Upload
brianna-cliff
View
216
Download
1
Embed Size (px)
Citation preview
"The generation of random numbers is too important to be left to chance.”
1
-- Robert R. CoveyouOak Ridge National Laboratory
n (modulus) = product of secret primes p and q
e (public key) = relatively prime to (p-1)(q-1)
d (private key) = e-1 mod ((p-1)(q-1)))
Encrypt c=me mod n
Decrypt m=cd mod n
Eve gets ciphertext message c from Alice, wants to read it
i.e., she wants to find m = cd
Choose random r < n, and use Alice’s public key e
x=re mod n
y=xc mod n
t=r-1 mod n
Note if x=re mod n, then r=xd mod n !
Eve tricks Alice into encrypting (signing) y with her d
Alice sends Eve u=yd mod n
Eve then calculates
tu mod n = r-1yd mod n = r-1xdcd mod n = cd mod n = m2
Chosen ciphertext attack against RSA -Schneier
ECRYPT 2012 Key Length Advice
3See www.keylength.com/en/3
Captured One-Time Pads
Russian One-Time Pad captured by MI5
5
Don’t reuse those one-time pads!If
C1=P1 K1C2=P2 K1C3=P3 K1
Then tryC1 C2 => P1 K1 P2 K1 => P1 P2C1 C3 => P1 K1 P3 K1 => P1 P3C2 C3 => P2 K1 P3 K1 => P2 P3and (P1 P2) (P1 P3) => (P2 P3)(P1 P2) (P2 P3) => (P1 P3) …
6
7
+
+
+
From Rick Smith: http://cryptosmith.com/archives/70
Don’t reuse those one-time pads!
Key? What Key?
• Alice encrypts: P K=>C• Bob knows the key and decrypts: C K=>P• They agree on a dummy plaintext D and if
they’re ever captured, they will give up the key K’=C D
• If the authorities decrypt C K’ => D
8
Case study: Heartbleed SSL Bug
http://xkcd.com/1353/
struct { HeartbeatMessageType type; uint16 payload_length; uchar payload [HeartbeatMessage.payload_length]; uchar padding[padding_length]; } HeartbeatMessage;
9
10
Power Analysis
11
Simple Power Analysis: `DES Parity Check
DES-CheckParity(byte Key[8])
for i = 8 down to 1
parity=0;
for j = 8 down to 1
if (bit j of Key[i] is set) // CONDITIONAL
parity = parity+1 // OPERATION
endif
endfor
if (parity is even) parity_error();
endfor
end DES-CheckParity
12
SPA Attack on DES-Parity
13
EM History
• Classified TEMPEST standards. Some parts declassified Jan '01, http://www.cryptome.org.
• Published work– EM Leakages from Peripherals, E.g., Monitors: Van Eck,
Anderson & Kuhn.– EM Leakage from smart-cards during Computation.
• J.-J. Quisquater & David Samyde, E-smart 2001,• Gemplus Team [GMO ’01], CHES ’01.
– SEMA/DEMA attacks.
• Best results require "decapsulation" of chip packaging and/or precise micro-antennas positioning on chip surface
Rao et.al.’s Work`
• Deeper understanding of the EM leakages.– Similar to declassified TEMPEST literature.
• Key Insights/Results– Plenty of EM signals are available, provided
you know what to look for and where.• Superior signals and attacks possible without micro-
antennas or decapsulation. • Some attacks possible from a distance.
– EM side-channel(s) >> Power side-channel• EM can break DPA-resistant implementations.
EM Emanations Background
• Origin/Types of EM Emanations– Direct emanations from intended currents.
• Maxwell’s equations, Ampere’s and Faraday’s laws.
– Unintentional emanations from coupling effects.• Depend on physical factors, e.g., circuit geometry.• Most couplings ignored by circuit designers. • Manifest as modulation of carriers (e.g. clock
harmonics) present/generated/introduced in device.– AM or Angle (FM/Phase) Modulation.
• Compromising signals available via demodulation.
• Propagation of EM– Radiation, Conduction, Combination of both.
• E.g., Faint EM signals riding on power line.
EM Capturing Equipment
• Antennas (Far-field) and Near-field probes
• Current probes.• Analog processing: Filters/Amplifiers,
Tunable wideband receiver or equivalent $$
• Digital sampling hardware.
ICOM wideband radio receiver with IF output
MAKE YOUR OWN
EM vs. Power
• Sometimes, EM is the only side-channel available.– Filtered power supplies, restricted access…– E.g. Crypto Tokens, SSL Accelerators,...
Time (10ns)
Am
plitu
de
EM Signal from SSL Accelerator S at 15 feet
EM vs. Power
• Is EM useful in the presence of power?• Yes, several EM carriers: Generated,
Ambient, Introduced…– Experimentally verified:
• Different carriers carry different information.• Some EM leakages substantially different from Power
leakages.
Bad Instructions
• Instructions where some EM leakage >> Power leakage.
• Typically CPU intensive rather than bus intensive.
• All architectures have BAD Instructions.• Example: Bit-test on several 6805 based
systems leaks tested bit.
EM Attack Example2 signals, different data, same exp & modulus
24
OTESTED BIT = 0 IN BOTH TRACES
OTESTED BIT DIFFERENT
Countermeasures
• Require sound vulnerability assessment.• Countermeasures include:
– Circuit redesign to reduce unintentional emanations.– Reducing S/N ratio
• EM Shielding• Noise introduction• Physically secure zones.
– Randomization based software countermeasures similar to DPA countermeasures.