..

Call for Papers

Download as   PDF | PS | TXT

Registration Form

Download as   PDF | DOC

Important Dates

Submission Deadline:2010/11/29
Author Notification:2011/01/05
Final Version Due:2011/01/31
Workshop commences:2011/02/24

Follow COSADE 2011 on


Supported by:




Contact

Local Organisation
cosade2011{at}cased.de

Contributions 

1 Session I: New Methods and Modelling I
2 Session II: Electromagnetic Side Channel Analysis
3 Invited Talk by Çetin Kaya Koç
5 Session III: Power Analysis
6 Session IV: New Methods and Modeling II
7 Special Session: DPA Contest
8 Session V: Timing Attack I
9 Session VI: Algebraic Side Channel Attacks and Fault Analysis
11Invited Talk by François-Xavier Standaert
12Session VII: Timing Attacks II
13Session VIII: Cache Analysis

Download Proceedings as complete PDF (35 MB)

Session I: New Methods and Modelling

Talk #1: Univariate Side Channel Attacks and Leakage Modeling

Speaker
Julien Doget
Schedule
Date 2011/02/24
Start time 10:00 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Julien Doget1,2,3
Emmanuel Prouff1
Matthieu Rivain4
François-Xavier Standaert2

{j.doget, e.prouff}{at}oberthur.com
fstandae{at}uclouvain.be
matthieu.rivain{at}cryptoexperts.com

1 Oberthur Technologies, 71-73 rue des Hautes Patures, F-92 726 Nanterre, France
2 Universitat Catholique de Louvain-la-Neuve, UCL Crypto Group, B-1348 Louvain-la-Neuve, Belgium
3 Universitat Paris 8, Departement de Mathamatiques, 2, rue de la Liberte, F-93 526 Saint-Denis, France
4 CryptoExperts, Paris, France

Abstract:

Differential power analysis is a powerful cryptanalytic technique that exploits information leaking from physical implementations of cryptographic algorithms. During the two last decades numerous variations of the original principle have been published. In par- ticular, the univariate case, where a single instantaneous leakage is exploited, has attracted much research effort. In this paper, we argue that several univariate attacks among the most frequently used by the community are not only asymptotically equivalent, but can also be rewritten one in function of the other, only by changing the leakage model used by the adver- sary. In particular, we prove that most univariate attacks proposed in the literature can be expressed as correlation power analyses with different leakage models. This result emphasizes the major role plays by the model choice on the attack efficiency. In a second point of this paper we hence also discuss and evaluate side channel attacks that involve no leakage model but rely on some general assumptions about the leakage. Our experiments show that such attacks, named robust, are a valuable alternative to the univariate differential power analyses. They only loose bit of efficiency in case a perfect model is available to the adversary, and gain a lot in case such information is not available.

Talk #2: Quantifying the Quality of Side Channel Acquisitions

Speaker
Jean-Luc Danger
Schedule
Date 2011/02/24
Start time 10:25 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Sylvain Guilley1,2
Houssem Maghrebi1
Youssef Souissi1
Laurent Sauvage1,2
Jean-Luc Danger1,2

1 Telecom-ParisTech, Crypto Group, 37/39 rue Dareau,
7 5634 Paris Cedex 13, France.
2 Secure-IC S.A.S., 2 rue de la Chataigneraie,
35576 Cesson Sevigne, France.

Abstract:

This paper addresses the question of comparing side-channel acquisi- tion campaigns. The metric put forward is a signal-to-noise ratio (SNR), that we define formally. With respect to former notions of SNR, that are empirical, ours rely on a mathematical definition whose rationale arises from a leakage model. In addition to characterizing acquisition campaigns, this SNR also indicates the circuit's vulnerability, if some unprotected logic is implemented. We indeed show experimentally that the SNR gives hints about the number of measurements that are required to break a cryptographic implementation.

