ETSI SECURITY WEEK | Driss ABOULKASSIM | Jacques FOURNIERI

SIDE CHANNEL ANALYSIS : LOW COST PLATFORM

| 2

THE CEA

Military Applications

Division (DAM)

Nuclear Energy Division (DEN)

Technological Research Division

(DRT)

Materials Sciences Division Life Sciences Division

Mission DAM : France’s national security independence

Mission DEN : France’s energy independence

Mission DRT : French business’ economic competitiveness

| 3

OBJECTIVE: Recover secret data like cryptographic keys even for

algorithms proven to be secure in theory!

PHYSICAL ATTACKS AGAINST INTEGRATED CIRCUITS

Cheaper equipment and faster to

implement than invasive attacks

The weakness: Those

algorithmes are implemented on

devices that bear intrinsic

weaknesses !

« Invasive attacks » by

reverse-engineering

« Non-invasive attacks »

thru side channel

information leakages

« Semi-invasive attacks »

by fault injections

| 4

SIDE CHANNEL ATTACKS

Against ‘any type’ of algorithm… DES, AES, RSA, ECC, Pairings, proprietary

algorithms… to retrieve secret keys or reverse-engineer the implemented

algorithms.

Timing

measurements

Statistical analysis of

power consummed

Statistical analysis of

Electromagnetic

waves emitted

| 5

AS A CONSEQUENCE….

The channel can hence be secure

thanks to the use of cryptography….

But if a hacker can have physical

access to one of the devices, (s)he

might retrieve the cryptographic

keys used and decrypt the

transmitted data!!

Connected devices using

‘sophisticated’ cryptography….

| 6 6

- Bob, Alice (lovers) want to communicate

Bob Alice

Communication vulnerabilities

| 7 7

Communication vulnerabilities

- Bob, Alice (lovers!) want to communicate

- Trudy (intruder) may : intercept,

Trudy

Bob Alice

| 8 8

Communication vulnerabilities

- Bob, Alice (lovers!) want to communicate

- Trudy (intruder) may : intercept,

delete,

change the message content,

… Trudy

Bob Alice

| 9 9

- Bob, need to communicate “securely” with Alice !

- May be encryption is the solution !!

Bob

En

cry

pt

Alice

Decry

pt

Solution : cryptography application

| 10 10

MixColumns

AddRoundKey

ShiftRows

AddRoundKey

SubBytes

AddRoundKey

ShiftRows

Initial Round

initial Key

K0

Round 1:9

Round 10

Cipher

text

Plain Text

Key of Roud

k1:k9

K10

(Keu of round 10)

Advanced Encryption Standard

• AES is a symetric encryption

algorithm.

• 3 Time* Brute force attack vs Key

size

Key

seize

Possible

combinations

Time

128 Bits 3.4 1038 1.02x1018 years

(1 billion billion

years)

192 Bits 6.2 1056 1.872x1037 years

256 Bits 1.1 1077 3,31x1056 years

*Faster supercomputer 10.51 Pentaflops = 10.51 x 1015 Flops

[Flops = Floating point operations per second]

| 11 11

• Extract the secret key (128-bits) from the AES (Advanced Encryption

Standard) implemented in Software on 32-bits Microcontroller

• The key Value : 0x2B7E1516 28AED2A6 ABF71588 09CF4F3C

• The platform is mobile and low cost

| 12 12

1- Automatic acquisition of Electro-Magnetic field

Acquisitions

U

S

B

USB

Control Unit : RASPBERRY

PI3

Coax/prob

U

S

B

Measurements (consumption ,

EM)

U

A

R

T

SMA

Target

EM Probe

VG

A

| 13 13

Acquisitions

U

S

B

USB

Control Unit : RASPBERRY

PI3

Coax/prob

U

S

B

Measurements (consumption ,

EM)

U

A

R

T

SMA

Target

EM Probe

VG

A

Target Type Countermeasures

HW/SW

Cryptographic

application

Architecture

Microcontroller none AES 128-bits 32-bits

Automatic acquisition of Electro-Magnetic traces

| 14

Correlation

Keyi

Text1

Textn

Text2

Keyi (1 byte) and i = {0,2,...255} et keyi = i

SUBBYTE

Consumption

model

Ex: Hamming

weight

m : Number of samples/trace

Text2

Text1

Textn

time

Voltage

2-CORRELATION STATISTCAL ANALYSIS

14 0 200 400 600 800 1000 1200 1400 1600 1800 2000

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

Correlation trace

associated to the correct

key guess

| 15

ACTIVITIES OF THE CEA ON HARDWARE SECURITY

Are your secret/sensitive

data safe in there?

Is your program being

correctly executed? Can your hardware be trusted?

Characterisation Secure solutions

• State of the art characterisation benchs: EM,

laser, Vcc, clock…

• State of the art analysis techniques against

crypto algorithms (AES, Pairings…)

• Analysis of communication protocols

(contactless, WLoPAN…)

• Software analysis tools

• CESTI: French ANSSI-accredited HW

evaluation lab (Common Criteria, EMVCo…)

• Hardware and software countermeasures for

secure implementations of crypto algorithms

• Shields, new technologies…

• Run-time countermeasures

Physically Unclonable Functions

• Robustness analyses

• Certification aspects

• Implementation of new structures

Integrity verification

• On chip sensor-based approach

• Off chip side-channel based approach

• Off chip active clock-based approach

• IoT network integrity verification

• Node bootstrapping and key management

protocols

• Secure transport layer security protocols

• IoT intrusion detection system

• Trust anchors for industrial systems

Commissariat à l’énergie atomique et aux énergies alternatives

17 rue des Martyrs | 38054 Grenoble Cedex

www.cea-tech.fr

Établissement public à caractère industriel et commercial | RCS Paris B 775 685 019

Thank you for your

attention

Questions?

Contact : Driss ABOULKASSIM

driss.aboulkassimi@cea.fr