Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

1

Lecture 3: Power Analysis

Information Security – Theory vs. Reality

0368-4474-01, Winter 2011

Guest Lecturer: Yossi Oren

2

Required Reading

http://www.dpabook.orghttp://www.springerlink.com/content/g01q1k

3

Fundamentals

4

Fundamentals

AES Circuit Design Statistics Introduction to Power Analysis

5

The AES Cipher

Plaintext Ciphertext

Key

AES

6

The AES Cipher (2)

Source: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

7

The AES Cipher (3)

void RijndaelEncrypt( u8 input[16], u8 output[16] ) {

[…] for (r=1; r<=9; r++) { ByteSub(state); ShiftRow(state); MixColumn(state); KeyAdd(state, roundKeys, r); }[…]

Source: http://users.ece.utexas.edu/~gerstl/ee382v-ics_f09/soc/tutorials/System_C_Code_Examples_2/date04_examples/cosimulate/sw_only/

8

Statistics 101

⇐ Low Variance

High ⇒ Variance

⇐ Low Correlati

on

High ⇒ Correlati

on

9

PowerVi

brat

ion

Timing

Soun

dHeatEM

Side Channel Attacks

Plaintext Ciphertext

Radiation

Crypto Device

KeyBad Inputs Errors

10

Theory of power analysis

Power consumption is variable Power consumption depends on

instruction Power consumption depends on

data

q

Power consumption

Vdd

GND

a q

A

P1C1

C2

N1

The power consumption of a CMOS gate depends on the data:

q: 0->0 virtually no power cons.q: 1->1 virtually no power cons.

q: 0->1 high power cons. (proportional to C2) q: 1->0 high power cons. (proportional to C1)

Power Consumption is Variable?

12

Power Consumption is Variable!

Source: DPA Book

13

Power Depends on Instruction

Source: DPA Book

14

Power Depends on Data

Source: DPA Book

15

Q&A (Fundamentals)

•AES•Circuit Design•Statistics

16

Correlation Power Analysis (CPA)

17

Correlation Power Analysis

Simple Power Analysis Warm-up Correlation Power Analysis Full Correlation Power Analysis

18

Power Analysis Attack Scenario

Plaintexts and ciphertexts may be chosen, known or unknown

Power

PlaintextsCiphertext

sCrypto Device

Key

19

Theory of power analysis

Power consumption is variable Power consumption depends on

instruction Power consumption depends on

data

20

Simple Power Analysis (SPA)

Pros: Small amount of traces

Cons: Detailed reverse engineering Long manual part

21

Differential Power Analysis (DPA)

Use statistical properties of traces to recover key

Pros: Very limited reverse engineering Harder to confuse

Cons: Large amount of traces

Two main types of DPA: Difference of means (traditional DPA) Correlation power analysis (CPA)

22

CPA Basics

We want to discover the correct key value (ck) and when it is used (ct)

Idea: On the correct time, the power

consumption of all traces is correlated with the correct key

On other times and other keys the traces should show low correlation

23

Warm-up CPA

Assume plaintext and correct key are known but correct time is unknown

Form hypothesis and test it Good hypothesis:

Depends on known plaintext Depends on small amount of key bits Non-linear – sensitive to small

changes Maps to power consumption using a

model

24

Warm-up CPA in Numbers

1000 traces, each consisting of 1 million points

Each trace uses a different known plaintext – 1000 plaintexts

1 known key Hypothesis is vector of 1000

hypothetical power values Output of warm-up CPA: vector of 1

million correlation values with peak at ct

25

Warm-up CPA in Pictures

26

Full CPA

Plaintext is known, but correct key and correct time unknown

Idea: run warm-up CPA many times in parallel

Create many competing hypotheses

27

Full CPA in Numbers

1000 traces, each consisting of 1 million points

Each trace uses a different known plaintext – 1000 plaintexts

Key is unknown – 256 guesses for first byte

Hypothesis is matrix of 1000X256 hypothetical power values

Output of full CPA: matrix of 1,000,000X256 correlation values with peak at (ck,ct)

28

Full CPA in Pictures

29

Q&A (CPA)

•Simple Power Analysis•Warm-up Correlation Power Analysis•Full Correlation Power Analysis