Ing. Petr Socha, Ph.D.

Publikace

A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis

Rok
2022
Publikováno
Sensors. 2022, 22(21), ISSN 1424-8220.
Typ
Článek
Anotace
Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.

A fair experimental evaluation of distance correlation side-channel distinguisher

Rok
2022
Publikováno
Proceedings of the 11th Mediterranean Conference on Embedded Computing (MECO 2022). Institute of Electrical and Electronics Engineers, Inc., 2022. p. 110-113. ISSN 2377-5475. ISBN 978-1-6654-6828-2.
Typ
Stať ve sborníku
Anotace
Side-channel attacks pose a severe threat to crypto graphic implementations, allowing the attacker to recover secret information based on physical observations of the cryptographic device. Correlation Power Analysis is considered to be one of the most powerful attacks in the non-profiled scenario. In this paper, we consider the distance/Brownian correlation instead of the traditionally used Pearson coefficient. We give a fair comparison of our novel approach attacking AES on three different FPGA platforms and we discuss the distance correlation potential in the context of side-channel analysis.

Equivalent Keys: Side-Channel Countermeasure for Post-Quantum Multivariate Quadratic Signatures

Autoři
Pokorný, D.; Socha, P.; Novotný, M.
Rok
2022
Publikováno
Electronics. 2022, 11(21), ISSN 2079-9292.
Typ
Článek
Anotace
Algorithms based on the hardness of solving multivariate quadratic equations present promising candidates for post-quantum digital signatures. Contemporary threats to implementations of cryptographic algorithms, especially in embedded systems, include side-channel analysis, where attacks such as differential power analysis allow for the extraction of secret keys from the device’s power consumption or its electromagnetic emission. To prevent these attacks, various countermeasures must be implemented. In this paper, we propose a novel side-channel countermeasure for multivariate quadratic digital signatures through the concept of equivalent private keys. We propose a random equivalent key to be generated prior to every signing, thus randomizing the computation and mitigating side-channel attacks. We demonstrate our approach on the Rainbow digital signature, but since an unbalanced oil and vinegar is its special case, our work is applicable to other multivariate quadratic signature schemes as well. We analyze the proposed countermeasure regarding its properties such as the number of different equivalent keys or the amount of required fresh randomness, and we propose an efficient way to implement the countermeasure. We evaluate its performance regarding side-channel leakage and time/memory requirements. Using test vector leakage assessment, we were not able to detect any statistically significant leakage from our protected implementation.

Implementation of the Rainbow signature scheme on SoC FPGA

Rok
2022
Publikováno
Proceedings of the 2022 25th Euromicro Conference on Digital System Design. Los Alamitos: IEEE Computer Society, 2022. p. 513-519. ISBN 978-1-6654-7404-7.
Typ
Stať ve sborníku
Anotace
Thanks to the research progress, quantum computers are slowly becoming a reality and some companies already have their working prototypes. While this is great news for some, it also means that some of the encryption algorithms used today will be rendered unsafe and obsolete. Due to this fact, NIST (US National Institute of Standards and Technology) has been running a standardization process for quantum-resistant key exchange algorithms and digital signatures. One of these is Rainbow—a signature scheme based on the fact that solving a set of random multivariate quadratic system is an NP-hard problem. This work aims to develop an AXI-connected accelerator for the Rainbow signature scheme, specifically the Ia variant. The accelerator is highly parameterizable, allowing to choose the data bus width, directly affecting the FPGA area used. It is also possible to swap components to use the design for other variants of Rainbow. This allows for a comprehensive experimental evaluation of our design. The developed accelerator provides significant speedup compared to CPU-based computation. This paper includes detailed documentation of the design as well as performance and resource utilisation evaluation.

