Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
attacks on AES
Kevin Meritt
Agenda
Side Channel Attacks
o Background
Background
Overview
SPA Simple Power Analysis
AES
DPA Differential Power Analysis
CPA Correlation Power Analysis
Extract
o Develop method of extracting the state of the relationship information
o Collection of measurements called traces can be made in a non-invasive
manner while a system performs a cryptographic operation
Evaluate
o Use extracted information to determine all or part of the secret key
information
10 rounds of AES-128
o
o
If the average depends on the selected bit, and the bit leaks, then a correlation
will be seen
Repeat for other 255 key byte guesses using same power
measurements
Power Models
Hamming weight model assumes amount of
power consumed is proportional to the number of
bits that are logic '1' during an operation
o the greater the number of bits that are set will result in a larger amount of
power consumed
For a series of n
measurements of X and Y,
Pearson correlation can be
estimated by the sample
correlation coefficient rxy
x-bar and y-bar sample
means of x and y
sx and sy sample standard
deviations of x and y
xi measured power samples
yi calculated power values
from Hamming distance
model
If a correlation occurs then
there will be a spike in the
graph for the correct key
byte value
If a correlation occurs then there will be a spike in the graph for the correct key byte
value
CPA Attack
References
[1] P. Kocher, J. Jaffe, and B. Jun, Differential power analysis,
proceedings of CRYPTO 99, Lecture Notes in Computer
Science, vol. 1666, Springer, pp. 388397, 1999.
[2] F.-X. Standaert, Introduction to Side-Channel Attacks, in
Secure Integrated Circuits and Systems, pp. 2744, Springer,
2009
[3] W. Hnath, J. Pettengill, Differential Power Analysis SideChannel Attacks in Cryptography, Major Qualifying Project,
Worcester Polytechnic Institute, April 2010
[4] S. Shah, R. Velegalati, J. Kaps, D. Hwang, Investigation of
DPA Resistance of Block RAMs in Cryptographic
Implementations on FPGAs, International Conference on
Reconfigurable Computing and FPGAs (ReConFig) 2010,
pp.274-279, Dec. 2010.
[5] National Institute of Standards and Technology (NIST) of U.S.
Department of Commerce, FIPS 197: Advanced Encryption
Standard, Nov. 2001.