tech talks @nsu: side channel attacks
TRANSCRIPT
![Page 1: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/1.jpg)
Side channel attacksÀòàêè ïî ñòîðîííèì êàíàëàì íà êðèïòîñèñòåìû
Íèêèòà Ñåðãååâè÷ Âåùèêîâ
Îêòÿáðü 2014
![Page 2: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/2.jpg)
Ââåäåíèå
2 / 51
![Page 3: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/3.jpg)
Êòî çäåñü?
Êàðòèíêè [Wikipedia, ULB, QualSec, SideChannelPerspective, Family Guy, freedigitalphotos.net]
1 / 51
![Page 4: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/4.jpg)
Î ÷åì ïîéäåò ðå÷ü?
2 / 51
![Page 5: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/5.jpg)
Âñïîìíèòü âñ¼
3 / 51
![Page 6: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/6.jpg)
Âñïîìíèòü âñ¼
4 / 51
![Page 7: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/7.jpg)
Îò êóäà áåðóòñÿ ñòîðîííèå êàíàëû?
5 / 51
![Page 8: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/8.jpg)
Îò êóäà áåðóòñÿ ñòîðîííèå êàíàëû?
6 / 51
![Page 9: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/9.jpg)
Âèäû àòàê è ñáîð èíôîðìàöèè
7 / 51
![Page 10: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/10.jpg)
Âèäû àòàê
8 / 51
![Page 12: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/12.jpg)
À ÷òî ýòî âû òóò äåëàåòå?
[Lerman+2013]
10 / 51
![Page 13: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/13.jpg)
À åñëè åãî âåíèêîì?
[Hutter2014]11 / 51
![Page 14: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/14.jpg)
À åñëè åãî âåíèêîì?
[Hutter2014]
12 / 51
![Page 15: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/15.jpg)
×òî òàì ñïðÿòàíî âíóòðè?
[Hutter2014] 13 / 51
![Page 16: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/16.jpg)
×òî òàì ñïðÿòàíî âíóòðè?
[Batina2014]
14 / 51
![Page 17: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/17.jpg)
Âàðâàðñòâî â âûñøåé ñòåïåíè
[Hutter2014]
15 / 51
![Page 18: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/18.jpg)
Âàðâàðñòâî â âûñøåé ñòåïåíè
[Hutter2014]
16 / 51
![Page 19: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/19.jpg)
Ïðèìåðû àòàê ïî ñòîðîííèì êàíàëàì
17 / 51
![Page 20: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/20.jpg)
Çâóê
18 / 51
![Page 21: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/21.jpg)
Àêóñòè÷åñêèé êðèïòîàíàëèç
[Genkin+2013] 19 / 51
![Page 22: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/22.jpg)
Ñïåêòðîãðàììà
[Genkin+2013]
20 / 51
![Page 23: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/23.jpg)
GPG - RSA
[Genkin+2013]
21 / 51
![Page 24: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/24.jpg)
Ñâåò
22 / 51
![Page 25: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/25.jpg)
Êàìåðà
[Kr�amer+2013]
23 / 51
![Page 26: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/26.jpg)
Êàðòà óñòðîéñòâà
[Kr�amer+2013]24 / 51
![Page 27: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/27.jpg)
Ðåãèñòðû
[Kr�amer+2013]25 / 51
![Page 28: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/28.jpg)
Ïàìÿòü
[Kr�amer+2013]
26 / 51
![Page 29: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/29.jpg)
Âðåìÿ
27 / 51
![Page 30: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/30.jpg)
RSA
Require: M, n, expEnsure: C = Mexp mod n
if expk−1 = 1 then
C = M
else
C = 1
for i = k − 2 downto 0 do
C = C 2 mod n
if expi = 1 then
C = C ×M mod n
[Kocher1996]
28 / 51
![Page 31: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/31.jpg)
OpenSSL
29 / 51
![Page 32: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/32.jpg)
OpenSSL
[Canvel+2002] 30 / 51
![Page 33: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/33.jpg)
Ýíåðãîïîòðåáëåíèå
31 / 51
![Page 34: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/34.jpg)
RSA - SPA
[Batina2013]
32 / 51
![Page 35: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/35.jpg)
RSA - SPA
[Batina2013]
33 / 51
![Page 36: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/36.jpg)
RSA - SPA
34 / 51
![Page 37: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/37.jpg)
RSA - SPA
[Kocher+1999]
35 / 51
![Page 38: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/38.jpg)
Ýòî ÷òî çà ïîêåìîí àëãîðèòì?