On Secure and Side-Channel Resistant Hardware Implementations of Post-Quantum Cryptography

Autoři
Jedlička, P.; Malina, L.; Socha, P.; Gerlich, T.; Martinásek, Z.; Hajný, J.
Rok
2022
Publikováno
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. New York: Association for Computing Machinery, 2022. p. 1-9. ISBN 9781450396707.
Typ
Stať ve sborníku
Anotace
Currently, many post-quantum cryptography schemes have been implemented on various hardware platforms in order to provide efficient solutions in cybersecurity services. As researchers and hardware developers focus primarily on designs providing small latency and requiring fewer hardware resources, their implementations could seldom omit protection techniques against various physical attacks. This paper studies potential attacks on the cryptography implementations that run on Field-Programmable Gate Array (FPGA) platforms. We mainly analyze how Post-Quantum Cryptography (PQC) implementations could be vulnerable on various platforms. Further, we aim at the FPGA-based implementations of National Institute of Standards and Technology (NIST)’s PQC competition finalists. Our study should present to developers the current overview of attacks and countermeasures that can be implemented on specific PQC schemes on FPGA platforms. Moreover, we present novel implementation of one universal countermeasure component and reveal additional resources that are needed.

High-level synthesis, cryptography, and side-channel countermeasures: A comprehensive evaluation

Rok
2021
Publikováno
Microprocessors and Microsystems. 2021, 85 1-13. ISSN 0141-9331.
Typ
Článek
Anotace
Side-channel attacks pose a severe threat to both software and hardware cryptographic implementations. Current literature presents various countermeasures against these kinds of attacks, based on approaches such as hiding or masking, implemented either in software, or on register-transfer level or gate level in hardware. However, emerging trends in hardware design lean towards a system-level approach, allowing for faster, less error-prone, design process, an efficient hardware/software co-design, or sophisticated validation, verification, and (co)simulation strategies. In this paper, we propose a Boolean masking scheme suitable for high-level synthesis of substitution-permutation network-based encryption. We implement both unprotected and protected PRESENT, AES/Rijndael and Serpent encryption in C language, utilizing the concept of dynamic logic reconfiguration, synthesize it for Xilinx FPGA, and we compare our results regarding time and area utilization. We evaluate the effectiveness of proposed countermeasures using both specific and non-specific t-test leakage assessment methodology. We discuss the leakage assessment results, and we identify and discuss the related limitations of the system-level approach and the high-level synthesis.

Side-channel attack on Rainbow post-quantum signature

Autoři
Pokorný, D.; Socha, P.; Novotný, M.
Rok
2021
Publikováno
Proceedings of the 2021 Design, Automation & Test in Europe (DATE). New Jersey: IEEE, 2021. p. 565-568. ISSN 1558-1101. ISBN 978-3-9819263-5-4.
Typ
Stať ve sborníku
Anotace
Rainbow, a layered multivariate quadratic digital signature, is a candidate for standardization in a competition-like process organized by NIST. In this paper, we present a CPA side-channel attack on the submitted 32-bit reference implementation. We evaluate the attack on an STM32F3 ARM microcontroller,successfully revealing the full private key. Furthermore, we propose a simple masking scheme with minimum overhead.

Side-channel countermeasures utilizing dynamic logic reconfiguration: Protecting AES/Rijndael and Serpent encryption in hardware

Autoři
Socha, P.; Brejník, J.; Balasch, J.; Novotný, M.; Mentens, N.
Rok
2020
Publikováno
Microprocessors and Microsystems. 2020, 78 1-10. ISSN 0141-9331.
Typ
Článek
Anotace
Dynamic logic reconfiguration is a concept that allows for efficient on-the-fly modifications of combinational circuit behavior in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g., shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work, we adapt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our implementations and evaluate the side-channel leakage and effectiveness of different countermeasures combinations using a methodology based on Welch’s t-test. Furthermore, we attempt to break the protected AES/Rijndael implementation using second-order DPA/CPA attacks. We did not detect any significant first-order leakage from the fully protected versions of our implementations. Using one million power traces, we detect second-order leakage from Serpent encryption, while AES encryption second-order leakage is barely detectable. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications, successfully applicable to AES and Serpent.