Talk #3: Side Channel Attack: an Approach based on Machine Learning

Speaker
Liran Lerman
Schedule
Date 2010/02/04
Start time 11:30 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Liran Lerman
Gianluca Bontempi
Olivier Markowitch

Departement d'informatique, Universitat Libre de Bruxelles, Boulevard du Triomphe, 1050 Brussels, Belgium

Abstract:

In cryptography, a side channel attack is any attack based on the analysis of measurements related to the physical implementa- tion of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learn- ing techniques, i.e. techniques able to extract information and patterns from large datasets. The use of statistical techniques for side channel at- tacks is not new. Techniques like Template Based DPA have shown their effectiveness in recent years. However these techniques rely on paramet- ric assumptions and are often limited to small dimensionality setting, which limits their range of application. This paper explores the use of machine learning techniques to relax such assumption and to deal with high dimensional feature vectors.
For this purpose, we first formalize the problem of studying the relation between power consumption and encryption key as a supervised learning task. Then we compare and assess several classifiers and dimensionality reduction techniques in a real experimental setting. Our promising re- sults regarding the 3DES encryption scheme confirms the importance of adopting machine learning approaches in cryptanalysis.

Session II: Electromagnetic Side Channel Analysis

Talk #4: Side Channel Analysis using Giant Magneto-Resistive (GMR) Sensors

Speaker
Edgar Mateos
Schedule
Date 2011/02/24
Start time 11:15 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Edgar Mateos
Catherine H. Gebotys

{emateoss, cgebotys}{at}uwaterloo.ca

Department of Electrical and Computer Engineering University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1

Abstract:

Giant magnetoresistors (GMR) are nanotechnology devices able to detect tiny magnetic fields. This paper proposes the use of these sensors to acquire electromagnetic (EM) signals and analyze them using correlation analysis in the time domain and frequency domain. The objective is to analyze the small electromagnetic emanations that the hardware implementation may unintentionally leak, and try to recover the secret keys used when the cryptographic computations are performed. This work compares the performance of a GMR probe with a common inductive loop EM probe. The results show the success of GMR sensors in retrieving the correct key in 8-bit systems even in a scenario where the inductive probe failed.

Talk #5: Learning from Electromagnetic Emanations - A Case Study for iMDPL

Speaker
Mario Kirschbaum
Schedule
Date 2011/02/24
Start time 11:40 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Mario Kirschbaum
Joern-Marc Schmidt

{Mario.Kirschbaum, Joern-Marc.Schmidt}{at}iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria

Abstract:

Efficient countermeasures against side-channel attacks are vital for security-related devices. This is because power-measurements can be carried out at relatively low costs by an adversary that has phys- ical access to the device. In a lot of applications, e.g. pay-TV, the ability of cloning a single device leads already to a significant problem (i.e. monetary loss) for the issuer of the device.
While the knowledge that a device leaks information is already impor- tant, a detailed image about the nature of the security hole would help the designer to improve the product. In this paper, we analyze the electromagnetic emanations of the secure logic style iMDPL. We measured the emanations by stepping with an EM probe over an ASIC prototype chip produced in a 180nm CMOS process technology. By means of data dependency images for each point in time during the computation we deeply investigate security related issues of iMDPL and show that certain data flows within a design can be traced with this technique.

 

Session III: Power Analysis

Talk #6: FPGA Implementations of the AES Masked Against Power Analysis Attacks

Speaker
Francesco Regazzoni
Schedule
Date 2011/02/24
Start time 02:00 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Francesco Regazzoni1,3
Yi Wang2
Francois-Xavier Standaert1

{francesco.regazzoni,fstandae}{at}uclouvain.be
yiwang{at}hnu.edu.cn
regazzoni{at}alari.ch

1UCL Crypto Group, Universite catholique de Louvain,
Louvain-la-Neuve, Belgium
2 Embedded System and Networking Laboratory, HuNan University, Changsha, China
3 ALaRI, University of Lugano, Lugano, Switzerland

Abstract:

Poweranalysis attacks are a serious treat for implementations of modern cryptographic algorithms. Masking is a particularly appealing countermea- sure against such attacks since it increases the security to a well quantifiable level and can be implemented without modifying the underlying technology. Its main drawback is the performance overhead it implies. For example, due to pro- hibitive memory costs, the straightforward application of masking to the AES algorithm, with precomputed tables, is hardly practical. In this paper, we exploit both the increased size of state-of-the-art reconfigurable hardware devices and previous optimization techniques to minimize the memory occupation of soft- ware S-boxes, in order to provide an efficient FPGA implementation of the AES algorithm, masked against side-channel attacks. We describe two high throughput architectures, based on 32-bit and 128-bit datapaths that are suitable for Xilinx Virtex-5 devices. In this way, we demonstrate the possibility to efficiently com- bine technological advances with algorithmic optimizations in this context.

Talk #7: Time Samples Correlation Attack

Speaker
Olivier Meynard
Schedule
Date 2011/02/24
Start time 02:25 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Olivier Meynard1,2
Sylvain Guilley1
Denis Ral2
Jean-Luc Danger1

{firstname.lastname}{at}telecom-paristech.fr
{firstname.lastname}{at}dga.defense.gouv.fr

1 Telecom-ParisTech, Crypto Group, 37/39 rue Dareau,
75 634 Paris Cedex 13, France.
2 DGA Information Superiority, Bruz, France.

Abstract:

Side Channel Attacks are considered nowadays as a se- rious threat against cryptographic implementation. Briefly, by analysing the power dissipation, the electromagnetic radiations or the operating times, an attacker can retrieve secrets computed by the cryptographic device. Secret data are correlated to these commensurable quantities. This kind of attack is most of the time based on advanced statistical methods, and we notice that these attacks can be considerably enhanced by a strategic choice of the points of interest (POIs), and by an efficient preprocessing of noisy measurements. In this article we analyse the efficiency of a set of tools used to select POI. Then, we propose a new attack by combining several timing samples in such a way a sample-adaptive model attack yields better key recovery success rates than a mono-model attack using only a combination of samples. We experiment this technique, by using SASEBO-G and measurements from the Dpacontest v2.

Talk #8: Software Implementation of Dual-Rail Representation

Speaker
Philippe Hoogvorst
Schedule
Date 2011/02/24
Start time 02:50 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Philippe Hoogvorst
Guillaume Duc
Jean-Luc Danger

{philippe.hoogvorst, guillaume.duc, danger}{at}telecom-paristech.fr

Telecom-ParisTech, Crypto Group, 37/39 rue Dareau,
75 634 PARIS Cedex 13, France.

Abstract:

Modern cryptographic algorithms are secure against crypt- analysis. However they are implemented on physical devices, which can leak information through side-channels, such as power consumption or electromagnetic radiation. Several approaches have been put forward to protect the implementations against this. The most widespread one is the side-channel information masking, which consists in randomizing the in- termediate variables. Another alternative consists in making the device's leaks independent of the data. This solution, called side-channel in- formation hiding, is well studied on hardware accelerators (smartcards or fpga). However, to the authors' knowledge, no article tackles the port- ing of this idea in software. This article explores this secure coding style and concludes that it is possible to compute with a data-independent activity in software.

Talk #9: When CPA and MIA go Hand in Hand

Speaker
Thanh-Ha Le
Schedule
Date 2011/02/24
Start time 03:15 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Shiqian Wang
Thanh-Ha Le
Mael Berthier

{shiqian.wang,thanh-ha.le, mael.berthier}{at}morpho.com

Morpho 18, Chausee Jules Cesar,
95520 Osny, France

Abstract:

Correlation Power Analysis (CPA) is very fast and effective faced with linearity between the power consumption leakage and the power consumption model. Nevertheless its efficiency degrades quickly when the linearity between the leakage and the model is not verified for certain S-boxes. Mutual Information Analysis (MIA) is supposed to cope better with non-linearity. Still we encounter some difficulties when we estimate the mutual information. In this paper, we propose three ap- proaches to enhance CPA and MIA for a given power consumption model (the Hamming weight model in our case). Two new attacking methods are suggested. We name them Extended Correlation Analysis (ECPA) and Combined Side-Channel Analysis (CSCA). They are not more com- plicated to practice than CPA or MIA. Experimental results show that they make considerable enhancements of CPA and MIA without much implementation or running time cost additions.

