Constructive Side-Channel Analysis and Secure Design
Third International Workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012. Proceedings
Published on 23. April 2012
280 pages
978-3-642-29912-4 (ISBN)
Description
This book constitutes the refereed proceedings of the Third International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2012, held in Darmstadt, Germany, May 2012.
The 16 revised full papers presented together with two invited talks were carefully reviewed and selected from 49 submissions. The papers are organized in topical sections on practical side-channel analysis; secure design; side-channel attacks on RSA; fault attacks; side-channel attacks on ECC; different methods in side-channel analysis.
More details
Other editions
Additional editions
Werner Schindler | Sorin Huss
Constructive Side-Channel Analysis and Secure Design
Third International Workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012. Proceedings
Book
04/2012
Springer
€53.49
Shipment within 7-9 days
Content
- Title
- Preface
- Organisation
- Table of Contents
- Practical Side-Channel Analysis
- Exploiting the Difference of Side-Channel Leakages
- Introduction
- Related Work
- The Measurement of Side-Channel Leakages
- The Proposed Measurement Setup
- What Are the Advantages of the Proposed Setup?
- Applicability of the Setup
- Measurement Methodology
- Calibration of the Setup
- Scenario 1: Choosing a Constant Intermediate Value
- Scenario 2: Choosing Complementary Intermediate Values
- Using Templates
- The ISO/IEC 10373-6/7 Test Apparatus
- Practical Evaluation of the Proposed Setup
- Description of the Performed Attacks
- Results of Attacks
- Choosing a Constant Intermediate Value
- Choosing Complementary Intermediate Values
- Results of Attacks on Countermeasure-Enabled Devices
- Attacks on Randomization Countermeasures
- Attacks on Masking Countermeasures
- Conclusion
- References
- Attacking an AES-Enabled NFC Tag: Implications from Design to a Real-World Scenario
- Introduction
- Overview of the Analyzed Devices
- Measurement Setup
- Side-Channel Analysis Results
- Measurements with Disabled Countermeasures
- Measurements with Enabled Countermeasures
- Summary of the Results
- Conclusion
- References
- Invited Talk I
- 700+ Attacks Published on Smart Cards: The Need for a Systematic Counter Strategy
- Introduction
- Overview of Attacks
- Possible Strategies
- Certification and Risk Management
- Conclusion
- References
- Secure Design
- An Interleaved EPE-Immune PA-DPL Structure for Resisting Concentrated EM Side Channel Attacks on FPGA Implementation
- Introduction
- Related Work
- The Problem of Early Propagation Effect
- Previous Work Related with EPE Protection
- Interleaved Placement
- Proposal of Interleaved PA-DPL
- PA-DPL
- Routing Conflicts
- Timing Improvement
- Implementation
- Test Attacks and Timing Check
- Experimental Attacks
- Timing Verification
- Conclusion
- References
- An Architectural Countermeasure against Power Analysis Attacks for FSR-Based Stream Ciphers
- Introduction
- Related Work
- Preliminaries: Cipher Power Consumption and FSR Switching Activity
- Switching Activity Alteration Countermeasure
- Intuitive Idea
- Alteration Mechanism
- Power Traces Independence
- Hardware Implementation
- Experimental Results
- Security
- First-Order DPA Attack
- First-Order MIA Attack
- More Complex Attacks
- Invasive and Semi-invasive Attacks
- Random Mask Generator
- Conclusion
- References
- Conversion of Security Proofs from One Leakage Model to Another: A New Issue
- Introduction
- Context
- ODL Model vs. MTL Model
- Paper Organization
- Securing Block Cipher against 2O-SCA
- Attack of Algorithm 1 in the MTL Model
- Straightforward Implementation of Algorithm 1
- Description of the First-Order Attack When RA=Rcmp
- Description of the First-Order Attack When RA =Rcmp
- Study of a Straightforward Patch
- Transformation of Algorithm 1 into a MTL-Resistant Scheme
- Description of a Second-Order Attack
- Experimental Results
- Conclusion and Perspectives
- References
- Side-Channel Attacks on RSA
- Attacking Exponent Blinding in RSA without CRT
- Introduction
- A Statistical Model
- The Attack
- Step 1: Find a List of Likely Candidates for the Blinding Factor
- Step 2: Use Redundancy in the Key to Find the Correct Blinding Factor
- Step 3: Find the Secret Exponent
- Discussion
- Conclusion
- References
- A New Scan Attack on RSA in Presence of Industrial Countermeasures
- Introduction
- Previous Work
- Principles of the RSA Attack
- RSA
- Target RSA Hardware Implementation
- Assumptions of Scan Attacks
- Attack Basics: The Differential Mode
- Description of the Attack
- Practical Aspects of the Attack
- Leakage Analysis
- Timing Aspects
- Attack Tool
- Experimental Results
- In Presence of DfT Methods
- In Presence of Proposed Countermeasures
- Comparison with Previous RSA Attacks
- Conclusion
- References
- RSA Key Generation: New Attacks
- Introduction
- RSA Key Generation
- Differential Power Analysis on Least Significant Bits
- The Basics
- Discussion and Extensions
