Side Channel Analysis and Embedded Systems Impact and Countermeasures

Similar documents
Side Channels: Hardware or Software threat?

PUF Physical Unclonable Functions

Horst Görtz Institute for IT-Security

M-Shield mobile security technology

How To Perform Differential Frequency Analysis (Dfa) On A Powerline (Aes) On An Iphone Or Ipad (Ase) On Microsoft Powerline 2 (Aces) On Pc Or Ipa (Aas)

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

Pervasive Computing und. Informationssicherheit

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Security testing of hardware product

Unknown Plaintext Template Attacks

Introduction Page 4. Inspector SCA Page 6. Inspector FI Page 10. Service & Product support Page 13. Inspector Hardware Matrix Page 14

Reviving smart card analysis

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

A Study on Smart Card Security Evaluation Criteria for Side Channel Attacks

Security in ST : From Company to Products

Secure Hardware PV018 Masaryk University Faculty of Informatics

Hardware Trojans Detection Methods Julien FRANCQ

CryptoFirewall Technology Introduction

What is a Smart Card?

Microsemi Security Center of Excellence

A Tutorial on Physical Security and Side-Channel Attacks

On Security Evaluation Testing

Security testing for hardware product : the security evaluations practice

Hardware Security Modules for Protecting Embedded Systems

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

On a New Way to Read Data from Memory

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Advances in Smartcard Security

Security and protection of digital images by using watermarking methods

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

Evaluation of Digital Signature Process

Smart Card Security How Can We Be So Sure?

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

Authentication requirement Authentication function MAC Hash function Security of

Enova X-Wall LX Frequently Asked Questions

Network Security Technology Network Management

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

Secure Data Exchange Solution

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Secure Network Communications FIPS Non Proprietary Security Policy

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Problems of Security in Ad Hoc Sensor Network

AES Power Attack Based on Induced Cache Miss and Countermeasure

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CHASE Survey on 6 Most Important Topics in Hardware Security

USB Portable Storage Device: Security Problem Definition Summary

Message Authentication

Client Server Registration Protocol

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Design and Security Considerations for Passive Immobilizer Systems

Embedded Java & Secure Element for high security in IoT systems

Java Card. Smartcards. Demos. . p.1/30

CRYPTOGRAPHY IN NETWORK SECURITY

Smart Card Technology Capabilities

Trusted Platforms for Homeland Security

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

CSCA0102 IT & Business Applications. Foundation in Business Information Technology School of Engineering & Computing Sciences FTMS College Global

An On-chip Security Monitoring Solution For System Clock For Low Cost Devices

My Funding Provided By: Special Thanks: Dr. Zhizhang Chen. Cryptography Research Inc

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

How To Understand And Understand The History Of Cryptography

NXP & Security Innovation Encryption for ARM MCUs

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Secure USB Flash Drive. Biometric & Professional Drives

Extended Boundary Scan Test breaching the analog ban. Marcel Swinnen, teamleader test engineering

Internet of Things. Opportunities for device differentiation

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Penetration Testing Windows Vista TM BitLocker TM

Security in Near Field Communication (NFC)

Using BroadSAFE TM Technology 07/18/05

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Computer Security: Principles and Practice

CS 758: Cryptography / Network Security

BroadSAFE Enhanced IP Phone Networks

Side Channel Attacks on Smartphones and Embedded Devices using Standard Radio Equipment

Broadcasting encryption or systematic #FAIL? Phil

Physical Security: Status and Outlook

USB Portable Storage Device: Security Problem Definition Summary

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Safer data transmission using Steganography

Power Reduction Techniques in the SoC Clock Network. Clock Power

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Low- Cost Chip Microprobing

Transcription:

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas

Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side Channels explained Principles Listening to your hardware Types of analysis Attacks and Countermeasures Breaking a key Countermeasures theory Practical implementations

Security in embedded systems

Trends in embedded hardware security Preventing debug access Fuses, Secure access control Protecting buses and memory components Flash memories with security, DRAM bus scrambling Increase in code integrity Boot loader ROM in CPU, Public key signature checking Objectives: Prevent running unauthorized code Prevent access to confidential information Effective against most conventional attacks

