Impact of localized electromagnetic field measurements on implementations of asymmetric cryptography

Implementations of cryptographic algorithms must be protected against so-called side-channel attacks. This thesis investigates strengths and weaknesses of localized high-precision measurements of electromagnetic fields for side-channel analysis and demonstrates in a practical evaluation, how such measurements can be used for attacks on implementations of asymmetric cryptography. Through the combination of multiple concurrent measurements and application of methods from pattern classification, attacks on single executions become possible without prior characterization of the implementation. Appropriate countermeasures are presented to prevent such attacks.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[4]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[5]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[6]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[7]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[8]  T. Itoh,et al.  A Fast Algorithm for Computing Multiplicative Inverses in GF(2^m) Using Normal Bases , 1988, Inf. Comput..

[9]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[10]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[11]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[12]  J. Milne Elliptic Curves , 2020 .

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[15]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[16]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[17]  Keshab K. Parhi,et al.  Low-Energy Digit-Serial/Parallel Finite Field Multipliers , 1998 .

[18]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[19]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[20]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[21]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[22]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[23]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[24]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[25]  Three Fermat Trails to Elliptic Curves , 2000 .

[26]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[27]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[28]  Nigel P. Smart,et al.  Constructive and destructive facets of Weil descent on elliptic curves , 2002, Journal of Cryptology.

[29]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[30]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[31]  Louis Kruh,et al.  THE COMMERCIAL ENIGMA: BEGINNINGS OF MACHINE CRYPTOGRAPHY , 2002, Cryptologia.

[32]  A. Werner Elliptische Kurven in der Kryptographie , 2002 .

[33]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[34]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[35]  Kouichi Itoh,et al.  Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA , 2002, CHES.

[36]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[37]  Dakshi Agrawal,et al.  Multi-channel Attacks , 2003, CHES.

[38]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[39]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[40]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[41]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[42]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[43]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[44]  Jennifer Seberry,et al.  Fundamentals of Computer Security , 2003, Springer Berlin Heidelberg.

[45]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.

[46]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[47]  Jacques Stern,et al.  Projective Coordinates Leak , 2004, EUROCRYPT.

[48]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[49]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[50]  B. Preneel,et al.  Electromagnetic Analysis Attack on an FPGA Implementation of an Elliptic Curve Cryptosystem , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".

[51]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[52]  Simon W. Moore,et al.  Security evaluation against electromagnetic analysis at design time , 2005, Tenth IEEE International High-Level Design Validation and Test Workshop, 2005..

[53]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[54]  Christof Paar,et al.  Are standards compliant Elliptic Curve Cryptosystems feasible on RFID ? , 2006 .

[55]  Francisco Rodríguez-Henríquez,et al.  Cryptographic Algorithms on Reconfigurable Hardware (Signals and Communication Technology) , 2006 .

[56]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[57]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[58]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[59]  Christof Paar,et al.  Gaussian Mixture Models for Higher-Order Side Channel Analysis , 2007, CHES.

[60]  Eric Peeters,et al.  Power and electromagnetic analysis: Improved model, consequences and comparisons , 2007, Integr..

[61]  Holger Bock,et al.  A Milestone Towards RFID Products Offering Asymmetric Authentication Based on Elliptic Curve Cryptography , 2008 .

[62]  Jörn-Marc Schmidt,et al.  A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[63]  Adi Shamir,et al.  Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs , 2008, CHES.

[64]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[65]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[66]  Agustin Dominguez-Oviedo,et al.  On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems , 2008 .

[67]  Andrey Bogdanov,et al.  Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[68]  Elisabeth Oswald,et al.  Template Attacks on ECDSA , 2009, WISA.

[69]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[70]  Stefan Mangard,et al.  One for All - All for One: Unifying Standard DPA Attacks , 2009, IACR Cryptol. ePrint Arch..

[71]  Lejla Batina,et al.  Differential Cluster Analysis , 2009, CHES.

[72]  Denis Réal,et al.  Enhancing correlation electromagnetic attack using planar near-field cartography , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[73]  Sylvain Guilley,et al.  Electromagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack on a Cryptographic Module , 2009, TRETS.

[74]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[75]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks , 2009, Inscrypt.

[76]  Debdeep Mukhopadhyay,et al.  A Diagonal Fault Attack on the Advanced Encryption Standard , 2009, IACR Cryptol. ePrint Arch..

[77]  Arenberg Doctoral,et al.  Electromagnetic Techniques and Probes for Side-Channel Analysis on Cryptographic Devices , 2010 .

[78]  Johann Heyszl,et al.  Efficient one-pass entity authentication based on ECC for constrained devices , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[79]  Olivier Meynard,et al.  Combined Side-Channel Attacks , 2010, WISA.

[80]  Sergei Skorobogatov,et al.  Optical Fault Masking Attacks , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[81]  Lejla Batina,et al.  Mutual Information Analysis: a Comprehensive Study , 2011, Journal of Cryptology.

[82]  Ingrid Verbauwhede,et al.  Low-cost untraceable authentication protocols for RFID , 2010, WiSec '10.

[83]  Pascal Benoit,et al.  Spatial EM jamming: A countermeasure against EM Analysis? , 2010, 2010 18th IEEE/IFIP International Conference on VLSI and System-on-Chip.

[84]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[85]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[86]  Jasper G. J. van Woudenberg,et al.  Defeating RSA Multiply-Always and Message Blinding Countermeasures , 2011, CT-RSA.

[87]  François-Xavier Standaert,et al.  Univariate side channel attacks and leakage modeling , 2011, Journal of Cryptographic Engineering.

[88]  Erich Wenger,et al.  Exploring the Design Space of Prime Field vs. Binary Field ECC-Hardware Implementations , 2011, NordSec.

[89]  Erich Wenger,et al.  A Hardware Processor Supporting Elliptic Curve Cryptography for Less than 9 kGEs , 2011, CARDIS.

[90]  Mario Kirschbaum,et al.  Learning from Electromagnetic Emanations | A Case Study for iMDPL , 2011 .

[91]  Sven Bauer,et al.  Attacking Exponent Blinding in RSA without CRT , 2012, COSADE.

[92]  Robert Gross,et al.  Elliptic Tales: Curves, Counting, and Number Theory , 2012 .

[93]  Sylvain Guilley,et al.  Towards Different Flavors of Combined Side Channel Attacks , 2012, CT-RSA.

[94]  Mathias Wagner,et al.  700+ Attacks Published on Smart Cards: The Need for a Systematic Counter Strategy , 2012, COSADE.

[95]  Pascal Benoit,et al.  Amplitude demodulation-based EM analysis of different RSA implementations , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[96]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[97]  Cédric Meuter,et al.  Semi-Supervised Template Attack , 2013, COSADE.

[98]  Andreas Ibing,et al.  Clustering Algorithms for Non-profiled Single-Execution Attacks on Exponentiations , 2013, CARDIS.