Session IV: New Methods and Modeling II

Talk #10: Least Squares Support Vector Machines For Side-Channel Analysis Attacks

Speaker
Gabriel Hospodar
Schedule
Date 2011/02/24
Start time 04:05 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Gabriel Hospodar
Elke De Mulder,
Benedikt Gierlichs,
Ingrid Verbauwhede
Joos Vandewalle

{firstname.lastname{at}esat.kuleuven.be}

Katholieke Universiteit Leuven,
ESAT-SCD-COSIC & IBBT Kasteelpark Arenberg 10,
B-3001, Leuven-Heverlee, Belgium

Abstract:

Electronic devices may undergo attacks going beyond traditional cryptanalysis. Side-channel analysis exploits in- formation leaking from physical implementations of crypto- graphic devices in order to discover cryptographic keys. This work examines how to apply the state-of-the-art learning al- gorithm Least Squares Support Vector Machine (LS-SVM) as an analyzer of power traces measured from a chip imple- menting the Advanced Encryption Standard (AES) in soft- ware. We investigated the impact of changing the LS-SVM hyperparameters on the accuracy of the classifiers. Analyses varying both the numbers of power traces and components were also performed, in addition to the application of prepro- cessing techniques. Comparisons to Template Attacks were performed. The results show that the LS-SVM hyperparame- ters directly impact the performance of the classification. In contrast, the number of power traces and components did not influence the results in the same proportion. This effect can be attributed to the usage of data sets with straightforward Hamming weight leakages. LS-SVM classifiers with linear kernels performed similarly to Template Attacks.

Talk #11: A New Method of Black Box Power Analysis and a Fast Algorithm for Optimal Key Search

Speaker
Markus Dichtl
Schedule
Date 2011/02/24
Start time 04:30 pm
Duration 00:25
Downloads & Links
Paper N/A
Slides N/A
Photos N/A

Authors:

Markus Dichtl

Siemens AG Corporate Research and Technologies
81730 München, Germany

Abstract:

This paper suggests a new method of power analysis, similarity power analysis, which overcomes the numerics and complexity problems of the template attacks. Similarity power analysis learns characteristics of the device to attack in a profiling phase and is then able to determine a secret key from a single power trace. Similarity power analysis is a black box attack; it does not make any assumptions on the algorithm attacked or its implementation. Since similarity power analysis usually gives wrong results for a small number of key bits, it is supplemented with a new fast algorithm for optimal key search, which enables an attacker to try the keys with the highest probability of success first. Both similarity power analysis and the fast optimal key search algorithm were experimentally tried on DES.

 

Special Session: DPA Contest

Special Session 1: DPA Contest v2 - Final Debriefing

Speaker
Guillaume Duc
Schedule
Date 2010/02/04
Start time 05:00 pm
Duration 00:30
Downloads & Links
Paper
Website
Photos

Authors:

Guillaume Duc

Departement Communications et Electronique
Telecom ParisTech (ENST), France

Abstract:

The DPA Contest v2 is organized by the VLSI research group from the COMELEC department of the Telecom ParisTech french University. Its is a continuation of the first version whose results were announced during the CHES09 conference.

The goal of this initiative is to make it possible for researchers to compare in an objective manner their different attack algorithms. As this was impossible yesterday, because traces made by different laboratories are too different (acquisition platform sensitivity, cryptographic algorithm implementation, board's noise...), the DPA contest is an initiative towards an international benchmarking reference. Also, we expect significant advances or even breakthroughs to be stimulated by this peer-reviewed contest.

