Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
CRYPTOGRAPHY IN ITSEF
| 2
• Several ITSEFs and several types of product
• Software and networks
• Electronic, microelectronic components and embedded software
• Hardware devices with security boxes
• Several ITSEFs and several types of product
• Software and networks
• Electronic, microelectronic components and embedded software
• Hardware devices with security boxes
Leti into CEA Grenoble: Hardware ITSEF
FRENCH CERTIFICATION SCHEME
ITSEF Information Technology Security Evaluation Facility
CESTI Centre d’Évaluation de la Sécurité des Technologies d’Information
ANSSI
Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
| 6Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
SMART CARD EVALUATION: THREATS
Source: Security IC Platform Protection Profile - BSI-PP-0084
| 7Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
SMART CARD EVALUATION: UNITS
• Hardware
• Software
• Open samples
• Applications
Source: Security IC Platform Protection Profile - BSI-PP-0084
| 8Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Functions
• Encryption / decryption
• Signature
• Authentication
• Key generation / exchange
• …
• Mechanisms
• Symmetrical algorithms
• Asymmetrical algorithms
• Hash functions
• Random number generator
Hardware / Software
SMART CARD EVALUATION: CRYPTOGRAPHY
• Conformity• Document analysis
• Code analysis
• Efficiency• Functional testing
• Statistical tests
• Penetration testing
• Standards & References• Common Criteria
• RGS (ANSSI)
• AIS31 (BSI)
• …
| 9Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Smart card
• Embedded software
• AES (hardware)
• RSA (hardware + software)
• Random Number Generator (hardware + software)
• Conformity
• RNG evaluation RGS and AIS31
• Efficiency
• RNG statistical tests
• Penetration testing on AES and RSA• Side channel analysis
• Fault injection
SMART CARD EVALUATION: EXAMPLE
| 10Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
RNG EVALUATION: ARCHITECTURE
RGS
AIS31 PTG.2
AIS31 PTG.3
TRNG
Online test
Post-
processing
Cryptographic
post-processing
Initialization
Output
| 11Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
RNG EVALUATION: RGS
TRNG
Online test
Post-
processing
Cryptographic
post-processing
Initialization
Output
Confidence in the cryptographic post-processing (and
the global evaluation)
Statistical tests: no default
(all tests, all conditions)
Design
analysis
Cryptanalysis
Forward secrecy
Backward secrecyRecommendation
Architecture analysis
| 12Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
RNG EVALUATION: AIS31
TRNG
Online test
Suitable test?
Efficiency
demonstration
Post-
processing
Cryptographic
post-processing
Stochastic
model
Initialization process
Alarm management
Initialization
Output
Cryptanalysis
Forward secrecy
Backward secrecy
(PTG.3)
Entropy analysis
Environment alteration
Attacks
Statistical tests: test suite
| 13Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
RNG EVALUATION: STOCHASTIC MODEL
• Definition
• mathematical description using random variables
• model of the reality under certain conditions and limitations
• Goals
• It supports the estimation of the entropy of the raw random numbers
• It allows to understand the factors that may affect the entropy
Stochastic model
Real TRNG
Total Failure test
Online testFactors
Entropy
Randomness
qualityStatistical
tests
Simulations
| 14Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
RNG EVALUATION: METHODOLOGY
• German scheme BSI
• AIS31
• More complete
• Stochastic model
• Restrictive statistical test suite
• French Scheme ANSSI
• RGS
• More general
• Architecture with a good
cryptographic post-processing
• Argumentation for randomness
• All statistical tests
• Design analysis
• Online test
• Conformity
• Efficiency
• …
| 15Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
SMART CARD EVALUATION: EXAMPLE
• Smart card
• Embedded software
• AES (hardware)
• RSA (hardware + software)
• Random Number Generator (hardware + software)
• Conformity
• RNG evaluation RGS or AIS31
• Efficiency
• RNG statistical tests
• Penetration testing on AES and RSA• Side channel analysis
• Fault injection
| 16Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: OVERVIEW
Small tests
• Monobit
• Pattern frequency
AIS31
Various tests
• FIPS140
• Graphical distribution studies
• …
TestU01 Characterization tests
• Randomness quality evaluation
• Good / bad result
• Characterization
• Highlight a specific default
| 17Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: EXAMPLE
• Biased source
• How to evaluate?
• Majority of statistical tests fail
• For example 𝑃1 = 0.46 before post-processing• AIS31: T1, T2, T3, T6, T8 fails
• TestU01: 49 / 56 tests fail
• How to find others defaults?
• Is the post-processing sufficient?
