Side Channel Attacks

(Sept-Oct 2015)

Dr. Dhiren Patel

1
 Cryptanalysis
• Two general approaches to attack a conventional encryption
scheme
– Brute-force attack
• attacker tries every possible key on a piece of
ciphertext (needs about half of the keys to get correct
plain text)
– Cryptanalytic attack
• rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the
plaintext or even some sample plaintext-ciphertext
pairs

2
 Brute-force Attack
• Trying every possible key until an intelligible translation of the
ciphertext into plaintext is obtained.

Number of Time required at 1 Time required at 106

Key size (bits)
alternative keys decryption/ms decryption/ms
32 232 = 4.3 x 109 231 ms = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 x 1016 255 ms = 1142 years 10.01 hours
= 5.4 x 1024
128 2128 = 3.4 x 1038 2127 ms 5.4 x 1018 years
years
= 5.9 x 1036
168 2168 = 3.7 x 1050 167
2 ms 5.9 x 1030 years
years
26 characters = 6.4 x 1012
26! = 4 x 1026 2x 1026 ms 6.4 x 106 years
(permutation) years 3
 Cryptanalytic attacks

Type of Attack Known to Cryptanalyst

Ciphertext only • Encryption algorithm
(toughest for the • Ciphertext
attacker)
Known Plaintext • Encryption algorithm
• Ciphertext
• One or more plaintext-ciphertext pairs formed with
the secret key
Chosen Plaintext • Encryption algorithm
• Ciphertext
• Plaintext message chosen by cryptanalyst, together
with its corresponding ciphertext generated with the
secret key
4
 Cryptanalytic attacks
Type of Attack Known to Cryptanalyst
Chosen Ciphertext • Encryption algorithm
• Ciphertext
• Purported ciphertext chosen by cryptanalyst,
together with its corresponding decrypted plaintext
generated with the secret key
Chosen Text • Encryption algorithm
• Ciphertext
• Purported ciphertext chosen by cryptanalyst,
together with its corresponding decrypted plaintext
generated with the secret key
• Plaintext message chosen by cryptanalyst, together
with its corresponding ciphertext generated with the
secret key
5
 Side Channel Attacks (Cryptanalysis)
• Black box model….

6
 Side Channel attacks
• If Alice wants to secure her home, she could buy high-quality
locks and install several of them on her door. However, a
clever burglar might simply unscrew the hinges, remove the
door and walk away with all of Alice's valuables with minimal
effort.
• This example of an indirect attack on household security
• There exists a parallel in the world of encryption that is quite
real.
• Such attacks are called side channel attacks and they have
been used to defeat some of the most popular encryption
techniques!!!

7
 Misc…
• In the 1980s, Soviet eavesdroppers were suspected to
plant bugs inside IBM electric typewriters to monitor the
electrical noise generated as the type ball rotated and pitched
to strike the paper; the characteristics of those signals could
determine which key was pressed.

8
 SCA
• Capability of desktop/laptop CPU
• (uncontrolled EMI/radiation)
• CRT – EMI (Electro magnetic interference)
• Acoustic Cryptanalysis - US embassy meetings
eavesdrop in Prag
• Traffic analysis - war zones - Military movement,
• Sniffing
• DoS – Jamming, cut cable, spill drinks, switch off….
• Power attacks
• Timing attacks

9
Side channel attacks

10
 Side Channel Attacks
• the underlying principle is that physical effects
caused by the operation of a cryptosystem (on
the side) can provide useful extra information
about secrets in the system

11
 Acoustic (Thermal-imaging)
• Power consumption of devices causes heating, which
is offset by cooling effects. Temperature changes
create thermally induced mechanical stress. This
stress can create low level acoustic (i.e. noise)
emissions from operating CPUs (about 10 kHz in
some cases)
• in some cases the CPU package, can be observed,
infrared images can also provide information about
the code being executed on the CPU, known as a
thermal-imaging attack
12
 Timing Attacks
• Timing attacks are a form of side channel attack where an
attacker gains information from the implementation of a
cryptosystem rather than from any inherent weakness in the
mathematical properties of the system.
• Such attacks involve statistical analysis of timing
measurements

13
 Timing attack
• Timing attacks are based on measuring how much time
various computations take to perform.
• By observing variations in how long it takes to perform
cryptographic operations, it can be possible to determine the
entire secret key

14
15
 Countermeasures
• multiplications take a constant amount of time, independent
of the size of the factors
• Montgomery algorithm
• Chinese Reminder Theorem
• Blinding

• a random delay can be added to deter timing attacks

16
 Power analysis
• by observing the power consumption of a hardware device such as CPU or
cryptographic circuit

• Power variations, observed during work of the embedded processor,

computing RSA signatures.
• The left (short) peak represents iteration without multiplication, and the
right represents iteration with multiplication.
• The low power pause between iterations has been artificially
implemented to make key decoding trivial.

17
 Counter measures
• (1) eliminate or reduce the release of such
information
• (2) eliminate the relationship between the
leaked information and the secret data, that
is, make the leaked information unrelated, or
rather uncorrelated, to the secret data,
typically through some form of randomization

18
 Countermeasures
(Side channel attacks)
• Hardware measures
• RISC/CISC /ASIC
• Instruction Set Design
• weak computing device (smart card)
• Low power CMOS – same logic voltage levels

• Special shielding
• JAM
• Random delay
• Instruction set design
• constant execution path

19
 Timing/Power Attacks
• using a constant execution path
• prevents operation-dependent power
differences

20
 Solution directives
• EMI - Protection – device characteristics, new
technologies
• IR – design, barriers
• Code book – management protocol, destroy,
synchronize, change
• Sniffing – protector, deception
• Anti DoS – Deception (dummy/misguiding
msgs)
21
 Solution Directives
• Fundamental thinking
• Logic level separation
• Principle of Pipelining
• Bubble, Hardware score boarding, NOP
• RISC philosophy (Orthogonal ISA)
• CISC - length of instruction, time for execution,
black box approach
• DFA – e.g.

22