Side Channel Attacks

Daniel Ferrer

Outline of presentation
Definitions. History. Types of attacks Paul Kocher attacks and tools China IDEAL Countermeasures Questions/answers

Definitions Basics
Cryptanalysis study of (mathematical) techniques for attempting to break cryptographic schemes or cryptosystems. Switching back and forth. Design a new system and then turn around and break it ! Attacks and counter measures.
Some people are born attackers !

Definitions Basics
A side-channel is any observable information emitted as a byproduct of the physical implementation of the cryptosystem. Joseph Bonneau.
First used 1995 by Paul Kocher against RSA. Information from on the side.

Side Channels
Side Channel (SC)

An undesirable way, which a cryptographic module exchanges some information.

Timing Power Electromagnetic Fault Sound Heat

side channel

Definitions Basics
A system of encrypting private communication. A cryptosystem designed to keep information private. Ideal system. Ideal has to live in the real world. In the real world, the actual cryptosystem has to work with cpu, memory, software, 22,236 miles (35,786 km) geosynchronous orbits of satellites.

Definitions Basics

Key
Plaintext

Cipher

Side Channels

Ciphertext

Definitions Basics
Implementation (real world) attacks: Active Attacks One distinguishes three kinds of Active Attacks: non-invasive Attacks semi-invasive Attacks (fault analysis) Skorobogatov and Anderson (open chip) invasive Attacks (broken parts on the floor)

Definitions Basics
Passive attacks. 1). side-channel attacks (morein this lecture) 2). logical attacks Example: Bleichenbacher attacks took advantage of flaws within the PKCS #1 function to gradually reveal the content of an RSA encrypted message. Doing this requires sending several million test ciphertexts to the decryption device (eg, SSL-equipped web server.)

Older History
1985 W. van Eck published emanations from computer monitors. TEMPEST storiesearlier standards. 1950-60s. Intercept of commercial satellite trunk, microwaves etcside channel rumors. As 2006, 99% of the world's longdistance voice and data traffic was carried over optical-fiber.

History side channel

Power Analysis Attack -Kocher(1998) Timing Attack-Kocher (1996) Fault Attack-Boneh (1996) EM Attack Kuhn (1998) Acoustic Attack Shamir (2004) Visible Light Attack- Kuhn (2002) Error Message Attack - Bleichenbacher. (1998) Frequency-based Attack Chin Chi Tiu (2005) hardware Scan-based Attack- Yang (2005) attack: test circuitry

Recent History
1995 Paul Kocher attacked RSA, DSS using time analysis. 1996 Differential Fault Analysis (E. Biham and A. Shamir. 1998 Paul Kocher Power Analysis 2000/2001 Electromagnetic emanation by J. Quisquater and D. Samyde, K. Gandolfi. 2002 Optical S. Shorobogatov and R. Anderson.

More history
DPA Statistical analysis (Messerges, 2002).
Dan Boneh, David Brumley demonstrate first remote timing attack against RSA in 2003.

Fiber Optic Attacks

"You can jump on the Internet right now and buy a
tap for about $900," says Andy Solterbeck, vice president and general manager of the data protection business unit at SafeNet, an encryption company that has been experimenting with hacking fiber optic cables. "We've done this in our labs. We've demonstrated this at Interop. We've shown people that this kind of threat exists."

Probing attack
Attack smart card with probing station ($10,000). Speed or slow down the chips clock. UV, light, Focused Ion Beam workstation, flips bits in memory. Microwave reported as personal communication. Fault Induction attackscreate a fault and see the results.

Fault Induction Attacks

Fault Induction attackscreate a fault and see the results: 1). Clock 2). Temperature 3). Radiations (microwave attack) 4). Light. Change a SRAM with photoflash. (Skorobogatov and Anderson) 5). Eddy currents magnetic fields. (Quisquater and Samyde)

Glitch attack

Differential fault analysis

Also called: Fault Induction Attacks. E. Biham, A. Shamir 1996. DES and Triple DES, about 200 single flipped bits are necessary to obtain a secret key. (R. Karri, 2002).

Differential Power Analysis

(Kocher, 1999). Biham-Shamir (1997) DPA=Electrical power used during the encryption process. 300 signals. Statistical analysis (Messerges, 2002).

Simple Power Analysis (SPA)

Kocher, Jaffe, Jun (1998) Simple: involves visually interpreting power traces, or graphs of electrical activity over time. Visual inspection of the power utilization. http://en.wikipedia.org/wiki/Power_analysis

Simple Power Analysis (SPA)

Attacks features: Double and add algorithm Hamming weight of key bytes General : large features Time seconds to collect information.

On-board with bypass

Power bypassed through this jumper

Simple Power Analysis (SPA)

Simple Power Analysis (SPA)

Differences of averages of 5 side channel samples: upper figure is for the same key while the lower is for two different keys

Power Attack: 0 and 1

Power Analysis

Correlation Power Analysis

Correlation Power Analysis (CPA) Chari, 1999.

Use a model built from the ideal to the real world working of the device.

Template Attack
Template Attack Chari, 2002. Profile device Build a database for example 3DES on Intel Core i7 920 Processor. 10 signals to break after building database.

Timing Attacks
Timing Attacks (TA) Kocher 1996

Computational time access to the cpu cycle information. Timing of other processes. http://en.wikipedia.org/wiki/Timing_attack

Repeated square & multiply

Diagram from presentation by Marc Witteman

Timing measurements Data-dependent execution path

0 0 0

Cache-timing attacks on AES

Cache-timing attacks on AES After building a database 160 minutes took one minute on a 850 MHz Pentium III to crack the AES Advanced Encryption Standard (Bernstein, 2005). N.B. Started a re-thinking !

