Fault and Power Analysis Attack Protection Techniques for Standardized Public Key Cryptosystems

Implementation—physical attacks like side channel and fault injection attacks constitute a realistic problem for all security applications. Standardized public key cryptography implementations like RSA and Elliptic Curve cryptography (ECC) schemes are very vulnerable to easy-to-mount such attacks. Focus point of those attacks is the RSA/ECC cryptographic primitives of modular exponentiation or scalar multiplication respectively. There exist a very wide variety of implementation attacks on the above two cryptographic primitives so designing appropriate countermeasures is not a straightforward process. In this book chapter, we view RSA and ECC cryptographic primitives in a unified way and introduce a side channel and fault injection attack countermeasure approach that is applicable to both schemes. To achieve that, we describe and analyze the existing implementation attack ecosystem and propose an algorithm that is applicable to both modular exponentiation and scalar multiplication and is capable of providing broad resistance. The proposed approach is based on Montgomery Power Ladder which is extended in order to provide strong randomization through multiplicative/additive blinding of the RSA/ECC sensitive information. This randomization is realized in such a way that in each round of the algorithm the involved random element is propagated and expanded according to the algorithmic computation flow. In the proposed concept, faults are detected through an appropriate mechanism (fault detection) at the end of all computations by exploiting mathematical coherency between intermediate values in the algorithmic flow. Through the above countermeasure techniques, the proposed algorithm can provide protection against a wide range of “horizontal” and “vertical” side channel attacks as well as fault injection attacks, thus, acting as an all-in-one protection framework for RSA/ECC schemes.

[1]  JaeCheol Ha,et al.  Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption , 2005, Mycrypt.

[2]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  Benoit Feix,et al.  On the BRIP Algorithms Security for RSA , 2008, WISTP.

[5]  Amir Moradi,et al.  Dual-rail transition logic: A logic style for counteracting power analysis attacks , 2009, Comput. Electr. Eng..

[6]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[7]  JaeCheol Ha,et al.  Relative Doubling Attack Against Montgomery Ladder , 2005, ICISC.

[8]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[9]  Éliane Jaulmes,et al.  Correlation Analysis against Protected SFM Implementations of RSA , 2013, INDOCRYPT.

[10]  Christophe Giraud,et al.  An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis , 2006, IEEE Transactions on Computers.

[11]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[12]  Guillaume Fumaroli,et al.  Blinded Fault Resistant Exponentiation , 2006, FDTC.

[13]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[14]  Apostolos P. Fournaris,et al.  Protecting CRT RSA against Fault and Power Side Channel Attacks , 2012, 2012 IEEE Computer Society Annual Symposium on VLSI.

[15]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[16]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[17]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[18]  Benoit Feix,et al.  Side-Channel Analysis on Blinded Regular Scalar Multiplications , 2014, INDOCRYPT.

[19]  Éliane Jaulmes,et al.  Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations , 2013, CT-RSA.

[20]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[21]  Andrey Bogdanov,et al.  Algebraic Methods in Side-Channel Collision Attacks and Practical Collision Detection , 2008, INDOCRYPT.

[22]  Apostolos P. Fournaris Fault and simple power attack resistant RSA using Montgomery modular multiplication , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[23]  Wei Wang,et al.  A CRT-RSA Algorithm Secure against Hardware Fault Attacks , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[24]  Éliane Jaulmes,et al.  Horizontal Collision Correlation Attack on Elliptic Curves , 2013, Selected Areas in Cryptography.

[25]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[26]  David A. Wagner,et al.  Cryptanalysis of a provably secure CRT-RSA algorithm , 2004, CCS '04.

[27]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[28]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[29]  Atsuko Miyaji,et al.  Efficient Countermeasures against RPA, DPA, and SPA , 2004, CHES.

[30]  Roberto Maria Avanzi,et al.  Combined Implementation Attack Resistant Exponentiation , 2010, LATINCRYPT.

[31]  Biao Cai,et al.  PRN: A Novel Trust Model , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[32]  Sylvain Guilley,et al.  Overview of Dual rail with Precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).

[33]  Seungjoo Kim,et al.  RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis , 2001, ICISC.

[34]  Seungjoo Kim,et al.  RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis , 2003, IEEE Trans. Computers.

[35]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[36]  Helena Handschuh,et al.  Blinded Fault Resistant Exponentiation Revisited , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[37]  Benoit Feix,et al.  Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms , 2007, Selected Areas in Cryptography.