Project
CRYPTOGRAPHY: Cryptografie beveiligd tegen side-channel attacks en fault attacks door middel van begin van implementaties (CRYPTOGRAPHY)
Research Area
The traditional application of cryptography is the protection of communication lines. Here one usually assumes that both sender and receiver have equipment that is protected by physical means against attacks. In modern applications like payment cards, set-top boxes, DRM protection, …, this assumption is no longer true. The attacker often has physical access to the device that is executing the cryptographic algorithm, and can measure side channels: execution time, power consumption, electro-magnetic radiation. With the advent of the Internet of Things, the interest in embedded cryptographic systems and side-channel attacks on these systems is steadily increasing, both in academia and industry.
In cryptography, the oldest, hence the most analyzed adversary model is based on deriving the sensitive information (the secret key) by examining several outputs (in some cases together with the inputs) of the algorithm. This purely mathematical model is typically referred to as cryptanalysis. In this project, we will consider algorithms that are secure against cryptanalysis. We investigate the security of implementations against adversaries using side-channel information, such as execution time, power consumption or electromagnetic radiation of the device, in order to reveal the key. Today, it is known that any naive implementation of a cryptanalytically secure algorithm leaks side-channel information.
In this project, we focus on adversaries exploiting information that leaks through the power traces (DPA adversaries). A DPA adversary uses several instantaneous power consumption traces gathered from executions of the same algorithm using the same secret key and different known inputs.
It is not known how to design cryptographic algorithms that are secure even if the attacker has access to the intermediate results. Therefore, the current research concentrates on implementation techniques that ensure that the intermediate results of the cryptographic algorithm are statistically independent of the secret key. We distinguish two classes of countermeasures against side-channel attacks. Circuit design approaches try to remove the root of the side-channel leakage by balancing the power consumption of different data values. However, in the current hardware technologies, it is very difficult to achieve perfect balancing. Even small remaining asymmetries can be exploited in an attack.
Another method is to randomize the intermediate values of an algorithm by masking them. This can be done at the algorithm level, at the gate level or even in combination with circuit design approaches. Instead of working on the secret variables, the circuits work on masked variables and the corresponding masks. For this approach it is important to take into account glitches and other transient effects, as well as crosstalk between lines and other effects which may create dependencies between the values of the masks and the masked variables, and lead to leakage of information on the secret value.
Approach
Side-channel attacks can be countered by means of implementation techniques. Various approaches have been proposed in the past. Many of these approaches have been broken because they fail to consider transient effects. We have developed a method, called threshold implementations, that is provably secure, even when transient effects are significant. In this project, we propose several extensions of the threshold implementation technique, with the aim to increase its applicability in practice and to extend its provable security to cover a wider range of attacks.
The aim of this research is to continue our research in Threshold Implementations and to make the next step in the secure HW resistance of block ciphers against side-channel attacks. The applicability of our research is critical in order to secure the information in embedded devices and computer systems. Therefore, our main consideration is to develop practical methods that can be used to secure implementations of important algorithms (e.g. AES) at a reasonable cost.
Fully fledged multi-party protocols allow to compute arbitrary functions without disclosing information on their inputs. Alas, they are cumbersome to implement, and too costly in area and power consumption to protect every cryptographic hardware circuit. For practically useful schemes, it is important to limit the overhead caused by protection measures.
Objective 1: Theoretical bounds
We provide theoretical bounds on the requirements to achieve security against well-defined classes of power attacks. Concretely, we investigate the following requirements:
Randomness: Masking algorithms require random bits in order to achieve security. Some masking algorithms in the literature use more randomness than others, while not always achieving better security. The fast generation of random numbers is challenging and poses a serious burden to the system. In order to increase the usability of theoretically secure systems, randomness requirements should be reduced as much as possible. We derive theoretical lower bounds for the amount of random bits required to achieve certain well-defined security levels.
Area: Masking algorithms increase the area requirements (often measured in gate equivalents) of implementations. Increasing the security order of a masking also increases the area requirements. Interestingly, the area requirements for the same order of security depend on the function that is being protected. Furthermore, to a certain extent it is possible to trade off area requirements for randomness requirements. We provide theoretical upper bounds on the achievable security with limited area.
Security depending on the leakage function: Leakage resilient algorithms are proven to be secure under strict leakage model considerations. However, new types of hardware technology might change the behavior of these leakages. For example, it is possible that the overall leakage depends nonlinearly on the leakages from each share due to a cross-talk between wires with the increasingly small scale of processors. Here, we analyze the provided security of masking and leakage resilient countermeasures with different leakage models.
Objective 2: Practical methods achieving the theoretical bounds
The applicability of our research is critical in order to secure the information in embedded devices and computer systems. Therefore, our second objective is to develop practical methods that can be used to achieve the theoretical bounds that we derived as the first objective. This requires a thorough investigation of the existing implementations in order to reveal the causes why the suggested theoretical bounds are (not) achieved. We achieve this objective by establishing links to properties of error-correcting codes, mathematical designs and other objects studied in discrete mathematics. We study both the existence of solutions as well as methods to efficiently find solutions.
Using the insights we gathered from this investigation, we provide new efficient implementation methods and apply them to existing as well as new ciphers.
Objective 3: Security against fault attacks
The literature contains examples of side-channel attacks where countermeasures are circumvented by the deliberate introduction of faults in the circuit. We extend the threshold implementation method in order to provide resistance against fault attacks, where the attacker causes an error during the execution of the cryptographic functions in an attempt to defeat some of the protection mechanisms.
The literature on multiparty computation describes constructions that produce the correct output even if some of the parties introduce errors in the computations. We investigate to what extent we can use the methods from multiparty computation in order to construct circuits that can continue to function correctly and securely in the presence of deliberately inserted faults.
Expertise
- Digital hardware design
- Multi-Party Computation protocols
- Boolean functions & finite-field arithmetic
- Measurements & Signal processing