AES new kid !

October 2, 2000, NIST announced that Rijndael had been selected as the proposed standard. On December 6, 2001, the Secretary of Commerce officially approved Federal Information Processing Standard (FIPS 197), which specifies that all sensitive, unclassified documents will use Rijndael as the Advanced Encryption Standard (AES).

AES
Advanced Encryption Standard (AES).

Spent 5 years to come up with this standard in 2001 to replace DES and 3DES; and it was broken by side channel attack. A timing attack against Rijndael by Francois Koeune and Jean-Jacques Quisquater was published as a technical report in June of 1999. Special case. D. Bernstein broke it hard !!! General case.

Access
Assumptions: The bad guys/ladies have access to computer. CPU, power, memory, network, fiber cable, etc.

Distance for networking devices 1000s of miles.

Questions ?
Open questions. More attacks will be described guess the areas? Listen closely, there will be plenty of time to think about counter measures. Some counter measures have to do with manufacturing chips. Who makes money on improving security?

Electromagnetic Radiation
Electromagnetic Radiation. Gandolf, 2001. In 1985, Wim van Eck published the first unclassified technical analysis of the security risks of emanations from computer monitors. Supposedly, first discovered in 1943 Bell Labs from a teletype machine. TEMPEST open literature in 1967.

Electromagnetic Radiation

Acoustic attacks
Soviet put microphones into IBM Selectric typewriters in the 1960s. The researchers were able to take several 10-minute sound recordings of users typing at a keyboard, feed the audio into a computer, and use an algorithm to recover up to 96 percent of the characters entered. Reported Berkeley, CA 2005.

Acoustic attacks

Acoustic attacks
12-minute recording with 2300 characters Over 90% hit rate. Three different kind of keyboards. Keyboard Acoustic Emanations Revisited by Zhuang, Zhou, and Tygar (CCS 2005)

Thermal Imaging Attack.

Infrared images can also provide information about the code being executed on the CPU, known as a thermal imaging attack. Maybe thermometers ?

Optical Fault Induction

Optical Fault Induction Attacks. Photoflash lamp (a Vivitar 550FD) Microcontroller PIC16F84 RSA signatures. Ultraviolet light. Or, laser light value fixed at one value. Sergei Skorobogatov, Ross Anderson

Light attack

Broken
AES: Cache-timing attacks on AES. D. Bernstein 800 operations and 65 milliseconds. Osvik, Shamir and Eran Tromer AES of WinZip. T. Kohno

Broken
Encryption protocols: 3DES IDEA RC4 RSA-CRT Chinese Remainder Theorem More.?

Visual Side Channel

Technique used in real world satellites. http://www.geoeye.com/CorpSite/gallery/Def ault.aspx
Technique used against computer systems used in other areas.

Plastic Bottle
[Backes et al.]

slide 47

Teapots
[Backes et al.]

From 5 meters

From 10 meters

slide 48

 Human Eyes Are Readable

[Backes et al.]

slide 49

Timing equipment

Paul Kocher

Paul Kocher: attacking

Published specifications Open literature Network & bus I/O, Timing Power consumption, Defective computations Error messages, Failure modes Disk/memory contents, Swap files Chip imaging, RNG seed data Backup / restore n Traffic analysis Illegal & questionable activities Dumpster diving Inside jobs Social engineering

Paul Kocher
Algorithm negotiation Version negotiation (backward + forward) Man-in-the-middle Message replay (within a session, multiple sessions) Message forwarding & impersonation E.g.: A connects to B, who connects to C pretending to be A. Certificate handling & validation (or lack thereof) Out -of-sequence messages Error handling reveals information Denial of service n Timing analysis Excessive complexity or lack of defined state machine Improper or inadequate use of hash functions Inefficiencies (round trips) Redundant informationn Management/debug functions (code upgrades, etc.)

Tools from Paul

Crypto toolkits (Crypto++, CryptoLib, etc.) Statistical toolkits (custom) Bignum libraries (NTL for Lattice Reduct.) Compiler, system analysis tools, debugger (SoftIce) Network traffic recorder (tcpdump) Attack checklists

Tools from Paul

Brute force / disaster recovery FPGA board / CPU farm Password dictionaries Hard drive imaging tools Password recovery tools/services (AccessData)

Tools from Paul

Tamper Resistance DPA workstation Oscilloscope X-ray Probe station, microscopes, e-beam, FIB

Cloud Computing
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. By Ristenpart others. August 2009. current state of the art, for unconditional security against cross-VM attacks one must resort to avoiding co-residence.

China. IDEA cipher.

Cryptography and Information Security (CIS) Lab http://cis.sjtu.edu.cn/index.php/Main_Page Xuejia Lai () He is co-inventor of the IDEA cipher. http://cis.sjtu.edu.cn/index.php/Xuejia_Lai

Next step?
Professional penetration testing : creating and operating a formal hacking lab. Author Wilhelm, Thomas. ISBN-13 9781597494250 ISBN-10 1597494259 528 pages Publisher: Syngress; Pap/Cdr edition (August 28, 2009)

Concrete Countermeasures
Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. YongBin Zhou, DengGuo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China {zyb,feng}@is.iscas.ac.cn Section: 5.2 Concrete Countermeasures

Countermeasures
Countermeasures against each attack? Or, can we come up with a global answer to a group of attacks or is even possible to counter-all of the side channel attacks?

Side channel attacks are aimed a very specific areas of implementation of encryption -- good or bad news for us?

Questions
Thank you. Questions?