S C I E N C E P A S S I O N T E C H N O L O G Y www.iaik.tugraz.at Enhancing Side-Channel Analysis of Binary- Field Multiplication with Bit Reliability Peter Pessl, Stefan Mangard IAIK, Graz University of Technology, Austria CT-RSA 2016, San Francisco, 3rd March 2016
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
S C I E N C E P A S S I O N T E C H N O L O G Y
www.iaik.tugraz.at
Enhancing Side-Channel Analysis of Binary-Field Multiplication with Bit ReliabilityPeter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria
CT-RSA 2016, San Francisco, 3rd March 2016
www.iaik.tugraz.at
Overview
New side-channel attack on Fresh Re-Keying and binary-field multiplication
Connection to Learning Parity with Noise (LPN) problem
Extensive use of bit reliabilities in order to decrease runtime
Attack a protected Fresh Re-Keying implementation
Using only 512 traces
With reasonable runtime
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 20162
www.iaik.tugraz.at
Fresh Re-Keying [MSGR10, MPR+11]
Goal: SCA protection for low-cost devices
Combine an encryption function f
With a re-keying function g
Fresh session key k∗ per invocation
f is SPA secure
g is DPA secure, but not cryptographically strong
gk(r)
fk∗(m)
k∗
k
m
r
c
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 20163
www.iaik.tugraz.at
Re-Keying Function
Polynomial multiplication modulo y16 + 1 over GF(28)
Good diffusion
Easy to protect (masking, shuffling)
Rewrite as matrix-vector product over bytes and bits
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201615
www.iaik.tugraz.at
Tweaked Stern
Each entry of e / column of H corresponds to LPVN sample
with attached probability
Reliability-guided swapping of columns
Rejection sampling based on bias
Keep number of errors in Q low
While still behaving randomly
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201616
www.iaik.tugraz.at
Attack Results
Simulation
8-bit with shuffling countermeasure
Noisy Hamming weights
Real device
Power measurements
Profiling
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201617
www.iaik.tugraz.at
Results - Simulation
ǫ
0 0.1 0.2 0.3 0.4 0.5
ψ(ǫ
)
0
0.01
0.02
0.03
0.04 SNRSB
=1, SNRPT
=0.2
Meta-probability ψ(ε)
Nr. of traces
210
211
212
213
214
215
Att
ack c
om
ple
xity
220
240
260
280
Tweaked
Original
Runtime complexity
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201618
www.iaik.tugraz.at
Results - Real Device
ǫ
0 0.1 0.2 0.3 0.4 0.5
ψ(ǫ
)
0
0.02
0.04
0.06
0.08
Meta-probability ψ(ε)
Nr. of traces
29
210
211
Att
ack c
om
ple
xity
220
240
260
280 Tweaked
Original
Runtime complexity
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201619
www.iaik.tugraz.at
Conclusions
Attack with small trace count and reasonable runtime
Without violating the constraints of Fresh Re-Keying
AES still SPA secure
Implications for Fresh Re-Keying
Separations of responsibilities not trivial
Protect re-keying output in all stages
gk(r)
fk∗(m)
k∗
k
m
r
c
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201620
S C I E N C E P A S S I O N T E C H N O L O G Y
www.iaik.tugraz.at
Enhancing Side-Channel Analysis of Binary-Field Multiplication with Bit ReliabilityPeter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria
CT-RSA 2016, San Francisco, 3rd March 2016
www.iaik.tugraz.at
Bibliography I
[BCF+15] Sonia Belaıd, Jean-Sebastien Coron, Pierre-Alain Fouque, Benoıt Gerard, Jean-Gabriel Kammerer, and Emmanuel Prouff. ImprovedSide-Channel Analysis of Finite-Field Multiplication. IACR Cryptology ePrint Archive, 2015:542, 2015. note: to appear at CHES 2015.
[BFG14] Sonia Belaıd, Pierre-Alain Fouque, and Benoıt Gerard. Side-Channel Analysis of Multiplications in GF(2128) - Application to AES-GCM. InPalash Sarkar and Tetsu Iwata, editors, Advances in Cryptology - ASIACRYPT 2014, volume 8874 of Lecture Notes in Computer Science,pages 306–325. Springer, 2014.
[BLP08] Daniel J. Bernstein, Tanja Lange, and Christiane Peters. Attacking and Defending the McEliece Cryptosystem. In Johannes A. Buchmannand Jintai Ding, editors, Post-Quantum Cryptography, Second International Workshop, PQCrypto 2008, volume 5299 of Lecture Notes inComputer Science, pages 31–46. Springer, 2008.
[MPR+11] Marcel Medwed, Christophe Petit, Francesco Regazzoni, Mathieu Renauld, and Francois-Xavier Standaert. Fresh Re-keying II: SecuringMultiple Parties against Side-Channel and Fault Attacks. In Emmanuel Prouff, editor, Smart Card Research and Advanced Applications -10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, volume 7079 of Lecture Notes in Computer Science, pages 115–132.Springer, 2011.
[MSGR10] Marcel Medwed, Francois-Xavier Standaert, Johann Großschadl, and Francesco Regazzoni. Fresh Re-keying: Security againstSide-Channel and Fault Attacks for Low-Cost Devices. In Daniel J. Bernstein and Tanja Lange, editors, Progress in Cryptology -AFRICACRYPT 2010, volume 6055 of Lecture Notes in Computer Science, pages 279–296. Springer, 2010.