• Need to know the statistical properties of the source
Adapted tests
post-processingsource
biased unbiased
| 18Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: ADAPTED TESTS
• Much tests are built under uniformity hypothesis
• But some of them can be adapted with the Bernouilli distribution
• Example poker test (FIPS140-1, AIS31 T2)
• 𝑋2 =16
5000× 𝑖=015 𝑓(𝑖)2 − 5000
• 20,000 bits• 𝑓(𝑖) occurrence number of 𝑖
• 𝑋2 follows a 2 distribution
with 15 degrees of freedom
• The test passes if 1.03 < 𝑋2 < 57.4
| 19Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: ADAPTED TESTS
• With the biased sequence
𝑃1 = 0.46the test fails with high probability
• False expected frequency
𝑝 𝑖 =1
16
• Adapted probability
𝑝 𝑖 = 1 − 𝑃14−𝜋(𝑖)𝑃1
𝜋(𝑖)
where 𝜋(𝑖) is the Hamming weight of 𝑖
Examples
𝑝 0000 = 1 − 𝑃14
𝑝 0001 = 1 − 𝑃13𝑃1
𝑝 0011 = 1 − 𝑃12𝑃12
| 20Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: ADAPTED TESTS
• Adapted test
• The test value:
𝑋′2 =
𝑖=0
15𝑓 𝑖 − 5000 × 𝑝 𝑖
2
5000 × 𝑝 𝑖
follows a 2 distribution with 15 degrees of freedom
• The test passes if
1.03 < 𝑋′2 < 57.4
| 21Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
STATISTICAL TESTS: ADAPTED TESTS
Biased sequence
• 𝑃1 = 0.46
• AIS31: T1, T2, T3, T6, T8 fails
• TestU01: 49 / 56 tests fail
Biased sequence with another default
• 𝑃1 = 0.46• 1/10 pattern 0100 replaced by 0010
• AIS31: T1, T2, T3, T6, T8 fails
• TestU01: 49 / 56 tests fail
Adapted Poker test distribution compared to 2 distribution
| 22Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
SMART CARD EVALUATION: EXAMPLE
• Smart card
• Embedded software
• AES (hardware)
• RSA (hardware + software)
• Random Number Generator (hardware + software)
• Conformity
• RNG evaluation RGS or AIS31
• Efficiency
• RNG statistical tests
• Penetration testing on AES and RSA
• Side channel analysis
Template attack on AES
• Fault injection
Differential Fault Analysis on RSA
| 23Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Analysis of attack path
• Vulnerabilities• Code analysis
• Open sample
• Countermeasures• Known attacks
• Combined attacks
• New attacks
• Practicability of each steps
List of tests
• Tests
• Test bench setup
• Dedicated tools: benchmark, computations, …
• Multiple skills• physics, electronics, informatics, cryptographyics, statistics, …
• Attack rating
• Application of Attack Potential to Smartcards - v2.9 - Jan. 2013
PENETRATION TESTING: METHODOLOGY
| 24Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
PENETRATION TESTING: RATING TABLE
Factors Identification Exploitation
Elapsed time
< one hour 0 0
< one day 1 3
< one week 2 4
< one month 3 6
> one month 5 8
Not practical * *
Expertise
Layman 0 0
Proficient 2 2
Expert 5 4
Multiple Expert 7 6
Knowledge of the TOE
Public 0 0
Restricted 2 2
Sensitive 4 3
Critical 6 5
Very critical hardware
design 9 NA
Access to TOE
< 10 samples 0 0
< 30 samples 1 2
< 100 samples 2 4
> 100 samples 3 6
Not practical * *
Equipment
None 0 0
Standard 1 2
Specialized 3 4
Bespoke 5 6
Multiple Bespoke 7 8
Open samples
Public 0 NA
Restricted 2 NA
Sensitive 4 NA
Critical 6 NA
| 25Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Measure during cryptographic computation
• Power consumption
• Electromagnetic radiation
• …
• Leakage
• Two phases
• Profiling• Characterization of the leakage with respect to few bits of the key (learning)
• Attack• Retrieving the bits of an unknown key thanks to the leakage shape
TEMPLATE ATTACKS ON AES: PRINCIPLE
Plaintext Ciphertext
| 26Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Analysis of attack path
• Profiling phase: computation with several known keys
Existing command or Open sample
• Attack phase: computation with an unknown fixed key
Example: command for the AES encryption of a challenge
• Acquisition
• Measure of the power consumption
• Test scripts
TEMPLATE ATTACK ON AES: SETUP
Source: C. Giraud, Attaques de cryptosystèmes embarqués et contre-mesures associées, rapport de thèse - 2007
| 27Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Acquisition
• Resynchronisation
• Several signal processing methods depending of the signal waveform
TEMPLATE ATTACK ON AES: ACQUISITIONS
| 28Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: NORMAL LAW
Introduction
Characterization of traces thanks to the
random vector L. At time u : L[u]
• L[u] follows a univariate normal law with
parameters µ and ²
• L follows a multivariate normal law with
parameters µ and
Probability densities for univariate normal
laws
| 29Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: PROFILING PHASE
• Sending of N plaintexts: X = (x1, …, xN)
• Acquisition of N traces with known keys: L = (l1, …, lN)
• Choice of a computed data (target) Z = (z1, …, zN)
Each acquired trace li corresponds to a plaintext xi
and a target value zi = Sbox(xi k) where k is a key byte.