Popular hardware attacks

Towards cryptographic devices Smart cards represent the ultimate cryptographic device: Operate in a hostile environment Perform cryptographic operations on data Harnessing both the cryptographic operation and the key Tamper resistant General purpose processors are incorporating more and more smart card style security Why not use a smart card? Also adds complexity How to communicate securely with it? Some do (PayTV, TPM etc)

Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side Channels explained Principles Listening to your hardware Types of analysis Attacks and Countermeasures Breaking a key Countermeasures theory Practical implementations

Side Channel Analysis What? read hidden signals Why? retrieve secrets How? Attack channels Methods Tools

Attack Channels Time Power consumption Electro-Magnetic radiation Light emission Sound

Passive versus active attacks Passive attacks Only observing the target Possibly modifying it to execute a specific behavior to observe Examples: time, power or EM measurements Active attacks Manipulating the target or its environment outside of its normal behavior Uncovering cryptographic keys through fault injection Changing program flow (eg. circumvent code integrity checks) Examples: Voltage or clock glitching, laser pulse attacks

Principle of timing analysis Start Decision Process 1 t = 10ms t = 20ms Process 2 End

Principle of power analysis Semiconductors use current while switching Shape of power consumption profile reveals activity Comparison of profiles reveals processes and data Power is consumed when switching from 1 0 or 0 1

Principle of electromagnetic analysis Electric and Magnetic field are related to current Probe is a coil for magnetic field Generally the near field (distance << λ) is most suitable Adds dimension position compared to the one dimensional power measurement

Side channel analysis tools Probes Power: Intercept power circuitry with small resistor EM: Coil with low noise amplifier Digital storage oscilloscope High bandwidth amplifier Computer with analysis and control software

XY table for EM analysis

Localization with EM Scanning chip surface with XY table Display intensity per frequency Search for optimal location: CPU frequency Crypto engine clock RAM bus driver

Demo equipment CPU: Ti OMAP 5910 150Mhz

Listening to your hardware - demo analog signal Oscilloscope digitized signal EM probe sensor amplifier trigger CPU Embedded system I/O Analysis Software

Simple Power/EM Analysis Recover information by inspection of single or averaged traces Can also be useful for reverse engineering algorithms and implementations

Differential Power/EM Analysis Recover information by inspection difference between traces with different (random) inputs Use correlation to retrieve information from noisy signals

Data/signal correlation

Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side Channels explained Principles Listening to your hardware Types of analysis Attacks and Countermeasures Breaking a key Countermeasures theory Practical implementations

Secure CPUs

Breaking a key - demo Example breaking a DES key with a differential attack Starting a measurement Explaining DES analysis Showing results

DES 16 rounds Input and output are 64 bits Key K is 56 bits round keys are 48 bits Cipher function F mixes input and round key

F- function S box 1 Round key E permutation 48 S box 2 P permutation 32 48 S box 8 32 32 8 * (6 4)

DPA on DES E permutation 32 48 Round key 48 Bit 1 6 S box i Bit 4 Simulate DES algorithm based on input bits and hypotheses k. Select one S-Box, and one output bit x. Bit x depends on only 6 key bits. Calculate differential trace for the 64 different values of k. Incorrect guess will show noise, correct guess will show peaks.

DPA on DES results

Countermeasures Decrease leakage Balance processing of values Limit number of operations per key Increase noise Introduce timing variations in processing Use hardware means

Countermeasures concepts Passive Side channel attacks: Hiding: Break relation between processed value and power consumption Masking / Blinding: Break relation between algorithmic value and processed value Algorithmic value Masking Processed value Hiding Measured value (at guessed position)

Countermeasure examples Change the crypto protocol to use key material only for a limited amount of operations. For instance, use short lived session keys based on a hash of an initial key. Example: Source: Kocher, P. Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks

