d) DPA on DES algorithm DPA on other algorithms Correlation power analysis (CPA) • The equation for generating differential waveforms replaced with correlations • Rather than attacking one bit, the attacker tries prediction of the Hamming weight of a word (H) • The correlation is computed by: Statistical PA -- countermeasures Anti-DPA countermeasures Anti-DPA • Internal clock phase shift DPA summary Electromagnetic power analysis EMA – probe design EMA signal Spatial positioning Spatial positioning Example: SEMA on RSA EMA (cont’d) Counter measures Fault injection attacks Fault attacks Fault injection techniques • Transient (provisional) and permanent (destructive) faults – Variations to supply voltage – Variations in the external clock – Temperature – White light – Laser light – X-rays and ion beams – Electromagnetic flux Need some (maybe expensive equipment) – eg, laser Fault injection steps Provisional faults • Single event upsets – Temporary flips in a cell’s logical state to a complementary state • Multiple event faults – Several simultaneous SEUs • Dose rate faults – The individual effects are negligible, but cumulative effect causes fault • Provisional faults are used more in fault injection Permanent faults • Single-event burnout faults – Caused by a parasitic thyristor being formed in the MOS power transistors • Single-event snap back faults – Caused by self-sustained current by parasitic bipolar transistors in MOS • Single-event latch-up faults – Creates a self sustained current in parasitics • Total dose rate faults – Progressive degradation of the electronic circuit Fault impacts (model) • Resetting data • Data randomization – could be misleading, no control over! • Modifying op-code – implementation dependent Fault attacks – counter measures Fault attacks – counter measures Attacks on systems using smart cards Trusted path • Normal key validation on a PC Trusted path • PIN code validation – can you come up with attacks? Are smart cards good or bad? Let’s go thru a few common scenarios A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… A few common scenarios… Example – fault attack on DES 15-th round DPA 15-th round DPA 15-th round DES