This pad text is synchronized as you type, so that everyone viewing this page sees the same text.
To prevent this pad from appearing in the etherdump, paste (or leave) the following code:
. Warning: DirtyDB is used. This is fine for testing but not recommended for production. -- To suppress these warning messages change suppressErrorsInPadText to true in your settings.json # Side channel attacks
Thomas De Cnudde <email@example.com>
**software is a list of sequential instructions!** done! that was a good block.
pin code checking software: check if the user entered the right pin code software runs on "something"; in this case "hardware" "it ultimately instructs hardware to operate"
``` user ---------- application software ----------- operating system ----------- hardware ```
layers! "leakage from boundaries" is what is considered side channel attacks
dilation of the pupil will tell what you are calculating! very innocent extra information = side channel = revealed information unintentionally, unaware of it, not clear the mechanics behind
pupil as 'side channel' from the brain pupils leak information follows laws we might never discover (mechanics of the human body)
a software running on a hardware it emanates radio-magnetic waves, acting like an antenna (fracking)
you can build an antenna and use it to capture the waves and reconstruct what the user is doing electromagnetic radiation gives information on your devices once you are aware of it, it is hard to control but can be mitigated: put it in a cage made of metal mitigate why look at this problem? bad people want to steal your money or they want to side channel your hardware to retrieve the way your algorithm works, break intellectual property what can they steal? they can steal values but also intellectual property
"hardware lives in the real world and real world properties lead to side channels" "side channel attacks exist because we live in a real world" "real world properties lead to side changels" (= angels of change? ) :)
* computation speed * area * power consumption * reliability
some side channels
* timing * power consumption * electromagnatic radiation * light, sound, temperature (exotic)
algorithms as a target (patents, intellectual property)
we enter 4 random numbers
* algorithm checks it * if it is wrong it stops * if first digit is right, it proceeds to check the second digit etc. * with timing analysis, we can see already if the first digit is wrong, if the program checks the first digit first
you can divide and conquer! :P
power analysis/ electromagnetic analysis is simple : one or two measurements
* duration - how long an operation takes before it goes silent (power gives information on timing) * amplitude
ATCPOTW: All the computation power of the world just by measuring the power consumption you can retrieve information what to do against it?
* shielding * confusing by noise
how do you derive the key from this power analysis? looking at the algorithm itself?
ex= in public key cryptography, rsa is computed by a squaring operation (x^2) or multiplication squaring is optimized, results as green in an analysis of power consumption multiplication instead is not, so results red (more consumption) in the graph green computation takes less time and power than the red computation these are optimized for speed and your battery x^2 is green and x.y is red the algorithm dictates which function you use a key: 100101 is basically such that all ones are green and all zeros are red (or the other way around) a counter-measure is to add red power consumption like patterns after the red power consumption units.
template attacks (wah) you can create templates if you have control over a device where you can build curves that represent the different values that are being executed preferably have the same device as one you want to attack the best is from the same fabrication, but this is not necessary what is necessary is to have the same mechanisms for drawing on power
Kym: what about retro-active mimesis in ww2, having access to the enigma, they could replicate the encryption type enigma on the mathematical side of crypto, here we are in the electrical side of crypto "enigma was an algorithm" enigma provided the algorithm without the algorithm you know nothing and cannot get the keys
in ww2, navajo language was used you cannot break the cipher without knowing that it is that language (it was more difficult for nazis to find native speakers of navajo) _Philip Johnston, a civil engineer for the city of Los Angeles, proposed the use of Navajo to the United States Marine Corps at the beginning of World War II. Johnston, a World War I veteran, was raised on the Navajo reservation as the son of a missionary to the Navajo. He was one of the few non-Navajo who spoke the language fluently. <https://en.wikipedia.org/wiki/Code_talker#Navajo_code_talkers>_ for the US army it was difficult, too. ;) .. Good appropriation of the language of an oppressed minority for military use.
