Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Goal

VIEWS: 0 PAGES: 40

									   Electromagnetic Side Channel
   Attacks

             Christian Zenger


20.06.2011                        1
Agenda
•   Introduction
•   Side-Channel Analysis
•   Results
•   Conclusion




20.06.2011             Christian Zenger   2
 Implementation Attacks

                          Implementation Attacks


              Active                                Passive (Side-Channel Analysis)


Fault Injection     Reverse
                  Engineering                                Simple       Differential
                                  Timing
                                                              Power         Power
                                                             Analysis      Analysis


• Goal: Extract secret information
• Motivation: Independent of mathematical security
• Works for almost any chipher

 20.06.2011                      Christian Zenger                                        3
 Implementation Attacks

                          Implementation Attacks


              Active                                Passive (Side-Channel Analysis)


Fault Injection     Reverse
                  Engineering                                Simple       Differential
                                  Timing
                                                              Power         Power
                                                             Analysis      Analysis


                                                         Simple              Differential
                                                    Electro-Magnetic      Electro-Magnetic
                                                         Analysis              Analysis


 20.06.2011                      Christian Zenger                                        4
 History



• Tempest documents (1962)



• Paul C. Kocher (1996)




 20.06.2011               Christian Zenger   5
   Introduction




20.06.2011        Christian Zenger   6
 Comparing Power and EM
• Different measurement methods
    – Power (contact-based)
    – Electro-magnetic emanation (contactless)
• Different (embedded) target devices:
  µC, Smardcard, RFID-Tags, Smartphones, …
• Many parameters, e.g.,
    –   Physical (Position, resistor, frequencies…)
    –   Measurment (Sample rate, quatisation, antenna, …)
    –   Cryptho algorithm (DES, AES, RSA, …)
    –   Evaluation (Preprocessing, …)

 20.06.2011                   Christian Zenger              7
 Approach
• Target devices
    –   µC (PIC16F687)
                                         Unprotected
    –   Smartcard (Atmega163)
    –   Contactless RFID-Tag
                                         Protected
    –   Smartphone




 20.06.2011                     Christian Zenger       8
  Contact-based Devices:
  Overview of Experiments
  PIC16F687 (AES)                 ATmega163 (AES)                    Target Devices




Power           Near-Field EM       On-Surface EM                    Measurement          Parameters




None           Align      Frequency       Peak Extr.                 Preprocessing        Parameters




   Correlation Analysis         Simple Analysis




                Number of required traces                                        Evaluation
                       (metric)


  20.06.2011                                      Christian Zenger                                9
  Contactless Devices:
  Overview of Experiments
       RFID-Tag                    Smartphone                      Target Devices




       Near-Field EM          Far-Field EM                         Measurement          Parameters




None           Align      Frequency     Bandwidth                  Preprocessing        Parameters




   Correlation Analysis       Simple Analysis




                Number of required traces                                      Evaluation
                       (metric)


  20.06.2011                                    Christian Zenger                                10
                                   Measurement
Quelle: http://www.langer-emv.de




                                   20.06.2011    Christian Zenger   11
                                   Measurement
Quelle: http://www.langer-emv.de




                                   20.06.2011    Christian Zenger   12
                                   Measurement
Quelle: http://www.langer-emv.de




                                   20.06.2011    Christian Zenger   13
   Side-Channel Analysis




20.06.2011        Christian Zenger   14
Evulation: Attack Scenario
                       1.   Device performs cryptographic operation
      Cryptographic    2.   Measure side-channel signal
                       3.   Repeat (often)
             Device    4.   Evaluate




             Measure




                            Statistics


20.06.2011             Christian Zenger                               15
   Evaluation
 • Correlation Power Analysis

(Unknown) key                               (Processed)
                 Target device
                                              leakage
                                                            Correlation
Challenge                                                   Coefficient

                    Oracle                 Power model    +1 perfect positive correlation
Key hypothesis                                             0 unrelated inputs
                                                          -1 perfect negative correlation