Assumption: The conditional law of L knowing Z = z is a multivariate normal law
with parameters µz and z.
The profiling phase characterizes the traces distribution for each value z of
the target with the parameters µz and z.
µ0 = 230 µ1 = 220
²0 = 11
²1 = 4
| 30Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: ATTACK PHASE
• Sending of Na challenges: X = (x1, …, xNa)
• Acquisition of Na traces with unknown key: L = (l1, …, lNa)
• Same signal processing!
• For each key hypothesis k
• The trace li corresponds to zi = Sbox(xi k)
Pr[L = li | k] = Pr[L = li | Z = zi] = normpdf (µzi, zi
)
• Likelihood
Pr[L | k] = i normpdf (µzi, zi
)
The recovered key byte is given by the maximum of likelihood
| 31
• 256 possible values for Sbox(xi k)
• Likelihood (ordinate) for each key k (abscissa)
• Guessing entropymean of the right key ranking (ordinate) with the number of attack traces (abscissa)
1 byte of the key is retrieved from 300 attack traces
Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: RESULTS
Key byte 111
| 32Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: RATING
Factors Identification Exploitation
Elapsed time < one week (2) < one month (6)
Expertise Expert (5) Proficient (2)
TOE Knowledge Restricted (2) Public (0)
Access to TOE < 10 samples (0) < 10 samples (0)
Equipment Specialized (3) Specialized (4)
Open samples Restricted (2) n/a
Total 14 12
26
• 16 bytes have to be retrieved (AES key)
• Case 1: Only 8 bytes
| 33Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
TEMPLATE ATTACK ON AES: RATING
Factors Identification Exploitation
Elapsed time < one week (2) < one day (3)
Expertise Expert (5) Proficient (2)
TOE Knowledge Restricted (2) Public (0)
Access to TOE < 10 samples (0) < 10 samples (0)
Equipment Specialized (3) Specialized (4)
Open samples Restricted (2) n/a
Total 14 9
23
• 16 bytes have to be retrieved (AES key)
• Case 1: 16 bytes
| 34Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Differential Fault Analysis
Fault injection + Exploitation of erroneous results
• RSA
• N = p . q, e public parameters, d private exponent
• C = Md
mod N
• RSA CRT (Chinese Reminder Theorem)
• dp = d mod (p-1), dq = d mod (q-1), pinv = p-1
mod q,
• Sp = Mdp mod p
• Sq = Mdq mod q
• C = p . (pinv . (Sq - Sp) mod q) + Sp mod N
• Error in Sq Sq∗
• C* = p . (pinv . (Sq∗
- Sp) mod q) + Sp mod N
• gcd(C - C*, N) = gcd(p . A, N) = p
DFA ON RSA CRT: PRINCIPLE
| 35
DFA ON RSA CRT: SETUP
• Analysis of attack path
• Correct and erroneous results of RSA CRT with the private exponent
Example: command for the signature of a hash
• Source code analysis
• Fault injection
• Laser
• Double fault
• Recording of the erroneous results
…
sign = signatureRSACRT(hash)
verif = verificationRSA(sign)
If verif ≠ hash then exit error
return sign
…
Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
| 36Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
DFA ON RSA CRT: RATING
Factors Identification Exploitation
Elapsed time < one month (3) < one day (3)
Expertise Expert (5) Expert (4)
TOE Knowledge Restricted (2) Public (0)
Access to TOE < 10 samples (0) < 10 samples (0)
Equipment Specialized (3) Specialized (4)
Open samples Public (0) n/a
Total 13 11
24
• The key is retrieved with only one erroneous result
• Case 1: excellent repeatability
| 37Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
DFA ON RSA CRT: RATING
Factors Identification Exploitation
Elapsed time > one month (5) < one week (4)
Expertise Expert (5) Expert (4)
TOE Knowledge Restricted (2) Public (0)
Access to TOE < 10 samples (0) < 10 samples (0)
Equipment Specialized (3) Specialized (4)
Open samples Public (0) n/a
Total 15 12
27
• With only one erroneous result, the key is retrieved
• Case 1: low repeatability
| 38Journée Codage & Cryptographie 2017 | Cécile Dumas | 24 avril 2017
• Standards
• Common criteria
• AIS31
• Qualification process (ANSSI)
• Various products
• Various skills
• Hardware
• Software
• Cryptography
• Statistics
• …
• R & D
• New attacks
• Phd thesis
CONCLUSION
Leti, technology research institute
Commissariat à l’énergie atomique et aux énergies alternatives
Minatec Campus | 17 rue des Martyrs | 38054 Grenoble Cedex | France
www.leti.fr
erci
uestions ?
M
Q