Upload
vanque
View
243
Download
0
Embed Size (px)
Citation preview
ETSI SECURITY WEEK | Driss ABOULKASSIM | Jacques FOURNIERI
SIDE CHANNEL ANALYSIS : LOW COST PLATFORM
| 2
THE CEA
Military Applications
Division (DAM)
Nuclear Energy Division (DEN)
Technological Research Division
(DRT)
Materials Sciences Division Life Sciences Division
Mission DAM : France’s national security independence
Mission DEN : France’s energy independence
Mission DRT : French business’ economic competitiveness
| 3
OBJECTIVE: Recover secret data like cryptographic keys even for
algorithms proven to be secure in theory!
PHYSICAL ATTACKS AGAINST INTEGRATED CIRCUITS
Cheaper equipment and faster to
implement than invasive attacks
The weakness: Those
algorithmes are implemented on
devices that bear intrinsic
weaknesses !
« Invasive attacks » by
reverse-engineering
« Non-invasive attacks »
thru side channel
information leakages
« Semi-invasive attacks »
by fault injections
| 4
SIDE CHANNEL ATTACKS
Against ‘any type’ of algorithm… DES, AES, RSA, ECC, Pairings, proprietary
algorithms… to retrieve secret keys or reverse-engineer the implemented
algorithms.
Timing
measurements
Statistical analysis of
power consummed
Statistical analysis of
Electromagnetic
waves emitted
| 5
AS A CONSEQUENCE….
The channel can hence be secure
thanks to the use of cryptography….
But if a hacker can have physical
access to one of the devices, (s)he
might retrieve the cryptographic
keys used and decrypt the
transmitted data!!
Connected devices using
‘sophisticated’ cryptography….
| 6 6
- Bob, Alice (lovers) want to communicate
Bob Alice
Communication vulnerabilities
| 7 7
Communication vulnerabilities
- Bob, Alice (lovers!) want to communicate
- Trudy (intruder) may : intercept,
Trudy
Bob Alice
| 8 8
Communication vulnerabilities
- Bob, Alice (lovers!) want to communicate
- Trudy (intruder) may : intercept,
delete,
change the message content,
… Trudy
Bob Alice
| 9 9
- Bob, need to communicate “securely” with Alice !
- May be encryption is the solution !!
Bob
En
cry
pt
Alice
Decry
pt
Solution : cryptography application
| 10 10
MixColumns
AddRoundKey
ShiftRows
AddRoundKey
SubBytes
AddRoundKey
ShiftRows
Initial Round
initial Key
K0
Round 1:9
Round 10
Cipher
text
Plain Text
Key of Roud
k1:k9
K10
(Keu of round 10)
Advanced Encryption Standard
• AES is a symetric encryption
algorithm.
• 3 Time* Brute force attack vs Key
size
Key
seize
Possible
combinations
Time
128 Bits 3.4 1038 1.02x1018 years
(1 billion billion
years)
192 Bits 6.2 1056 1.872x1037 years
256 Bits 1.1 1077 3,31x1056 years
*Faster supercomputer 10.51 Pentaflops = 10.51 x 1015 Flops
[Flops = Floating point operations per second]
| 11 11
• Extract the secret key (128-bits) from the AES (Advanced Encryption
Standard) implemented in Software on 32-bits Microcontroller
• The key Value : 0x2B7E1516 28AED2A6 ABF71588 09CF4F3C
• The platform is mobile and low cost
| 12 12
1- Automatic acquisition of Electro-Magnetic field
Acquisitions
U
S
B
USB
Control Unit : RASPBERRY
PI3
Coax/prob
U
S
B
Measurements (consumption ,
EM)
U
A
R
T
SMA
Target
EM Probe
VG
A
| 13 13
Acquisitions
U
S
B
USB
Control Unit : RASPBERRY
PI3
Coax/prob
U
S
B
Measurements (consumption ,
EM)
U
A
R
T
SMA
Target
EM Probe
VG
A
Target Type Countermeasures
HW/SW
Cryptographic
application
Architecture
Microcontroller none AES 128-bits 32-bits
Automatic acquisition of Electro-Magnetic traces
| 14
Correlation
Keyi
Text1
Textn
Text2
Keyi (1 byte) and i = {0,2,...255} et keyi = i
SUBBYTE
Consumption
model
Ex: Hamming
weight
m : Number of samples/trace
Text2
Text1
Textn
time
Voltage
2-CORRELATION STATISTCAL ANALYSIS
14 0 200 400 600 800 1000 1200 1400 1600 1800 2000
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
Correlation trace
associated to the correct
key guess
| 15
ACTIVITIES OF THE CEA ON HARDWARE SECURITY
Are your secret/sensitive
data safe in there?
Is your program being
correctly executed? Can your hardware be trusted?
Characterisation Secure solutions
• State of the art characterisation benchs: EM,
laser, Vcc, clock…
• State of the art analysis techniques against
crypto algorithms (AES, Pairings…)
• Analysis of communication protocols
(contactless, WLoPAN…)
• Software analysis tools
• CESTI: French ANSSI-accredited HW
evaluation lab (Common Criteria, EMVCo…)
• Hardware and software countermeasures for
secure implementations of crypto algorithms
• Shields, new technologies…
• Run-time countermeasures
Physically Unclonable Functions
• Robustness analyses
• Certification aspects
• Implementation of new structures
Integrity verification
• On chip sensor-based approach
• Off chip side-channel based approach
• Off chip active clock-based approach
• IoT network integrity verification
• Node bootstrapping and key management
protocols
• Secure transport layer security protocols
• IoT intrusion detection system
• Trust anchors for industrial systems
Commissariat à l’énergie atomique et aux énergies alternatives
17 rue des Martyrs | 38054 Grenoble Cedex
www.cea-tech.fr
Établissement public à caractère industriel et commercial | RCS Paris B 775 685 019
Thank you for your
attention
Questions?
Contact : Driss ABOULKASSIM