Countermeasure examples Remove any execution time dependence on data and key. Do not forget cache timing and branch prediction. Also remove conditional execution that depends on the key. Randomly insert instructions with no effect on the algorithm. Use different instructions that are hard to recognize in a trace default MOV XOR ADD INC CMP random MOV NOP XOR ADD NOP INC NOP CMP random MOV XOR NOP ADD INC CMP

Countermeasure examples Shuffling: Changing the order of independent operations (for instance S-box calculations) per round. This reduces correlation with a factor equal to the number of shuffled operations default Sbox 1 Sbox 2 Sbox 3 Sbox 4 Sbox 5 Sbox 6 Sbox 7 Sbox 8 random Sbox 4 Sbox 8 Sbox 1 Sbox 3 Sbox 6 Sbox 5 Sbox 2 Sbox 7 Implement a masked version of the cryptographic algorithm. Examples can be found in research literature for common algorithms (RSA, AES).

Countermeasure demos Simple analysis of unprotected trace Effect of randomly inserting NOP instructions Effect of making RSA square-multiply constant

SPA attack on RSA signal processing Key to high-light bits revealed dips variation of interval between dips 1 0 1 0 1 0 0 1 0 key bits revealed

RSA implementations Algorithm for M=c d, with d i is exponent bits (0 i t) M := 1 For i from t down to 0 do: M := M * M If d i = 1, then M := M*C Algorithm for M=c d, with d i group of exponent bits (0 i t) Precompute multipliers C i M := 1 For i from t down to 0 do: For j = 1 to groupsize: M := M * M M := M* C i

Example: RSA message blinding Normal encryption: M = C d mod n under condition: n = p q e d = 1 mod lcm(p-1, q-1) Choose a random r, then C r = C r e mod n Perform RSA: M r = C d r mod n = C d r mod n M = M r r -1 mod n During the RSA operation itself the operations with exponent d do not depend on C

Test and verification The best way to understand side channel leakage is to measure your own implementation Side channels analysis can be performed on a device to assess its level of vulnerability to such attacks Such analysis is part of certification processes in the payment industry and in Common Criteria evaluations. FIPS 140-3 will require side channel testing for certain levels

Countermeasure licensing DPA attacks were first published by Paul Kocher et al. from Cryptography Research, Inc. (CRI) A large range of countermeasures are patented by CRI and other companies CRI licenses the use of them The patents give a good idea of possible countermeasures, check with CRI

Conclusions With the increase of security features in embedded devices the importance of side channel attacks will also increase Most of these devices with advanced security features do not yet contain hardware countermeasures against side channel attacks Side channel attacks present a serious threat with wide range of possibilities and a large impact Still, software developers can reduce the risks of side channel attacks by securing their implementations with software countermeasures

More info Job de Haas dehaas@riscure.com

References 1. Joe Grand, Advanced Hardware Hacking Techniques, Defcon 12 http://www.grandideastudio.com/files/security/hardware/advanced_hardware_hacking_techniq ues_slides.pdf 2. Josh Jaffe, Differential Power Analysis, Summer School on Cryptographic Hardware http://www.dice.ucl.ac.be/crypto/ecrypt-scard/jaffe.pdf http://www.dice.ucl.ac.be/crypto/ecrypt-scard/jaffe2.pdf 3. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks - Revealing the Secrets of Smartcards http://www.dpabook.org/ 4. Dan J. Bernstein, ''Cache-timing attacks on AES'', http://cr.yp.to/papers.html#cachetiming, 2005. 5. D. Brumley, D. Boneh, Remote Timing Attacks are Practical http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf 6. P. Kocher, "Design and Validation Strategies for Obtaining Assurance in Countermeasures to Power Analysis and Related Attacks", NIST Physical Security Testing Workshop - Honolulu, Sept. 26, 2005 http://csrc.nist.gov/cryptval/physec/papers/physecpaper09.pdf 7. E. Oswald, K. Schramm, An Efficient Masking Scheme for AES Software Implementations www.iaik.tugraz.at/research/sca-lab/publications/pdf/oswald2006anefficientmasking.pdf 8. Cryptography Research, Inc. Patents and Licensing http://www.cryptography.com/technology/dpa/licensing.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information