 

Special Session 2: DPA Contest V3 and SASEBO-W for DPA Contest V4

Speaker
Naofumi Homma
Schedule
Date 2010/02/04
Start time 05:30 pm
Duration 00:30
Downloads & Links
Paper
Website
Photos

Authors:

Naofumi Homma

Graduate School of Information Sciences
AIST and Tohoku University, Japan

Abstract:

The DPA contest v3 is going to be started, where the target of attack is a real AES circuit on the SASEBO-GII board developed by AIST and Tohoku University. The main purpose of the third contest is to accumulate techniques and know-how for power and EM waveform acquisition, while the previous contests compare the attack algorithms.

The brand-new SASEBO-W board will soon be come up for the fourth contest, which has IC card R/W functionalities. Various hardware and software have also been developed to support side channel attack experiments on the SASEBO boards. We will get a quick overview of the SASEBO project.

 

Session V: Timing Attack I

Talk #12: An Efficient Mitigation Method for Timing Side Channels on the Web

Speaker
Sebastian Schinzel
Schedule
Date 2011/02/25
Start time 09:00 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Sebastian Schinzel

University of Mannheim
Laboratory for Dependable Distributed Systems
Mannheim, Germany

Abstract:

Research has shown that timing side channels exist in web applications [1, 3, 5]. An obvious, but problematic, mitigation for timing attacks is to delay the execution time to the worst case execution time, so that all requests have the same response time. On the upside, this prevents timing attacks as there are no differences in the response time any more. On the downside, this approach has a negative effect on performance, which may render the approach useless for many practical systems.
In this extended abstract, we propose a new strategy to prevent timing attacks in web applications with little impact on performance. Our approach offers a provable security gain that can be freely traded for a performance decrease. We compare our approach to other strategies using two characteristics: firstly the added cost for an attacker to perform a side channel attack, and secondly the performance impact on the system.

Talk #13: A Tool for Static Detection of Timing Channels in Java

Speaker
Alexander Lux
Schedule
Date 2011/02/25
Start time 09:25 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Alexander Lux
Artem Starostin

{lux,starostin}{at}mais.informatik.tu-darmstadt.de

Modeling and Analysis of Information Systems (MAIS) Computer Science Department
TU Darmstadt, Germany

Abstract:

A timing attack exploits the variance in the running time of a crypto-algorithm's implementation in order to infer confidential in- formation. Such a dependence between confidential information and the running time, called a timing channel, is often caused by branching of the control flow in the implementation's source code with branching con- ditions depending on the attacked secrets. We present the Side Channel Finder, a static analysis tool for detection of such timing channels in Java implementations of cryptographic algorithms.

Session VI: Algebraic Side Channel Attacks and Fault Analysis

Talk #14: Analysis of the Algebraic Side Channel Attack

Speaker
Christopher Goyet
Schedule
Date 2011/02/25
Start time 10:20 am
Duration 00:25
Downloads & Links
Paper N/A
Slides
Photos

Authors:

Christopher Goyet
Jean-Charles Faugre
Guenael Renault

Abstract:

n/a

Talk #15: Improved Differential Fault Analysis of Trivium

Speaker
Mohamed Saied Emam Mohamed
Schedule
Date 2011/02/25
Start time 10:45 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Mohamed Saied Emam Mohamed1
Stanislav Bulygin1,2
Johannes Buchmann1,2

{mohamed,buchmann}{at}cdc.informatik.tu-darmstadt.de
Stanislav.Bulygin{at}cased.de

1 TU Darmstadt, Darmstadt, Germany
2 Center for Advanced Security Research Darmstadt (CASED), Mornewegstrasse 32, Darmstadt, Germany

Abstract:

Combining different cryptanalytic methods to attack a cryptosystem became one of the hot topics in cryptanalysis. In particular, algebraic methods in side channel and differential fault analysis (DFA) attracted a lot of attention recently. In [13], Hojsk and Rudolf used DFA to recover the inner state of the stream cipher Trivium which leads to recovering the secret key. For this attack, they required 3.2 one-bit fault injections on average and 800 keystream bits. In this paper, we give an example of combining DFA attacks and algebraic attacks. We use alge- braic methods to improve the DFA of Trivium. Our improved DFA attack recovers the inner state of Trivium by using only 2 fault injections and only 420 keystream bits.