[Batina2014]
36 / 51
![Page 39: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/39.jpg)
AES - CPA
[Batina2014]
CPA idea
I Íàáîð (çàøèôðîâàííûõ / îòêðûòûõ) òåêñòîâ
I Íàáîð âðåìåííûõ ðÿäîâ (ñ îñöèëëîãðàôà)
correlation(Lf (Sbox(key [i ][j ]⊕msg [i ][j ])), Power)[Brier+2004]
37 / 51
![Page 40: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/40.jpg)
AES - CPA
[Batina2014]
CPA idea
I Íàáîð (çàøèôðîâàííûõ / îòêðûòûõ) òåêñòîâ
I Íàáîð âðåìåííûõ ðÿäîâ (ñ îñöèëëîãðàôà)
correlation(Lf (Sbox(key [i ][j ]⊕msg [i ][j ])), Power)[Brier+2004]
38 / 51
![Page 41: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/41.jpg)
CPA
[Batina2013]
39 / 51
![Page 42: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/42.jpg)
AES - CPA/DPA
[Batina2014]
40 / 51
![Page 43: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/43.jpg)
AES - CPA
0 50 100 150 200 250
0.00
0.05
0.10
0.15
Key byte value
abs(
corr
elat
ion)
●0x70
[DPALab]41 / 51
![Page 44: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/44.jpg)
AES - CPA áàéòû
[DPALab] 42 / 51
![Page 45: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/45.jpg)
AES - CPA êîëè÷åñòâî äàííûõ
[DPALab]43 / 51
![Page 46: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/46.jpg)
Ñïîñîáû çàùèòû
44 / 51
![Page 47: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/47.jpg)
×òî æå äåëàòü?
45 / 51
![Page 48: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/48.jpg)
Çàêëþ÷åíèå
46 / 51
![Page 49: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/49.jpg)
Çàêëþ÷åíèå
I Àòàêè ïî ñòîðîííèì êàíàëàì � ñåðü¼çíàÿ óãðîçà
I Íîâûå âèäû àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî
I Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþêðèïòîãðàôèþ1
1åñëè âû íå êðèïòîãðàô47 / 51
![Page 50: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/50.jpg)
Çàêëþ÷åíèå
I Àòàêè ïî ñòîðîííèì êàíàëàì � ñåðü¼çíàÿ óãðîçà
I Íîâûå âèäû àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî
I Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþêðèïòîãðàôèþ1
1åñëè âû íå êðèïòîãðàô48 / 51
![Page 51: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/51.jpg)
Çàêëþ÷åíèå
I Àòàêè ïî ñòîðîííèì êàíàëàì � ñåðü¼çíàÿ óãðîçà
I Íîâûå âèäû àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî
I Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþêðèïòîãðàôèþ1
1åñëè âû íå êðèïòîãðàô49 / 51
![Page 52: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/52.jpg)
Ñïèñîê ëèòåðàòóðû
S.Mangard et al., Power Analysis Attacks, 2007
P.C.Kocher, Timing Attacks on Implementations of Di�e-Hellman, RSA, DSS,and Other Systems, 1996
P.Kocher et al., Di�erential Power Analysis, 1999
B.Canvel et al., Password Interception in a SSL/TLS Channel, 2002
E.Brier et al., Correlation power analysis with a leakage model, 2004
D.Genkin et al., RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis,2013
J.Kr�amer et al., Di�erential Photonic Emission Analysis, 2013
L.Lerman, et al., Semi-Supervised Template Attack, 2013
L.Batina, Introduciton to implementation attacks (pres. Albena, 2013 & Sibenik,2014)
M.Hutter, Fault Attacks and Countermeasures (pres. Sibenik, 2014)
50 / 51
![Page 53: Tech Talks @NSU: Side Channel Attacks](https://reader031.vdocuments.net/reader031/viewer/2022030314/5885bcb41a28ab6f168b5e9f/html5/thumbnails/53.jpg)
I Âîïðîñû?
I Êîììåíòàðèè?
I Ñìèðèòåëüíûå ðóáàøêè?
http://sidechannelperspective.com
http://qualsec.ulb.ac.be/
http://ulb.ac.be/di/dpalab/ [email protected]
51 / 51