10.3 Side-Channel Attacks

Printer-friendly version PDF version

Date: Thursday 30 March 2017
Time: 11:00 - 12:30
Location / Room: 2BC

Chair:
Oscar Reparaz, Katholieke Universiteit Leuven, BE

Co-Chair:
Wieland Fischer, Infineon Technologies, DE

This session introduces new side-channel attacks techniques against cryptographic primitives, namely leakage resilient protocols and storage encryption based on AES. Also a power measurement setup specifically targeting static power consumption is presented and evaluated from the side-channel attack viewpoint.

TimeLabelPresentation Title
Authors
11:0010.3.1SIDE-CHANNEL PLAINTEXT-RECOVERY ATTACKS ON LEAKAGE-RESILIENT ENCRYPTION
Speaker:
Thomas Unterluggauer, Graz University of Technology, AT
Authors:
Thomas Unterluggauer, Mario Werner and Stefan Mangard, Graz University of Technology, AT
Abstract
Differential power analysis (DPA) is a powerful tool to extract the key of a cryptographic implementation from observing its power consumption during the en-/decryption of many different inputs. Therefore, cryptographic schemes based on frequent re-keying such as leakage-resilient encryption aim to inherently prevent DPA on the secret key by limiting the amount of data being processed under one key. However, the original asset of encryption, namely the plaintext, is disregarded. This paper builds on this observation and shows that the re-keying countermeasure does not only protect the secret key, but also induces another DPA vulnerability that allows for plaintext recovery. Namely, the frequent re-keying in leakage-resilient streaming modes causes constant plaintexts to be attackable through first-order DPA. Similarly, constant plaintexts can be revealed from re-keyed block ciphers using templates in a second-order DPA. Such plaintext recovery is particularly critical whenever long-term key material is encrypted and thus leaked. Besides leakage-resilient encryption, the presented attacks are also relevant for a wide range of other applications in practice that implicitly use re-keying, such as multi-party communication and memory encryption with random initialization for the key. Practical evaluations on both an FPGA and a microcontroller support the feasibility of the attacks and thus suggest the use of cryptographic implementations protected by mechanisms like masking in scenarios that require data encryption with multiple keys.

Download Paper (PDF; Only available from the DATE venue WiFi)
11:3010.3.2(Best Paper Award Candidate)
STATIC POWER SIDE-CHANNEL ANALYSIS OF A THRESHOLD IMPLEMENTATION PROTOTYPE CHIP
Speaker:
Thorben Moos, Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, DE
Authors:
Thorben Moos1, Amir Moradi2 and Bastian Richter1
1Ruhr-Universität Bochum, DE; 2Ruhr University Bochum, DE
Abstract
The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.

Download Paper (PDF; Only available from the DATE venue WiFi)
12:0010.3.3SIDE-CHANNEL POWER ANALYSIS OF XTS-AES
Speaker:
Chao Luo, Northeastern Univeristy, CN
Authors:
Chao Luo, Yunsi Fei and A. Adam Ding, Northeastern University, US
Abstract
XTS-AES is an advanced mode of AES for data protection of sector-based devices. Compared to other AES modes, it features two secret keys instead of one, and an additional tweak for each data block. These characteristics make the mode resistant against cryptoanalysis attacks, and also make side-channel attacks on it more challenging. In this paper, we propose two attack methods on XTS-AES overcoming these challenges. In the first attack, we analyze side-channel leakage of the particular modular multiplication in XTS-AES mode. In the second one, we utilize the relationship between two consecutive block tweaks and propose a method to work around the masking of ciphertext by the tweak. These attacks are verified on an FPGA implementation of XTS-AES. The results show that XTS-AES is susceptible to side-channel power analysis attacks, and therefore dedicated protections are required for security of XTS-AES in storage devices.

Download Paper (PDF; Only available from the DATE venue WiFi)
12:30IP5-1, 702FORMAL MODEL FOR SYSTEM-LEVEL POWER MANAGEMENT DESIGN
Speaker:
Mirela Simonovic, Aggios, RS
Authors:
Mirela Simonovic1, Vojin Zivojnovic2 and Lazar Saranovac3
1University of Belgrade, RS; 2AGGIOS Inc., US; 3University of Belgrade, School of Electrical Engineering, RS
Abstract
In this paper we present a new formal model, called p-FSM, for system-level power management design. The p-FSM is a modular, compositional, hierarchical, and unified model for hardware and software components. The model encapsulates power management control mechanisms, operating states and properties of a component that affect power, energy and thermal aspects of the system. Inter-component dependencies are modeled through a component-based interface. By connecting multiple p-FSMs we gradually compose the model of the whole system which ensures correct-by-construction system-level control sequencing. The model can also be used to formally verify the functional correctness of the power management design.

Download Paper (PDF; Only available from the DATE venue WiFi)
12:30End of session
Lunch Break in Garden Foyer

Keynote Lecture session 11.0 in "Garden Foyer" 1320 - 1350

Lunch Break in the Garden Foyer
On all conference days (Tuesday to Thursday), a buffet lunch will be offered in the Garden Foyer, in front of the session rooms. Kindly note that this is restricted to conference delegates possessing a lunch voucher only. When entering the lunch break area, delegates will be asked to present the corresponding lunch voucher of the day. Once the lunch area is being left, re-entrance is not allowed for the respective lunch.