Towards High-Level Synthesis of Polymorphic Side-Channel Countermeasures

Rok
2020
Publikováno
Proceedings of the 23rd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2020. p. 193-199. ISBN 978-1-7281-9535-3.
Typ
Stať ve sborníku
Anotace
Side-channel attacks pose a severe threat to both software and hardware cryptographic implementations. Current literature presents various countermeasures against these kinds of attacks, based on approaches such as hiding or masking, implemented either in software, or on register-transfer or gate-level in hardware. However, emerging trends in hardware design lean towards a system-level approach, allowing for faster, less error-prone, design process, an efficient hardware/software co-design, or sophisticated validation, verification, and (co)simulation strategies. In this paper, we propose a Boolean masking scheme suitable for high-level synthesis. We implement a protected PRESENT encryption in C language, utilizing the concept of dynamic logic reconfiguration, synthesize it for Xilinx Artix 7 FPGA, and we compare our results regarding clock cycle latency and area utilization. We evaluate the effectiveness of proposed countermeasures using specific t-test leakage assessment methodology. We show that our high-level synthesis implementation successfully conceals the side-channel leakage while maintaining reasonable area and latency overhead.

Dynamic Logic Reconfiguration Based Side-Channel Protection of AES and Serpent

Autoři
Socha, P.; Brejník, J.; Jeřábek, S.; Novotný, M.; Mentens, N.
Rok
2019
Publikováno
Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 277-282. ISBN 978-1-7281-2861-0.
Typ
Stať ve sborníku
Anotace
Dynamic logic reconfiguration is a concept which allows for efficient on-the-fly modifications of combinational circuit behaviour in both ASIC and FPGA devices. The reconfiguration of Boolean functions is achieved by modification of their generators (e.g. shift register-based look-up tables) and it can be controlled from within the chip, without the necessity of any external intervention. This hardware polymorphism can be utilized for the implementation of side-channel attack countermeasures, as demonstrated by Sasdrich et al. for the lightweight cipher PRESENT. In this work we adopt these countermeasures to two of the AES finalists, namely Rijndael and Serpent. Just like PRESENT, both Rijndael and Serpent are block ciphers based on a substitution-permutation network. We describe the countermeasures and adjustments necessary to protect these ciphers using the resources available in modern Xilinx FPGAs. We describe our VHDL implementations and evaluate the side-channel leakage and effectiveness of different countermeasure combinations using a methodology based on Welch’s t-test. We did not detect any significant leakage from the fully protected versions of our implementations. We show that the countermeasures proposed by Sasdrich et al. are, with some modifications compared to the protected PRESENT implementation, successfully applicable to AES and Serpent.

Efficient algorithmic evaluation of correlation power analysis: Key distinguisher based on the correlation trace derivative

Rok
2019
Publikováno
Microprocessors and Microsystems. 2019, 2019(71), 1-8. ISSN 0141-9331.
Typ
Článek
Anotace
Correlation power analysis (CPA) is one of the most common side-channel attacks today, posing a threat to many modern ciphers, including AES. In the final step of this attack, the cipher key is usually extracted by the attacker by visually examining the correlation traces for each key guess. The naïve way to extract the correct key algorithmically is selecting the key guess with the maximum Pearson correlation coefficient. We propose another key distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard maximization, especially in the noisy environment, and it allows to significantly reduce the number of acquired power traces necessary to successfully mount an attack in noisy environment, and in some cases make the attack even feasible.

