Upload
marian-smith
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
Wide Collisions in Practice
Xin Ye, Thomas EisenbarthFlorida Atlantic University, USA
10th ACNS 2012- Singapore
Overview
• Side Channel Collision Attacks
• Wide Collisions for AES
• Improving Recognition Rates
• Attack Results
Embedded Systems
• Specific purpose device with computing capabilities
• Constrained resources• Many require security
Side Channel Attacks
… leaks additional information via side channel!e.g. power consumption / EM emanation
AESLeakage
plaintext
ciphertext
0 20 40 60 80 100 120 140 160 180 200
-0.2
-0.1
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
Time
Corr
ela
tion
right key
wrong keys
Collisions in AES
Collision: Querying same S-box value twice
Collision Attack: Exploiting collision detections to recover secret key
S S S S S S SS S S S S S S
y1 y4 = y1
plaintextAdd_Key
Sub_Bytes
S-box 1 S-box 4
Collision Detection
Collisions are highly frequent:– First round: .41 collisions– One encryption: >40 collisions
Detecting collisions is hard:– One encryption: 12 720 comparisons– Probability of a collision: <0.4%– False positive rate of 1%: >120 faulty detections Should minimize false positives
Wide Collisions (I) Two AES encryptions with chosen inputs Same plaintexts except for diagonals! AddRoundKey, SubBytes -> same difference
Wide Collisions (II)
• ShiftRows aligns differences• MixColumns can result in equal bytes
Collision
Wide Collisions (III) 2nd ShiftRows results in equal columns Full column collides until next ShiftRows! 5 predictable S-Box collisions between 2 encryptions!
Full Column Collision
Collision Detection
• Direct Comparison of two power traces• Ideally only compared in leaking regions
(5 s-Boxes and full MixColumns colliding)
Point selection necessary:– Knowledge of implementation or profiling needed
S-box 4 S-boxes (in round 3)
+ S-box in round 2+ Mix Columns
Key Recovery Phase
• 1st byte after 1st MixColumns:
• 4 collisions reduce key candidates from 232 to 1 candidate per diagonal.
• Full key recovery: 16 distinct collisions.
Avoid false positives
Outlier MethodProcedure:
Find overallMean Trace
Locate Outlier Region
Locate Neighboring
Pairs Mean TraceIndividual Trace
Outlier Region
Outlier Method: Details
Two parameters:• Size of outlier region• Admitted distance between
neighboring points
Both influence• Number of detected collisions• Rate of false positives
Tradeoff depends on implementation
Results
Leaking Points Detected Collisions Correct Detections1 (R = 0.9, dmax = 0.3) 127 23.0%4 (R = 0.9, dmax = 0.3) 46 71.1%8 (R = 0.9, dmax = 0.3) 88 93.7%
Wide Collisions stronger, but knowledge of implementation or profiling needed
Blind Templates (+ PCA) are great for device profiling
• Unprotected SW implementation, 8-bit Smart Card• Results on 3000 power traces:
Optimized Collision Detection
• Targeting Wide Collisions– Strong leakage, easier to detect– Requires chosen inputs
• Using Outlier Detection method:– Reduces overall detection of collisions– Minimizes false positives
Conclusion
• Wide collisions yield feasible power based collision attack
• Outlier Method is a helpful tool for decreasing false positive detections
Thank you very much for your [email protected]