overview of the 2008-2009 ‘dpa contest’€¦ · official declaration of the 2008–2009 dpa...
Post on 27-Jun-2020
3 Views
Preview:
TRANSCRIPT
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Overview of the 2008-2009 ‘DPA contest’
Sylvain GUILLEY, Laurent SAUVAGE, Florent FLAMENT,Maxime NASSAR, Nidhal SELMANE, Jean-Luc DANGER,
Tarik GRABA, Yves MATHIEU & Renaud PACALET.< contact@DPAcontest.org>
Institut TELECOM / TELECOM-ParisTechCNRS – LTCI (UMR 5141)
SECURE
CHES’09, September 7th, 2009,Lausanne, Switzerland.
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
1/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Presentation Outline
1 DPA Contest: What is it?
2 Summary of the Worldwide InvolvementWeb AudienceParticipation Statistics
3 Best Attacks
4 Official Declaration of the 2008–2009 DPA contest Winner
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
2/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Presentation Outline
1 DPA Contest: What is it?
2 Summary of the Worldwide InvolvementWeb AudienceParticipation Statistics
3 Best Attacks
4 Official Declaration of the 2008–2009 DPA contest Winner
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
3/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
What is this http://www.DPAcontest.org/?
It is a key recover attack contest
80k+ side-channel measurements (traces) are freelyavailable worldwide from a PostGreSQL database.
They have been measured on a real circuit, but are somehowideal, hence suitable for academic studies:
Clock signal is stable.Traces synchronization is perfect.Power curves concern the DES crypto-processor alone.Measurement bandwidth is 5 GHz, and sampling rate is20 Gsample/s.Vertical resolution is 12.0 effective bits.
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
4/24
RAM64(for AES)
4×
ROM2k
AES
CPU
DES2
(for DES)
DES1
RAM2563×
(for CPU)
SDES
RAM32k
Purpose Characterization and attack on the symmetric encryptionalgorithms DES (fips46-3) and AES (fips197)
Programmation C language, configuration via an RS232 or a USB port
Chip’s size 4.0 mm2, 2.0 million transistors
Power domains 5: pads (3.3 V), core + DES1 + DES2 + SDES (1.2 V)
Technology STMicroelectronics 130 nanometer low-leakage (high Vt)with 6 layers of metal process, founded at Crolles, FRANCE
Fabrication CMP run S12C5 1 (13/01/2005) with the help of ST/AST
More information online: http://cmp.imag.fr/aboutus/gallery/details.php?id_circ=63&y=2005.
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Motivation + Ethics
Advantages
Makes it possible for a laboratory w/o measurementfacilities to experiment security evaluation algorithms.
Allows a fair comparison of known attacks and tricks.
Stimulates the research for better power attacks.
Ethics
Such a contest on a commercial product would endanger allits users.
Thus only a public research group can safely share measuresfrom an home-made academic circuit.
Open source = danger?No = possibility to improve on top of others’ ideas!
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
6/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Example with the reference code
Demonstration of the contest simplicity:
> svn co https://svn.comelec.enst.fr/dpacontest/
> cd code/reference/
> python main.py
# Table: secmatv1_2006_04_0809
# Stability threshold: 100
# Iteration threshold: 1800
#
# Columns: Iteration Stability Subkey0 ... Subkey7
1
2
3
...
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
7/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Reference Attack: Difference-of-Means [P. Kocher, 1998]
-20
0
20
40
60
80
-8 0 8 16
Voltage [m
V]
Time [clock periods]
Average power trace
-0.5
0
0.5
1
1.5
2
2.5
3
-8 0 8 16V
oltage [m
V]
Time [clock periods]
Covariance result (zoomed)
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
8/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Rules
A valid attack shall:
Recover the correct key with a stability of additional 100traces usage.
Consist in source code, committed into an SVN repository.
The hall of fame is based on:
An eligibility that is verifiable on a peer-review basis.
Objective: use as few traces as possible.
The date of the commit, which must belong to:[Aug 12th 2008, Aug 30th 2009].
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
9/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Web AudienceParticipation Statistics
Presentation Outline
1 DPA Contest: What is it?
2 Summary of the Worldwide InvolvementWeb AudienceParticipation Statistics
3 Best Attacks
4 Official Declaration of the 2008–2009 DPA contest Winner
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
10/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Web AudienceParticipation Statistics
Two Kinds of Involvements
Internet
SVN(code)
SQL(curves)
Download Contribute&
Observers: download the tracesand/or the attack source code.
Key figure: 4,355 visits.
Players: upload attack source code.
Key figure: 44 submissions.
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
11/24
DPA Contest Map: 45 countries / territories
Riscure
GERMANY
Karlsruhe U.
NETHERLANDS
Toshiba
Tohoku U.
Mitsubishi
SOUTH KOREA
TELECOM ParisTech
LIRMM
3iL, Limoges U.
JAPAN
Korea U., CIST
FRANCE
BELGIUM
KUL
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Web AudienceParticipation Statistics
Hall of Fame Split in Four Categories
1 Order-independent: the attacks have been carried out onvarious significant sets of traces, ordered in a random way.
2 Chosen plaintext order: where the traces order is computedby an algorithm that is explicited in the attack source code.
