SLIDE 1
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 1
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 2
A Formal Study of Power Variability Issues and Side-Channel Attacks - - PowerPoint PPT Presentation
A Formal Study of Power Variability Issues and Side-Channel Attacks - - PowerPoint PPT Presentation
A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices Mathieu Renauld, Fran cois-Xavier Standaert, Nicolas Veyrat-Charvillon, Dina Kamel, Denis Flandre. May 2011 UCL Crypto Group Cryptopuces - May 2011
SLIDE 2
SLIDE 3
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 3
Outline
Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion
SLIDE 4
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 4
Electronic devices are everywhere... And may contain sensitive data. RFID tags Smartcards Sensor networks
SLIDE 5
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 5
Introduction
Cryptographic algorithm P C K Adversary Classical cryptanalysis
SLIDE 6
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 5
Introduction
Cryptographic algorithm P C K Adversary Implementation Physical leakage Side-Channel cryptanalysis
SLIDE 7
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 6
Block ciphers
SLIDE 8
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 7
Example of attacks
Numerous side-channel attacks.
◮ Non-profiled attacks: DPA, CPA, ... ◮ Profiled attacks: template attacks, stochastic models, ...
Divide-and-conquer strategy.
⊕
S P k x y
L
SLIDE 9
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 8
Example of attack : template attack
Univariate template attack.
- 1. Profiling phase.
◮ Measurements on a training device. The attacker
determines the plaintexts and keys.
◮ Assumption: Gaussian noise. ◮ Building templates N(l|ˆ
µx, ˆ σ2
x) (= pdf).
ˆ µx ˆ σx
SLIDE 10
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 9
Example of attack : template attack
- 2. Attack phase.
◮ Measurements on the target device ⇒ {pi, li}. ◮ Compute Pr[k∗|l, p] ∀k∗.
l1 l2
◮ Choose ˜
k such that ˜ k = arg max
k∗
Pr[k∗|l, p].
SLIDE 11
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 10
Outline
Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion
SLIDE 12
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 11
Motivation
General trend in electronics: scaling down the circuit size.
◮ Logic styles are more difficult to balance ◮ Non-linearity increases ◮ Variability
SLIDE 13
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 12
Motivation
Classical assumption: Chip production unit
SLIDE 14
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 12
Motivation
Classical assumption: Chip production unit Adversary User Attack!
SLIDE 15
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 12
Motivation
With variability: Chip production unit Adversary User ???
SLIDE 16
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 13
Background: framework
How do we fairly evaluate the security of an implementation? Example: Adversary A breaks implementation I1 in 10 power traces and breaks implementation I2 in 10.000 power traces. Is I2 1000 times more secure than I1, or is A not adapted to break I2?
SLIDE 17
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 14
Background: framework
F.-X. Standaert, T.G. Malkin and M. Yung presented A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks at Eurocrypt 2009. Concept: separating the evaluation of the implementation from the evaluation of the adversary.
◮ Implementation → information theoretic metric (MI). ◮ Adversary → security metric (succes rate according to the
number of traces).
SLIDE 18
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 15
Background: framework
Information theoretic metric MI(X; L): how much the uncertainty on X is reduced by knowing L.
MI(X; L) = H[X] − H[X|L] = H[X] −
- l∈L
Pr[l]
- x∈X
Pr[x|l] log2 Pr[x|l] = H[X] −
- l∈L
- x∈X
Pr[l]Pr[x|l] log2 Pr[x|l] Bayes: Pr[x|l]Pr[l] = Pr[l|x]Pr[x] = H[X] −
- l∈L
- x∈X
Pr[x]Pr[l|x] log2 Pr[x|l] = H[X] −
- x∈X
Pr[x]
- l∈L
Pr[l|x] log2 Pr[x|l]
SLIDE 19
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 16
Perceived information
MI(X; L) = H[X] −
- x∈X
Pr[x]
- l∈L
Prchip[l|x] log2 ˆ Prmodel[x|l] Interpretation:
◮ Prchip[l|x] are the pdf from the actual chip. ◮
ˆ Prmodel[x|l] are the estimated pdf from the adversary’s model. Are those pdf the same?
SLIDE 20
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 17
Perceived information - AES Sbox in 65 nm
ˆ Prmodel = Prchip MI(X; L) = H[X] −
x∈X Pr[x] l∈L Prchip[l|x] log2 ˆ
Prmodel[x|l] Perfect profiling phase Mutual information = IT metric.
SLIDE 21
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 17
Perceived information - AES Sbox in 65 nm
ˆ Prmodel = Prchip MI(X; L) = H[X] −
x∈X Pr[x] l∈L Prchip[l|x] log2 ˆ
Prmodel[x|l] Variability Bounded profiling phase Simpler model PI Perceived information = informal measure.
SLIDE 22
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 18
Templates in presence of variability
In 65nm: impossible to produce 2 exactly identical chips. → profiling on a different chip. µchip 1,x σchip 1,x σchip 2,x µchip 2,x
SLIDE 23
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 18
Templates in presence of variability
In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. µchip 1,x σchip 1,x µchip 2,x µchip 3,x µchip 4,x µchip 5,x
SLIDE 24
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 18
Templates in presence of variability
In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. ˆ µmodel,x ˆ σmodel,x
SLIDE 25
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 18
Templates in presence of variability
In 65nm: impossible to produce 2 exactly identical chips. → profiling on several chips. ˆ µmodel,x
- ˆ
σ2
model,x + ˆ
σ2
noise,x
SLIDE 26
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 19
Results
Perceived information
SLIDE 27
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 20
Results
Data complexity
SLIDE 28
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 21
Model soundness
Model soundness: the asymptotic success rate of a Bayesian adversary exploiting it in order to recover a target value is 1. Here: target value = transition. ˆ Hs,s∗ = −
- l∈L
ˆ Prchip[l|s] log2 ˆ Prmodel[s∗|l], = ˆ h1,1 ˆ h1,2 ... ˆ h1,|S| ˆ h2,2 ˆ h2,2 ... ˆ h2,|S| ... ... ... ... ˆ h|S|,1 ˆ h|S|,2 ... ˆ h|S|,|S| ,
SLIDE 29
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 22
Model soundness
SLIDE 30
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 23
Results
Success rate for non-profiled attacks
SLIDE 31
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 24
Outline
Introduction Scaling trends - variability Motivation Framework - MI Perceived Information Template + variability Results Conclusion
SLIDE 32
UCL Crypto Group
Microelectronics Laboratory
Cryptopuces - May 2011 25
Conclusions
◮ Important to take variability into account. ◮ Perceived information is a useful informal metric when
the adversary is not optimal.
◮ HW leakage model is not always relevant.