First-Order and Higher-Order Power Analysis: Computational Approaches and Aspects

Rok
2019
Publikováno
Proceedings of the 8th Mediterranean Conference on Embedded Computing - MECO'2019. Institute of Electrical and Electronics Engineers, Inc., 2019. p. 83-87. ISSN 2377-5475. ISBN 978-1-7281-1739-3.
Typ
Stať ve sborníku
Anotace
Side-channel analysis pose a serious threat to many modern cryptosystems. Using Correlation power analysis, attacker may be able to recover the cipher key and therefore jeopardize the whole cryptosystem, which is why many countermeasures are being developed. These countermeasures are typically effective against first-order attacks. However, protected implementations may still be vulnerable to higher-order analysis. In this paper, we compare different approaches to the higher-order analysis regarding their mathematical and performance properties. We focus on Correlation power analysis attack and the test vector leakage assesment using Welch’s t-test, we optimize and accelerate discussed algorithms using CPU and GPU, and we present our experimental results and remarks

SICAK: An open-source SIde-Channel Analysis toolKit

Rok
2019
Publikováno
8th Workshop on Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE 2019). Karlsruhe Institute of Technology, 2019.
Typ
Stať ve sborníku
Anotace
Side-channel cryptanalysis pose a serious threat to many modern cryptographic systems. Typical scenario of a side-channel attack consists of an active phase, where data are acquired, and of an analytical phase, where the data get examined and evaluated. This work presents a software toolkit which includes support for both phases of the side-channel attack. The toolkit consists of non-interactive text-based utilities with modular plug-in architecture. The measurement utility supports different oscilloscopes, target interfaces and measurement scenarios. The evaluation utilities include support for the test vector leakage assessment and the CPA attack. Different approaches to the algorithmical evaluation of the attack are implemented in order to extract the cipher key. The visualisation utility allows for the visual examination of the attack results by the user. The toolkit aims to be multiplatform and it is written using C/C++ with performance in mind. Time-demanding operations (such as the statistical analysis) are accelerated using OpenMP and OpenCL for an efficient computation on both CPU and GPU devices.

Attacking AES Implementations Using Correlation Power Analysis on ZYBO Zynq-7000 SoC Board

Autoři
Socha, P.; Brejník, J.; Bartík, M.
Rok
2018
Publikováno
2018 7th Mediterranean Conference on Embedded Computing (MECO). Piscataway: IEEE, 2018. p. 29-32. ISBN 978-1-5386-5683-9.
Typ
Stať ve sborníku
Anotace
Differential power analysis (DPA) and its enhanced variant, correlation power analysis (CPA), are one of the most common side channel attacks today. A dedicated hardware platform is often used when performing this kind of attack for experimental purposes. In this paper, we present the modifications of a common ZYBO board, that are necessary to perform the CPA attack. We illustrate the whole process of attacking both software and hardware implementations of AES-128 and we present our experimental results.

Correlation Power Analysis Distinguisher Based on the Correlation Trace Derivative

Rok
2018
Publikováno
Proceedings of the 21st Euromicro Conference on Digital System Design. Piscataway: IEEE, 2018. p. 565-568. ISBN 978-1-5386-7376-8.
Typ
Stať ve sborníku
Anotace
Correlation power analysis (CPA) is one of the most common side channel attacks today, posing a threat to many modern ciphers, including AES. The simplest method to extract the correct key guess is selecting the guess with the maximum Pearson correlation coefficient. We propose another distinguisher based on a significant change in the correlation trace rather than on the absolute value of the coefficient. Our approach performs better than the standard CPA, especially in the noisy environment.

Optimization of Pearson correlation coefficient calculation for DPA and comparison of different approaches

Rok
2017
Publikováno
Proceedings of the 2017 IEEE 20th International Symposium on Design and Diagnotics of Electronic Circuit & Systems. Piscataway, NJ: IEEE, 2017. p. 184-189. ISSN 2473-2117. ISBN 978-1-5386-0472-4.
Typ
Stať ve sborníku
Anotace
Differential power analysis (DPA) is one of the most common side channel attacks. To perform this attack we need to calculate a large amount of correlation coefficients. This amount is even higher when attacking FPGAs or ASICs, for higher order attacks and especially for attacking DPA protected devices. This article explains different approaches to the calculation of correlations, describes our implementation of these approaches and presents a detailed comparison considering their performance and their properties for a practical usage.