3 Fixed order: that models an attack at known albeit notchosen plaintext or ciphertext. The order is either
that of the database without the SORT BY clause, orthat of the ZIP archive, orlexicographical (corresponding to acquisition order).
4 Custom order: left at the discretion of the attacker . . . ofcourse, an explanation of the sorting strategy is preferred.
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
14/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Web AudienceParticipation Statistics
Events for each category
0
500
1000
1500
2000
2500
Au
g 1
2th
08
Se
p 1
st
08
Oct
1st
08
No
v 1
st
08
De
c 1
st
08
Ja
n 1
st
09
Fe
b 1
st
09
Ma
r 1
st
09
Ap
r 1
st
09
Ma
y 1
st
09
Ju
n 1
st
09
Ju
l 1
st
09
Au
g 1
st
09
Se
p 1
st
09
0
20
40
60
80
100
120
140
160
180
200
220
240
260
Nu
mb
er
of
tra
ce
s t
o b
rea
k D
ES
SV
N r
evis
ion
fo
r th
e s
ub
mis
sio
n
SVN revision for the submission# traces to break DES (category 1)# traces to break DES (category 3)# traces to break DES (category 4)
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
15/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Web AudienceParticipation Statistics
Category # Attacks Best attack
#1 17 141.42 traces, by Christophe Clavierof 3iL & U. of Limoges, FRANCE.
#2 0 No submission /.
#3 17 120 traces, by Daisuke Suzuki & Mi-noru Saeki of Mitsubishi, JAPAN.
#4 10 107 traces, by Hideo Shimizu ofToshiba, JAPAN.
Total 44 −→ winner chosen as the best sub-
mission in category #1.
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
16/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Presentation Outline
1 DPA Contest: What is it?
2 Summary of the Worldwide InvolvementWeb AudienceParticipation Statistics
3 Best Attacks
4 Official Declaration of the 2008–2009 DPA contest Winner
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
17/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Campaign Characteristics
Unprotected and little noisy traces.
Excellent linear and temporally localized leakage.
Hence:
The dominant strategy has been model-based attacks:
Differential Power Analysis orCorrelation Power Analysis,
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
18/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Overview of the State-of-the-Art Advance [1/4]
New attacks are based on one or more of these techniques:
Pre-filtering the traces (window filters, or cropping):
Victor LOMNE from LIRMM was the first to attack the lastround and to select a good temporal window
Choice of which round to attack:
Daisuke SUZUKI from Mitsubishi dual round attack byBS-CPA
Number of key bits attacked simultaneously:
Eloi SANFELIX from Riscure attacked two sboxessimultaneously
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
19/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Overview of the State-of-the-Art Advance [2/4]
New attacks are based on one or more of these techniques:
Number of unknown bits making up the selection function:
Most attacks were multi-bit, and Daisuke SUZUKI proposedan improved power modelAntonio SOBREIRA from Universitat Karlsruhe performed aclassical CPA considering the left side of the message register
Statistical test to distinguish the correct guess fromerroneous ones:
Benedikt GIERLICHS from KUL implemented a t-test;Yongdae KIM from Tohoku University tested Pearson, Kendalland Spearman correlations
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
20/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Overview of the State-of-the-Art Advance [3/4]
New attacks are based on one or more of these techniques:
Taking advantage of the knowledge of the already brokensboxes to improve the correlation of hard to break sboxes:
Hideo SHIMIZU from Toshiba coined the Built-in determinedSub-key Correlation Power Analysis (BS-CPA), described inhttp://eprint.iacr.org/2009/161.
Cooperation between hypotheses:
Renaud PACALET from TELECOM ParisTech finds the bestkey candidates by optimization algorithm based on the theoryintroduced by Xiaofei Huang
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
21/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Overview of the State-of-the-Art Advance [4/4]
New attacks are based on one or more of these techniques:
On-line model estimation:
Christophe CLAVIER estimated on-line a multi-variate linearmodel
Stochastic model attack:
contributed by Yongdae KIM from Tohoku university
Multi-DPA:
Jung HAE-IL from Korea University combined multi-bit DPAof Thomas MESSERGES and Regis BEVAN
Combined attacks:
e.g. BS-CPA on 2-sboxes by Laurent SAUVAGE, fromTELECOM ParisTech
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
22/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
Presentation Outline
1 DPA Contest: What is it?
2 Summary of the Worldwide InvolvementWeb AudienceParticipation Statistics
3 Best Attacks
4 Official Declaration of the 2008–2009 DPA contest Winner
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
23/24
DPA Contest: What is it?Summary of the Worldwide Involvement
Best AttacksOfficial Declaration of the 2008–2009 DPA contest Winner
2008–2009 Winner Congratulations!
Winner identity
Name Prof. Christophe CLAVIERAffiliation #1 Institut d’Ingenierie Informatique de Limoges
(3iL), 42 rue Sainte Anne, 87 000 Limoges.Affiliation #2 Universite de Limoges – Laboratoire XLIM,
83 rue d’Isle, 87 000 Limoges, FRANCE.
Winning attack
Attack algorithm Maximum likelihood method with a bi-variate known model
Number of traces 141.42 traces as an average success rate,estimated with 100 attacks
SVN tag Revision 197, 2009 August 18th
Sylvain GUILLEY < sylvain.guilley@TELECOM-ParisTech.fr > Overview of the ‘DPA Contest’SECURE
24/24
top related