Pessl, MangardCT-RSA 2016, San Francisco, 3rd March 201622
SESSION ID:
#RSAC
Daisuke Moriyama
Towards a Unified Security Model for Physically Unclonable Functions
CRYP-R03
ResearcherNICT
#RSAC
Authors of this paper
Moti Yung(Google/Columbia Univ)(NICT)
Frederik Armknecht(University of Mannheim)
Daisuke Moriyama Ahmad-Reza Sadeghi(TU Darmstadt)
2
#RSAC
Introduction
Which is iPhone ? Which is Louis Vuitton’s product?3
#RSAC
Introduction
We need unique identification of device/goods for IoT world- Device ID or RFID tag is useless if the internal information is copied
Physical uniqueness during fabrication is useful !
Yield variance is not bad effect but uniqueness!
Physically Unclonable Functions (PUFs)4
#RSAC
Cryptographic Brief Definition of PUFs
Input
1. Given an input, it is easy to evaluate the output
PUF Output
2. It is difficult to produce another device which the two devices respond the same output from the same input.
5
#RSAC
Example PUF constructions
Arbiter PUFs
Ring Oscillator PUFs
SRAM PUFs
Butterfly PUFs Latch PUFs
New constructions are discovered almost every year !!!6
#RSAC
Application of PUFs in Cryptography
PUF A PUF DPUF C …
Protocol 1 Protocol 2 Protocol 3
PUF B
…
Which PUF is suitable for existing/new protocol?
PUF is expected to be used in cryptographic protocols…
7
#RSAC
What we think
PUF A PUF DPUF C
One-wayness
Unforgeability
Unclonability
Indistinguishability
…
…Protocol 1 Protocol 2 Protocol 3
Requirement
EvaluationPseudorandomness
PUF B
…
Bridge them by security model !!
8
#RSAC
What we think
Bridge them by security model !!
PUF A PUF DPUF C
One-wayness
Unforgeability
Unclonability
Indistinguishability
…
…Protocol 1 Protocol 2 Protocol 3
Requirement
EvaluationPseudorandomness
PUF B
…
Defining many cryptographic properties are desirable
9
#RSAC
What we think
Bridge them by security model !!
PUF A PUF DPUF C
One-wayness
Unforgeability
Unclonability
Indistinguishability
…
…Protocol 1 Protocol 2 Protocol 3
Requirement
EvaluationPseudorandomness
PUF B
…
We cannot ignore real effects caused in physical device(noisy outputs, correlation among devices, etc…)
10
#RSAC
Our Unified Security Model for PUFs
Security model
11
#RSAC
Security model: Manufacturing
PUF is denoted as function
But we should not simply say like “XXX PUF is good”…
90nm process130nm process
65nm process…
Custom ASICFPGA (Xillinx,Altera,…)
SRAM (ISSI,Micron,…)…
Made in ChinaMade in USA
Made in Japan…
We treat
…
12
#RSAC
Challenge1 Response1
Challenge1 Response2
Challenge Response
Distance among any pairs are smaller than
Security model: Output distribution
Intra-distance
Same input Same device
…
has -variance and -min-entropy if
13
#RSAC
Challenge1 Response1
Challenge2 Response2
Challenge Response
Security model: Output distribution
Distance among any pairs are larger than
Inter-distance I
Different input Same device
…
has -variance and -min-entropy if
14
#RSAC
Challenge1 Response1
Challenge1 Response2
Challenge1 Response
Security model: Output distribution
Distance among any pairs are larger than
Inter-distance II
Same input Different device
has -variance and -min-entropy if
15
#RSAC
Challenge1 Response1
Challenge2 Response2
Challenge1 Response1’
Given other outputs,the target still has enough min-entropy
Security model: Output distribution
Challenge Response…
Challenge Response…
…Challenge1 Response1’’ Challenge Response
has -variance and -min-entropy if
16
#RSAC
Security model: Output distribution
Intra-distance:
Inter-distance I:
Inter-distance II:
Min-entropy:
has -variance and -min-entropy ifThese are formal definitions provided in proceeding
17
#RSAC
Security model: One-wayness
has -one-wayness if
ChallengerAdv
PUF
PUF
, ,…
18
#RSAC
Security model: One-wayness
has -one-wayness if
ChallengerAdv
PUF
PUFSubtract random guessing prob w.r.t. queries
Evaluate distance from valid output
, ,…
19
#RSAC
Security model: Unforgeability
has -EUF-CMA security if
ChallengerAdv
PUF
, ,…
20
#RSAC
Security model: Unforgeability
has -EUF-CMA security if
Challenger
Subtract random guess probability:
Adv
PUF
, ,…
21
#RSAC
Security model: Unforgeability
Pappu (PhD Thesis 2001) -UUF-KOAGassend et al. (ACMCCS 2002) -UUF-KMA
Guajardo et al. (CHES 2007) -UUF-OT-KMA,-EUF-KOA
Armknecht et al. (IEEE S&P 2011) -UUF-KMA,-EUF-CMA
Brzuska et al. (CRYPTO 2011) -EUF-CMA
Our model is the generalized version
has -EUF-CMA security if
22
#RSAC
Security model: Unclonability
has -unlonability if
Challenger
behaves as
Adv
PUF
, ,…
23
#RSAC
Security model: Indistinguishability
has -indistinguishablility if
ChallengerAdv
PUF
PUF
, ,…
24
#RSAC
Security model: Pseudorandomness
has -pseudorandomness if
ChallengerAdv
PUF
RF
Add random noise at most
, ,…
25
#RSAC
Security model: Tamper resilience
has -tamper resilience if
Challenger
Create, Response
Challenger
Create, Response
Adv Sim
Physical analysis OK Physical analysis NG
26
#RSAC
Comparison with Existing Works: Evaluation
Intra-distance Inter-distance I Inter-distance II Min-entropy Number of PUFs Number of Queries