2IF03 2IC95 Seminar Information Security Technology Topic 1 SIDECHANNEL ANALYSIS PowerPoint PPT Presentation

presentation player overlay
1 / 21
About This Presentation
Transcript and Presenter's Notes

Title: 2IF03 2IC95 Seminar Information Security Technology Topic 1 SIDECHANNEL ANALYSIS


1
2IF03 / 2IC95SeminarInformation Security
Technology Topic 1SIDE-CHANNELANALYSIS
2
Definition of cryptography
  • Cryptology divided into two areas
  • cryptography
  • design of (mathematical) schemes related to
    information security which resist cryptanalysis
  • e.g., encryption, digital signatures,
    zero-knowledge proofs
  • also, quantum cryptography (based on physics)
  • cryptanalysis
  • study of (mathematical) techniques for attempting
    to break cryptographic schemes, i.e., to make
    these schemes deviate from their intended
    behavior

3
Cryptographic attacks
  • Passive attacks
  • eavesdropping cryptanalysis
  • traffic analysis
  • Active attacks
  • masquerade
  • replay
  • modification of messages
  • denial of service
  • man-in-the-middle

even when everything is encrypted, knowing who is
communicating with whom can already be informative
e.g., chess grandmaster attack how an amateur
can increase his ELO-rating by playing against
two grandmasters at the same time (in
correspondence/internet chess)
4
Kerckhoffs' Principle
Auguste Kerckhoffs (1835-1903), Dutch linguist
and cryptographer
  • Formulated 6 principles of practical cipher
    design
  • The system should be, if not theoretically
    unbreakable, unbreakable in practice.
  • The design of a system should not require
    secrecy, and compromise of the system should not
    inconvenience the correspondents
  • The key should be rememberable without notes and
    should be easily changeable
  • The cryptograms should be transmittable by
    telegraph
  • The apparatus or documents should be portable and
    operable by a single person
  • The system should be easy, neither requiring
    knowledge of a long list of rules nor involving
    mental strain

5
Network/computer security vs. cryptography
  • Breach of security techniques for breaking the
    implementation of cryptographic schemes
  • try to get direct access to the secret key rather
    than breaking the cryptography
  • try to bypass the cryptography altogether
  • try to influence/break random number generation
  • e.g., viruses, Trojan horses, Denial of Service,
    buffer overflows, password sniffing, Tempest
    ("van Eck phreaking")
  • In between side-channel attacks such as Kochers
    Differential Power Analysis (usually for smart
    cards)

6
What can we observe?
Picture from presentation by Robert Sloan
7
Some side-channel attacks
  • Paul Kocher et al. introduced
  • Timing attacks (CRYPTO 96)
  • Differential Power analysis (CRYPTO 99)
  • Differential fault analysis (Eurocrypt 97)
  • induce a fault and see what happens
  • a.k.a. micro-wave attack
  • Sound of computer while computing RSA
  • Van Eck phreaking
  • eavesdropping on screen output displayed on a CRT
    or LCD monitor by measuring electromagnetic
    emissions
  • emissions from keyboard
  • .

8
Repeated square multiply
Modular exponentiation c ab mod n c 1 for
i k-1 downto 0 do c (c c) mod n if
bi 1 then c (c a) mod n return c

2310111
Timing measurements
Data-dependent execution path
Diagram from presentation by Marc Witteman
9
Easy remedy
Modular exponentiation with constant timing c
ab mod n c 1 for i k-1 downto 0 do c
(c c) mod n d (c a) mod n c bi d
(1-bi) c return c
  • Helps, if compiler is not optimizing too
    smartly!!
  • Performance penalty 2k instead of 1.5k modular
    multiplications

10
Attacks on block ciphers
  • Block by block operations
  • DES, AES blocks of 64, 128 bits, resp.
  • Encryption and decryption are similar
  • Feistel network (as in DES)
  • substitution/permutation network (as in AES)

k
k
c
m
Decryption
m
Encryption
Sender
Receiver
11
Feistel network
?
  • Main idea rounds
  • In each round use
  • (part of) key
  • substitution
  • permutation
  • Security becomes better by using more rounds

?
?
Diagram from book by Stallings
12
Key schedule, 56-bit key
Diagram from book by Stallings
13
DES S-Boxes
Diagram from book by Stallings
14
Attack focus on final XOR step
  • Ri Li-1 XOR F(Ri-1 , Ki)
  • Assume bitwise operation, for simplicity
  • Distinguish cases
  • if Li-1 0, then Ri F(Ri-1 , Ki) copy (no
    op)
  • if Li-1 1, then Ri 1 - F(Ri-1 , Ki)
    inversion
  • If inversion consumes more power than no op,
    then there will be a (slight) difference in power
    consumption!

15
More detailed
R16 L15 ? SBOX1(R15,K15)
Also known (ciphertext) R15 L16
Known (ciphertext C)
Guess this part
Unknown
L15 R16 ? SBOX1(R15,K15) D(C, K)
Selection bit, as a function of known ciphertext,
and guessed key
16
DPA Attack
  • Perform many measurements (gt1000)
  • with respect to the same secret key K
  • but with different input/output (ciphertexts Cj)
  • For each guess K of key K, split set of power
    traces into two sets
  • S0(K) set for which D(Cj, K)0
  • S1(K) set for which D(Cj, K)1
  • Take differential power trace
  • average trace over S0(K) ? average trace over
    S1(K)

17
  • Small search space! (26)
  • We dont need to know where exactly the
    selection bit is computed (could even be in
    multiple places gt multiple peaks)

18
Countermeasures
  • Example random masks
  • let W be a sensitive data value
  • let R be a random value (mask).
  • reorganize the computation such that only R and W
    ? R are used
  • But how to do this?
  • Helps against first-order DPA
  • Fails against second-order DPA

19
Some projects at TU/e
  • Final projects in Mathematics for Industry
    programme at TU/e (mostly with TNO)
  • Dacina Deac (1999-2000), Lejla Batina (2001),
    Lucy van der Logt (2003), Eva van Niekerk (2005),
    Bart Kirkels (2006), Lina Sun (2007)
  • Pinpas JC project (2001-2003, 2005-2008)
  • Jerry den Hartog, Jan Verschuren, Erik de Vink,
    Wouter Wiersma, Jing Pan, Jiqiang Lu

20
Seminar Topics
  • Models and approaches for DPA(PhD thesis by
    Messerges)
  • Boolean and arithmetic masking (cf. Coron
    Goubin)
  • Software simulation of Power Analysis attacks
    (cf. PINPAS project)
  • Higher-order Differential Power Analysis
    (Joye-Paillier-Schoenmakers, CHES 2005)
  • Non-power side channels
  • timing, sound, radiation
  • Differential Fault Analysis (on DES, AES, ECC,
    RSA)
  • Hardware attacks on Trusted Computing Bases
  • Tamper-resistance/responsiveness/evidence

21
Some information sources
  • www.wikipedia.org
  • Proceedings of CARDIS and of CHES (fulltext
    available via Springer LINK)
  • scholar.google.com, citeseer.ist.psu.edu
  • DBLP dblp.uni-trier.de
  • www.sciencedirect.com
  • The Side Channel Cryptanalysis Loungehttp//www.c
    rypto.ruhr-uni-bochum.de/en_sclounge.html
  • And, of course, your library at RU, TU/e, UT
  • You are required to perform a thorough literature
    search yourself, to propose one, or a few, papers
    to work on.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "2IF03 2IC95 Seminar Information Security Technology Topic 1 SIDECHANNEL ANALYSIS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!