Talk #16: Message-aimed Side Channel and Fault Attacks against Public Key Cryptosystems with homomorphic Properties

Speaker
Falko Strenzke
Schedule
Date 2011/02/25
Start time 11:10 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Falko Strenzke

strenzke{at}flexsecure.de

1 FlexSecure GmbH,
Darmstadt, Germany

Cryptography and Computeralgebra, Department of Computer Science, Technische Universität Darmstadt, Germany

Abstract:

In this work, we introduce a new timing vulnerability in the decryp- tion operation of the McEliece cryptosystem. Furthermore, we review previously known side channel and fault attacks against the RSA and McEliece cryptosys- tems and analyze them with respect to their differences and similarities concern- ing the respective points of attack. We show that it is basically the homomorphic properties of these schemes that allow the special type of message-aimed attacks based on observing the decryption of manipulated versions of the respective ci- phertext and derive an according methodology for the analysis of such schemes with respect to these attacks. Consequently, we present new side channel attacks against other public key cryptosystems with homomorphic properties and point out certain aspects that are special to the countermeasures against this type of attack.

Talk #17: An On-Chip Glitchy-Clock Generator and its Application to Safe-Error Attack

Speaker
Sho Endo
Schedule
Date 2011/02/25
Start time 11:35 am
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Sho Endo1
Takeshi Sugawara1
Naofumi Homma1
Takafumi Aoki1
Akashi Satoh2

endo{at}aoki.ecei.tohoku.ac.jp

1 Graduate School of Information Sciences, Tohoku University 6-6-05, Aramaki Aza Aoba, Aoba-ku, Sendai-shi 980-8579, Japan
2
 National Institute of Advanced Industrial Science and Technology
Sotokanda, Chiyoda-ku, Tokyo, 101-0021 Japan

Abstract:

This paper presents a glitchy-clock generator integrated in FPGA for evaluating fault injection attacks and their countermeasures on cryptographic modules. The proposed generator employs the func- tional block of clock management widely included in modern FPGAs and outputs a clock signal including a glitchy-clock cycle timely. The shape and timing of the glitchy-clock cycle are controlled accurately by the parameter setting. We can implement the proposed generator on a single FPGA board without using any external equipment such as a pulse generator and a variable power supply. Such integration makes it easier to generate reproducible glitchy-clock signals that can be verified by third parties. In this paper, we examine the characteristics of the proposed gen- erator implemented on Side-channel Attack Standard Evaluation Board (SASEBO). The result shows that the glitches can be injected timely to any clock cycle in increments of about 0.17 ns. We also demonstrate its application to the safe-error attack against RSA processor.

Session VII: Timing Attacks II

Talk #18: Decryption Oracle Attacks against unauthenticated Encryption based on Tag-Length-Value Decoding

Speaker
Falko Strenzke
Schedule
Date 2011/02/25
Start time 02:00 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Falko Strenzke1,2

strenzke{at}flexsecure.de

1 FlexSecure GmbH, Germany
2 Cryptography and Computeralgebra, Department of Computer Science, Technische Universität Darmstadt, Germany

Abstract:

In this work we investigate the threats arising when using unauthenticated symmetric encryption. Specifically, we show how Tag-Length-Value deco- ding of the plaintexts can lead to side channel decryption oracles, which allow an attacker to decrypt large parts of a ciphertext encrypted in the CBC block cipher mode of operation. We give an example attack based on a timing side channel. We point out that the only protection against these types of attacks is given through the use of Authenticated Encryption. But we show that open source cryptographic libraries wrongly implement Authenticated Encryption, creating potential risks of decryption oracles in client applications.