- Template Attack on Most Significant Bits
- Building Templates
- Template Attack
- Fault Attacks
- Improving Leakage Attacks
- Safe-Error Attack
- Countermeasures
- Alternative Prime Search Strategies
- Execution/Failure Counter
- Randomizing the Primality Test
- Conclusion
- References
- Fault Attacks
- A Fault Attack on the LED Block Cipher
- Introduction
- The LED Block Cipher
- Fault Equations for LED-64
- Inversion of LED Steps
- Generation of Fault Equations
- Key Filtering
- Key Tuple Filtering
- Key Set Filtering
- Temporal and Spatial Aspects of the Attack
- Relation to AES
- Experimental Results
- Extensions of the Attack
- Multiple Fault Injection
- Extension of the Attack for LED-128
- Conclusions and Future Work
- References
- Differential Fault Analysis of Full LBlock
- Introduction
- Preliminaries
- LBlock Description
- Properties of LBlock
- Differential Fault Analysis on LBlock
- Fault Model
- Attack Description of Retrieving Master Key
- Theoretical and Simulation Results
- Conclusions and Future Works
- References
- Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator
- Introduction
- Background
- TRNG Threat Model
- RO-Based TRNG
- Experimental Setup
- TRNG Implementation
- EM Injection Platform
- Attack Description
- Effect of the EM Waves on the ROs - Target #1
- Choice of the Injection Frequency
- Proof of Effectiveness
- Phase Reduction
- Effect of the EM Waves on the TRNG - Target #2
- Impact of the RO Dependence on the Random Bitstream
- Control of the Bias
- Conclusion
- References
- Invited Talk II
- A Closer Look at Security in Random Number Generators Design
- Introduction
- TRNG Design
- TRNG Design Evaluation Criteria
- Criteria Related to the TRNG Principle
- Criteria Related to the TRNG Design
- Criteria Related to the TRNG Security
- TRNG Design Evaluation - Conclusions
- Main Security Issues in Published TRNG Designs
- Sensitivity of the TRNG to Variations of Operating Conditions
- Security Threats Related to Statistical Models and Entropy Estimators
- Embedded TRNG Testing and Related Security Issues
- Recommendations for Future Secure TRNG Designs
- Conclusion
- References
- Side-Channel Attacks on ECC
- Same Values Power Analysis Using Special Points on Elliptic Curves
- Introduction
- Elliptic Curve Cryptosystems
- Elliptic Curve in Projective Jocabian Coordinates
- Elliptic Curve Scalar Multiplication
- DPA Attack and Countermeasures
- RPA and ZPA Attacks and Countermeasures
- Same Values Analysis
- Special Points of Same Values during Doubling
- Special Points of Same Values during Addition
- Collision Power Analysis
- Collision Power Analysis on ECC Using Same-Values Points
- Same-Values Points on Standardized Curves
- Isogeny Defence Discussion
- Countermeasures to Prevent the SVA
- Conclusion
- References
- The Schindler-Itoh-attack in Case of Partial Information Leakage
- Introduction
- Notation and the Schindler-Itoh-attack
- Notation
- The Schindler-Itoh-attack
- Leakage Scenarios for Partial Information
- The First Leakage Scenario
- The Second Leakage Scenario
- Applying the Schindler-Itoh-attack to the Second Leakage Scenario
- Using the Found Collisions to Gain Even More Information
- Simulation Data
- A Barrier to Applying the Enhanced Version to Partial Information
- Conclusion
- References
- Different Methods in Side-Channel Analysis
- Butterfly-Attack on Skein's Modular Addition
- Introduction
- Background Theory
- Hash Functions
- Side Channel Attacks
- Skein
- Side Channel Attacks Using the Modular Addition
- Modular Addition
- State-of-the-Art Attacks against Modular Addition
- Improved Attack against Modular Addition
- Symmetrical Analysis
- Applying the Butterfly-Attack to Skein-MAC
- Using the Divide and Conquer Approach
- Using the Masked Divide and Conquer Approach
- Conclusions and Future Work
- References
- MDASCA: An Enhanced Algebraic Side-Channel Attack for Error Tolerance and New Leakage Model Exploitation
- Introduction
- Related Work
- Our Work
- MDASCA: Multiple Deductions-Based ASCA
- Notations
- MDASCA
- Analysis of Leakage Models in MDASCA
- Hamming Weight Leakage Model with Errors
- Cache Leakage Models
- Evaluation of MDASCA on AES
- HWLM Based MDASCA
- ACLM Based MDASCA
- TRLM Based MDASCA
- Application of MDASCA on AES
- Experiment Setup
- Case Study 1: HWLM Based MDASCA on AES
- Case Study 2: ACLM Based MDASCA on AES
- Case Study 3: TRLM Based MDASCA on AES
- Impact of MDASCA
- Conclusion and Future Work
- References
- Intelligent Machine Homicide
- Introduction
- Preliminaries
- Side Channel Analysis
- Support Vector Machines
- Soft-Margin Classification
- Kernel Trick
- Multi-class SVM
- Probability Output
- SVM in Side Channel Analysis
- Assumed Attacker Model
- How to Recover the Key
- How to Compare the Performance
- Scenarios for Profiling Based Power Analysis
- Experimental Results
- Experimental Setup
- Understanding the Effects of the C-SVC Parameters
- Comparing SVM Attack and Template Attack
- Interpretation of the Results
- Conclusion
- References
- Author Index
