|Thesis title:||Developments in side channel attacks to digital cryptographic devices: differential power and fault analysis|
Due to the growing employment of computing platforms to manage, store and elaborate sensitive data, the issue of warranting confidentiality while these procedures are performed is now of prime interest. The employment of cryptography is the main means through which the aforementioned confidentiality is ensured, thus proper attention must be devoted to the study of reliable, practically implementable cryptosystems, together with the techniques required to embody them in physical devices. One of the great challenges of deploying a cryptographic algorithm on the field, is to take into account the possible attack channels which derive from its physical realization: in fact, despite the theoretical soundness of the standardized primitives, it is possible to breach the security provided by the most sound algorithms, in the case their implementation leaks information on a side channel, be it timing, power consumption or a malfunctioning of the computing circuit. The interest throughout the academical community is high, since the exposure of hardware and software platforms to side channel attacks has been considered very marginally, and the industrial interest is high as well, since current mobile devices are largely exposed to this kind of threats.
The so-called side channel attacks are usually split into two categories, active and passive, depending on whether the attacker needs to actively disturb the execution of the cryptographic primitive on the device (hence these attacks are also called fault attacks) or relies only on the observation of the leaked information without any physical intervention. The overall contents of this thesis is to overview the state of the art in the field of active and passive side channel attacks, and to propose some advancements in both directions. The final purpose is to give a better understanding of this quickly evolving research field, to fill some still rather unexplored areas, to exploit unemployed techniques and possibly to suggest viable countermeasures to defeat the attacks.
The first part of this thesis will present two practically feasible attack techniques on the two most widely adopted cryptographic primitives, the RSA asymmetric key cryptosystem and the AES symmetric key cryptosystem.
The new attack based on injecting faults during the the RSA encryption primitive, is able to successfully decrypt a message without any knowledge of the secret key whatsoever. The attacker only needs to obtain a faulty and a correct encryption of the same message and the plaintext can be recovered in a few minutes computation on a common desktop.
This thesis also presents a new attack technique able to practically recover the whole expanded key of any instance of the AES, regardless of the length of the key schedule, the number of rounds of the cipher and the key scheduling strategy employed to expand the original cipher key.
[Immagine aesdiff.pdf qui, Caption “The spread on a single fault caused by the AES cipher” ]
A key point to deem these fault attacks a realistic threat even when considering a possible attacker having access only to limited resources, is to develop a practical, non-invasive, non-tamper evident technique. This thesis presents the results of the research on the employment of a reduced power supply voltage in order to gracefully induce faults in a computing device. The results obtained show that it is possible to induce well controlled single bit faults in an ARM926 processor, regardless of the system on chip it is embedded in, provided accurate enough supply voltage control is available to the attacker.
In the case a completely passive attack is desired, it is possible to successfully infer the value of the secret key, stored in a non-extractable way, from the analysis of the power consumption of the cryptographic device that is employing it. This kind of analysis relies on correlating the power consumption during the execution of an operation of the algorithm under attack involving directly the secret key. Knowing the switching activity that will be triggered by a specific value of the key, it is possible to infer the actual value employed in the circuit through collecting a reasonable number of measurement from different runs of the algorithm, in order to compensate for the measurements variations.
The new contribution in this thesis is to determine that the correlated consumption, which is useful in order to lead the attack, is carried over a very narrow frequency band of the spectrum of the recorded consumption signal. This in turn has made possible to employ digital signal processing techniques aimed at suppressing a vast amount of measurement noise, thus leading to a tenfold reduction in the number of measurements needed to perform a successful attack against a $3$2-bit CPU running a software implementation of AES, a scenario widely recognised as difficult to attack.
[immagine map.pdf , Caption : ”Map of the intensity of the EM emissions of a chip while computing the AES cipher. Clearer zones show where the emissions are stronger.”]
The effectiveness of side channel attacks is better justified if they are compared to mathematical cryptanalytic techniques. To the purpose of completing the evaluation of the strength and performance of the most commonly employed ciphers, this thesis also presents contributions in the field of efficient implementation of cryptoschemes for both common use and brute force attacks.
The protection of data at rest is one of the most common scenarios where high throughput and low cost cryptographic accelerators are desired. Through exploiting the properties of the IEEE P1619 standardized mode of operation for data encryption, it is possible to utilize common graphical accelerators in order to speed up the encryption of large quantities of data.
This thesis presents results regarding the obtained speedup in hard disk encryption using nVidia GT200 GPU cores, obtaining beneficial effects on the encryption throughput at a low cost.
It is also possible to exploit the large amount of computational power provided by GPUs to perform fast brute force attacks to weak ciphers. In this work it is presented a fast, bit-sliced implementation of the DES cipher, able to reach several millions of encryptions per second on a single graphic card, thus bringing a practical brute force attack to DES in the realm of practical feasibility, with only a small amount of commodity hardware.