when you do certain manipulations on your machine it uses energy in pulses you are listening to the pulses you recreate the content of another machine
in WWII, they got one of the machines they then knew how the machine worked they didn't know the presets necessary to break enigma they used the weather reports: they always started with heil hitler that was the key
they first got the algorithm by getting the machine they still needed to retrieve the key that changed everyday
the first recorded side channel attack was on a mechanical device by placing microphone in the office and recording the device's clicks in order to break the code
a lot of side-chan come from engineers trying to optimize things
side-channel comes from technology we use CMOS technology a lot of gates that can be either closed or open the transition from open to closed requires effort, consumes power and makes sound high pitch sounds => + electromagnetic field & heat from friction
attackers are "passive" in that they only observe -> no interaction actually you can observe if you are being observed, hence once again no detached observation
passive and non invasive attacker models of attackers passive and non-invasive attackers cost of attack: 300 euros
adversaries: only allowed to observe but not allowed to interact (Read 444)
(how do you design a system that notices when it is observed? <- VW case :) that's when you know _how_ you will be observed. who is observing who in the VW case?)
**engineers are good guys!** how can you think about the ways bad people will use the technology
how does this software circulate? there are software suites chip whisperer - also a friendly guy, canadian <https://wiki.newae.com/Main_Page> (no animal mascotte? but FLOSS ... :P ) not sure if it is legal (they make their own stuff) brilliant guys
fault attacks are more powerful but more expensive
## counter-measures and prevention
"if we keep computing we need counter-measures" OS - restrict certain things system can do software layer - how will users use the system - how will the adversary misuse the system = changing the approach : from how will the user will use it to how will it be misused
how to design to prevent side channel analysis? shift from observing a potential user to being observed by a potential adversary
software classic system designers how will the user use the system new designers how will the adversary misuse the system?
problem: can you ever know all attacks? countermeasures are tailored to what we know preventing side-channel analysis (when is it analysis and when is it attack?)
try to eliminate side channels noise generators balancing power consumption insert dummy operation => timing purposes (make software "time independent" which means making the run-time non correlative to the o in order to make all operations having same length (leaking useles infos)
V V V V
X D D D
drains your battery heightens your ecological footprint
## methods for preventing side-channel analysis
* Make Software Time Independent: insert dummy operations (could these be deployed for aesthetic or other purposes instead of being purely dummy operations?) * Randomizing Data - masking * Randomizing Operation Order- shuffling, random delays (like when preventing theft: making measures to delay the intruder) * Shielding- a Faraday cage * Logic Styles
differential power analysis question of how to isolate an algorithm when another process is occurring
different attacker models
* one has device in advance and can manipulate it * the other only can observe from a distance without prior knowledge
try to extract a model in order to make widely applicable counter measures
if you design software, you need to consider the hardware because hardware is the link between software and the real world push security down to low levels fault injections (laser) <http://cryptologie.net/home/all/3>
is software and hardware the same thing? does the observation of software and hardware are distinct?
VHDL: hardware description language xilinx design language-description file/configureation file in human readable form of native CIRCUIT description->gets compiled-bitstream generator->takes the machine version and configures trough 0s 1s the wires->the gates so a data/descriptor file->compiler->circuit
"Hardware for me is made of silicon, software a sequence of bits in a file. But naturally I am biased: I'm a hardware desginer so I like to consider it as unique and special".
"We are observing software through the hardware" ultimately starts and end with software
you have the algorithm and the device break the hardware by running some known software on it and the record a profile to build a model that then reveals the hardware (example of using software to break hardware) and in other contexts you can break the software using hardware
Paul Kosher -> bio engineers doing side channel attacks F: 'software-curious' people
[^mother]: From the introduction to My Mother was a computer: _In Neal Stephenson’s Cryptonomicon, the fictional mathematical genius Lawrence Pritchard Waterhouse is showing off his new mechanical invention to his supervisor, Lieutenant Colonel Earl Comstock. Comstock inquires: “If you had to give a name to the whole apparatus, what would you call it?” “Hmmm,” Waterhouse says. “Well, its basic job is to perform mathematical calculations—like a computer.” Comstock snorts, “A computer is a human being.”_ (...) The semantic shock the sentence is likely to give us today is rooted not only in the shift from human to machine labor, but also in the feeling that a kinship category essential to human society has been violated.