Talk #19: Side-Channel Attacks on the McEliece and Niederreiter Public-Key Cryptosystems

Speaker
Simon Hoerder
Schedule
Date 2011/02/25
Start time 02:25 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Roberto M. Avanzi1,
Simon Hoerder1,2,
Dan Page2,
Michael Tunstall2

roberto.avanzi{at}ruhr-uni-bochum.de {hoerder,page,tunstall}{at}compsci.bristol.ac.uk

1 HGI and Faculty of Mathematics, Ruhr-University Bochum
2 Department of Computer Science, University of Bristol

Abstract:

Research within "post-quantum" cryptography has focused on development of schemes that resist quantum cryptanalysis. However, if such schemes are to be deployed, practical questions of efficiency and physical security should also be addressed; this is particularly impor- tant for embedded systems. To this end, we investigate issues relating to side-channel attack against the McEliece and Niederreiter public-key cryptosystems and novel countermeasures against such attack.

Session VIII: Cache Analysis

Talk #20: Cache Games - Bringing Access Based Cache Attacks on AES to Practice

Speaker
David Gullasch
Schedule
Date 2011/02/25
Start time 03:15 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Endre Bangerter1
David Gullasch1,2
Stephan Krenn1,3

{endre.bangerter,david.gullasch,stephan.krenn}{at}bfh.ch

1 Bern University of Applied Sciences
2 Dreamlab Technologies
3 University of Fribourg

Abstract:

Side channel attacks on cryptographic systems are attacks exploiting information gained from physical implementations rather than utilizing theoretical weaknesses of a scheme. In particular access-driven cache-attacks, where information about the locations of memory accesses performed by a victim process is exploited, play an important role.
In this paper we describe a new such attack against AES-128. It is prac- tically efficient, and only makes little requirements on the spy process and information about the encrypted plaintext. Further, it is the first attack on AES implementations using compressed tables. A key ingredient of independent interest is a denial of service attack on the scheduler of current Linux systems.

Talk #21: Error-Tolerance in Trace-Driven Cache Collision Attacks

Speaker
Jean-Francois Gallais
Schedule
Date 2011/02/25
Start time 03:40 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Jean-Fracois Gallais
Ilya Kizhvatov

{jean-francois.gallais, ilya.kizhvatov}{at}uni.lu

University of Luxembourg Faculty of Science,
Technology and Communication 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg

Abstract:

We present enhancements of the trace-driven cache collision attack against embed- ded AES implementations presented at WISA 2010. First, we improve the attack to reduce the remaining exhaustive search complexity from 232 to at most 10 AES encryptions. Second, we extend the tolerance to errors in cache event detection to the full attack and show that the attack is efficient even for the significant error probabilities. Finally, we show that previous univariate models for estimating attack complexity are not good, and present the multivariate model which is easy to simulate. Our attack is comparable to DPA in terms of complexity, while being of a different nature. We also show by further explorations on an ARM platform that cache events are distinguishable in practice.

Talk #22: Cache-Timing Attacks and Shared Contexts

Speaker
Billy Brumley
Schedule
Date 2011/02/25
Start time 04:05 pm
Duration 00:25
Downloads & Links
Paper
Slides
Photos

Authors:

Billy Bob Brumley
Nicola Tuveri

{bbrumley, ntuveri}{at}tcs.hut.fi

Aalto University School of Science and Technology
Finland

Abstract:

Cache-timing attacks recover algorithm state by exploiting the fact that the latency of retrieving data from memory is essentially governed by the availability of said data in the processor's cache. Effi- cient and effective countermeasures to these attacks are needed. A shared memory context is a mechanism for reusing dynamically allocated memory. Focusing on public key cryptography within OpenSSL and its implementation of shared contexts, this paper examines the ability of a shared context to aid in mitigation of cache-timing attacks. The results are pessimistic towards this approach.