1 / 29

Marcel Medwed François-Xavier Standaert Ventzislav Nikov Martin Feldhofer

Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF. Marcel Medwed François-Xavier Standaert Ventzislav Nikov Martin Feldhofer. Outline. SCA Intro Motivation Construction & Effects Analysis Conclusions. SCA Intro.

charlielopez
Download Presentation

Marcel Medwed François-Xavier Standaert Ventzislav Nikov Martin Feldhofer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unknown Input Attacks in the Parallel SettingImproving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav Nikov Martin Feldhofer

  2. Outline • SCA Intro • Motivation • Construction & Effects • Analysis • Conclusions AsiaCrypt 2016 -- Marcel Medwed

  3. SCA Intro

  4. Attack and Countermeasure Landscape c = Ek(m) Constant Detection Instantaneous Leakage Timing m1 m2 ... ... mn Faults Limit measurements Probing Low SNR Masking Shielding AsiaCrypt 2016 -- Marcel Medwed

  5. The costs of CMs • Masking • O(n^2) costs vs. O(c^n) security • Time randomization (aka shuffling) • O(n) costs vs. O(n) security • Fault protection • O(n) costs vs. O(n) security • Combinations are hard • FTDC2016: More Efficient Private Circuits II Through Threshold Implementations • Key updates to limit measurements AsiaCrypt 2016 -- Marcel Medwed

  6. Motivation

  7. Key updates help • Only two traces per key • Need for bounded leakage for 2 traces • Security only limited by black box setting • But a stream cipher needs a unique IV • How to seed the PRG securely with bounded leakage? AsiaCrypt 2016 -- Marcel Medwed

  8. How to initialize • Masking and other CMs • Maybe performance gain but no bounded leakage AsiaCrypt 2016 -- Marcel Medwed

  9. How to initialize • Fresh re-keying • Masking much easier, performance gain, still no bounded leakage AsiaCrypt 2016 -- Marcel Medwed

  10. How to initialize • LR-PRF • Attempt to instantiate a bounded leakage scheme • Not provably bounded (no arbitrary adaptive leakage function) • However, experiments suggest bound for practical leakage functions AsiaCrypt 2016 -- Marcel Medwed

  11. Construction& Effects

  12. DPA: Parallelism and Algorithmic Noise (1) P Independent p16 p1 pi ki k1 k16 SCA S-box S-box S-box Independent Algorithmic Noise Side Channel s1 si s16 C AsiaCrypt 2016 -- Marcel Medwed

  13. DPA: Parallelism and Algorithmic Noise (2) • Parallelism adds algorithmic noise • Blue  no noise, green  2 par. S-boxes,..., purple  16 par. S-boxes • But security decreases exponentially • Averaging works only for random plaintexts • Fixing the data complexity to 2allows bounding the leakage • How can it be fixed to 2? AsiaCrypt 2016 -- Marcel Medwed

  14. Using the GGM-PRF construction • Use PRF: y = Fk(x) • k being a n-bit secret key • x = x(0)...x(n-1) being a public input • P0 = {0}128 and P1 = {1}128 • Only 2 plaintexts (many traces though) • But 128 encryptions per operation • How to speed up? AsiaCrypt 2016 -- Marcel Medwed

  15. Speeding up... And loosing security • Only 16 AES encryptions • 256 plaintexts  256 traces per key • No security left • Can we do better? AsiaCrypt 2016 -- Marcel Medwed

  16. Avoiding D&C with carefully chosen PTs (CHES 2012) Plaintext p k1 p k16 p ki S-box S-box S-box SCA Key Dependent Noise s1 s16 Side Channel si Ciphertext AsiaCrypt 2016 -- Marcel Medwed

  17. Carefully Chosen Plaintexts • 16 AES encryptions, 256 plaintexts • As PT bytes are equal, divide-and-conquer does not apply anymore • Noise becomes key dependent, cannot be averaged • Even if all key bytes are recovered, the order remains unknown • But • Ordering 16 bytes is still easy (244) • Properties hold only for first round • 16 S-boxes need same leakage function • Can we do better? AsiaCrypt 2016 -- Marcel Medwed

  18. Our Contribution: Using Unknown Plaintexts • Precomputation of secret plaintexts using LR-PRG • Use bits of x to index table of secret plaintexts AsiaCrypt 2016 -- Marcel Medwed

  19. Avoiding D&C with Unknown PTs (1) Plaintext p1 k1 p16 k16 pi ki Side Channel S-box S-box S-box SCA s1 s16 Side Channel si Ciphertext AsiaCrypt 2016 -- Marcel Medwed

  20. Security of Unknown Plaintexts • Only profiled attacks work • Key dependent noise impacts a two-dimensional distribution (2nd-order SCA) • Key dependent noise is present in the entire algorithm AsiaCrypt 2016 -- Marcel Medwed

  21. Analysis

  22. Distribution Distances • We match sub key distributions to the device distribution • Carefully chosen plaintexts only prevent ordering (+ some misranking) • For unknown plaintexts the device distribution is much more destorted

  23. Looking at the sub key distributions • Carefully chosen plaintexts • Correct sub keys are ranked first • Best ranked sub key is always one of the correct ones • Worst ranked sub key like to be < rank 20 AsiaCrypt 2016 -- Marcel Medwed

  24. Looking at the sub key distributions • Carefully chosen plaintexts • Unknown plaintexts AsiaCrypt 2016 -- Marcel Medwed

  25. Conclusions

  26. Conclusion (1) • Bounded leakage against realistic attacks with little assumptions • No equal leakage assumption • No randomness needed •  Works with plain, parallel AES • Speed up depends on memory • 2m PTs, m times faster AsiaCrypt 2016 -- Marcel Medwed

  27. Conclusion (2) • Lots of analysis done • leakage models • implementation flaws • template building errors • ... • But more needed (for masking it took >10 years to understand most issues) • Security depends on security against 2 noise-free traces (2PRG) • Future work • Localized EM attacks (as they can overcome parallelism) • Use other tools in attack AsiaCrypt 2016 -- Marcel Medwed

  28. Localized EM Attacks • Likely to reduce parallelism • Blue: Attack on 2PRG • Green: Attack on PRF with 16 unknown plaintexts • Red: Attack on secret pllaintexts • At least >2 plaintexts are required  uncertainty multiplies AsiaCrypt 2016 -- Marcel Medwed

More Related