   20.06.2011                    Christian Zenger                                16
 Evaluation
• Preprocessing
    – Reduce/remove noise
    – Improve Alignment in time




 20.06.2011                 Christian Zenger   17
 Evaluation
• Preprocessing
    – Reduce/remove noise
    – Improve Alignment in time
• Peak extraction: Focus on local extrema




 20.06.2011                 Christian Zenger   18
 Evaluation
• Preprocessing
    – Reduce/remove noise
    – Improve Alignment in time
• Peak extraction: Focus on local extrema
• Alignment by pattern matching




 20.06.2011                 Christian Zenger   19
 Evaluation
• Preprocessing
    – Reduce/remove noise
    – Improve Alignment in time
• Peak extraction: Focus on local extrema
• Alignment by pattern matching




 20.06.2011                 Christian Zenger   20
 Evaluation
• Preprocessing
    – Reduce/remove noise
    – Improve Alignment in time
• Peak extraction: Focus on local extrema
• Alignment by pattern matching
• Frequency domain: Ignore
  „phase noise“ (misalignment)




 20.06.2011                 Christian Zenger   21
   Power Analysis

             Side-Channel Analysis




20.06.2011          Christian Zenger   22
 Power Consumption
Signal: Voltage drop over resistor R         PIC




                                             Atmega




 20.06.2011               Christian Zenger         23
   EM Analysis

             Side-Channel Analysis




20.06.2011          Christian Zenger   24
 EM (Near-field)
Signal: EM emanation close to device         PIC




                                           Atmega




 20.06.2011             Christian Zenger      25
 EM (On-surface)
Signal: EM emanation on IC surface           PIC




                                           Atmega




 20.06.2011             Christian Zenger      26
 EM (RFID)
Signal: EM near-field (with RFID carrier)




    EM Probe
                                       Reader
                                       antenna
 20.06.2011               Christian Zenger       27
 EM (RFID)
• Strong RFID carrier (13.56 MHz)
• Goal: Dampen carrier /Amplify side-channel leakage
• Method: Analog Subtractor




 20.06.2011             Christian Zenger               28
 EM (RFID)
• Strong RFID carrier (13.56 MHz)
• Goal: Dampen carrier /Amplify side-channel leakage
• Method: Analog Subtractor




 20.06.2011             Christian Zenger               29
 EM (RFID)
• Strong RFID carrier (13.56 MHz)
• Goal: Dampen carrier /Amplify side-channel leakage
• Method: Analog Subtractor




 20.06.2011             Christian Zenger               30
 EM (RFID)
• Strong RFID carrier (13.56 MHz)
• Goal: Dampen carrier /Amplify side-channel leakage
• Method: Analog Subtractor




 20.06.2011             Christian Zenger               31
                                   EM (Smartphone)
                                  Signal: EM far-field
Quelle: http://www.dmp-gmbh.com




                                   20.06.2011            Christian Zenger   32
 EM (Smartphone)
• Strong carrier (528 MHz)
• Goal: Dampen carrier and other modulations /
  Filter and Amplify side-channel leakage
• Method: Analog/Digital Reciever




 20.06.2011             Christian Zenger         33
   Results




20.06.2011   Christian Zenger   34
DPA Attack Against 3DES Alg.




20.06.2011      Christian Zenger   35
 DPA Attack Against 3DES Alg.
• Correlation (1M measurements, S-box 1 – 8)




 20.06.2011             Christian Zenger       36
SPA Attack Against RSA Alg.




20.06.2011       Christian Zenger   37
   Conclusion




20.06.2011      Christian Zenger   38
 Conclusion
• Unprotected implementation
    – Vulnerable
    – Most measurement setups are simple
• Protected implementation
    – SCA difficult (not impossible)
    – RFID: Reader carrier is no protection
    – Other attacks (fault injection, …)
• Protection in mandatory
    – Use secure and certified hardware
    – Security audits (system design, software, hardware)
• Investments made once will pay off later!

 20.06.2011                   Christian Zenger              39
   Thanks!

  Questions?



20.06.2011     Christian Zenger   40

								
To top