A Formal Practice-Oriented Model for the Analysis of Side...
Transcript of A Formal Practice-Oriented Model for the Analysis of Side...
A Formal Practice-Oriented Model for the Analysis of Side-Channel Attacks
F.-X. Standaert, T.G. Malkin, M. Yunghttp://eprint.iacr.org/2006/139
Dept. of Computer Science, Columbia University.UCL Crypto Group, Université Catholique de Louvain.
RSA Laboratories.
January 2007
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 2
Part I: An Intuitive view of the model
- General context- Examples of unanswered questions => 1st observation- Comparison with black box attacks => 2nd observation- Conclusion
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 3
General Context
physical leakages
Side-channel attacks…
only uses the primitive’s inputs and outputs, e.g, the plaintexts, ciphertexts for block ciphers
additionally takes advantage of physical leakages, e.g. power consumption, timing information, electromagnetic radiation
Black box cryptanalysis…
E KP C
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 4
• Side-channel attacks (the story made short):
– Powerful but specific (usually target a particular implementation rather than an abstract algorithm)
– Still generic (most devices can be targeted)– Hard to evaluate (many different circuit technologies
and statistical distinguishers)– Hard to prevent (actual countermeasures usually
only make the attack more difficult)⇒ Many open questions
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 5
Example of (simple but)unanswered questions
Given one implementation, how to we compare two
side-channel adversaries?
DPA template
AES
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 6
Another example of unanswered questions
How to compare two different implementations of the same
cryptographic primitive??
AES
AES
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 7
First observation
• It is important to distinguish the quality of an implementation from the strength of a side-channel adversary
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 8
Comparison with black box attacks, e.g. linear cryptanalysis
query
response
DPA
linearcryptanalysis
query
response
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 9
• Both attacks work in two steps:
(1) Query the target and get information(2) Exploit the information with a distinguisher
• Both attacks yield two questions:
(1) What is the amount of information provided by the adversarial queries?
(2) How successfully can the adversary turn this information into a successful attack?
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 10
Second observation
• Black box attacks mainly care about security. Side-channel attacks don’t, because the same amount of queries to different implementations of the same primitive give rise to different amounts of information
⇒ Information discriminates different implementations
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 11
Conclusion
A formal model for the analysis of
side-channel attacks should consider:
implementations adversaries
information security
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 12
Intuitive expectations for the model
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 13
Part II: Precise description of the model
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 14
Motivations and objectives
• A formal practice oriented model:
– To understand the underlying mechanisms of physically observable cryptography
– To evaluate (i.e. analyze and compare) actual implementations and adversaries
– …to construct provably secure designs…
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 15
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 16
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 17
Background: Micali & Reyzin model
• TCC 2004:
Physically Observable Cryptography
• Very general model (but few positive results)
• An open question was to meaningfully restrict the model to realistic adversaries
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 18
MR’s Informal axioms
1. Computation and only computation leaks information
2. The same computation leaks differently on different computers
3. The information leakage depend on the chosen measurement
4. The information leakage is local (i.e. the maximum amount of information leaked by a device is the same in
any execution of the algorithm with the same inputs)
5. All information leaked through physical observations can be efficiently computed from a computer’s internal configuration
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 19
MR’s Definitions
• Abstract computer: with virtual memory Turing machines ’s (VTMs)
• Physical computer:
• Leakage functions: – Cα: abstract computer internal configuration– M: specification of the measurement– R: random string
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 20
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 21
Target circuit
Signals
Operations
Leakage function
Fault insertion function
Probing functions
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 22
• With respect to MR:– Oracles and operations can be translated into
abstract computers and VTMs– Signals are the VTM’s inputs/outputs
• Abstract computers = cryptographic primitives• Physical computers = implementations• Implementations may differ by:
– Their leakage function– Their division into elementary operations
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 23
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 24
Target block cipher
P
K
p1 p2 p3
k1 k2 k3
KR1
R1
SD4
D4SD3
SD2
SD1
SA4
D1SA3
SA2
SA1
SE4
D5SE3
SE2
SE1
SB4
D2SB3
SB2
SB1
SF4
D6SF3
SF2
SF1
SC4
D3SC3
SC2
SC1
R2 R3
KR2 KR3
C1 2 3 4
k0
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 25
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 26
Adversarial context
• Non adaptive known plaintext• Non adaptive known ciphertext
• Non adaptive chosen plaintext• Non adaptive chosen ciphertext
• Adaptive chosen plaintext• Adaptive chosen ciphertext
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 27
& Strategy
• Hard strategy:
Given some physical observations and a resulting classification of the key candidates,
select the best classified key only
• Soft strategy
Given some physical observations and
a resulting classification of the key candidates, select the h best classified keys
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 28
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 29
Generic side-channel attack
• According to some approximation of the leakage function, an adversary predicts (a part/function of) the key dependent leakages emanated from a device
• It then measures the actual leakages from the target physical implementation
• It finally compares the actual leakages with the key dependent predictions. If the attack is successful, it is expected that the correct key candidate gives rise to the best leakage prediction which can be detected with a side-channel distinguisher
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 30
Leakage predictions
Univaritate Multivaritate
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 31
Classification
• Non profiled
• Device profiled• Key profiled
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 32
Adversary definition
prediction function distinguisher
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 33
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 34
• Memory complexity:
– Size of the key guess: G
• Time and data complexity: τ, q
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 35
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 36
Definition of security:Side-channel key recovery
• Key recovery advantage of the adversary
• Key recovery advantage of the implementation
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 37
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage function• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 38
Evaluation of a side-channel attack
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 39
• Two questions to face:
– What is the amount of information provided by a given leakage function?
– How successfully can an adversary turn this information into a successful attack?
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 40
• : an observation generated by a secret Sg and q queries to the target device
• : the adversary’s predictions
• : the distinguisher used by the adversary to compare an actual observation of a leaking device with its key dependent predictions
Definitions
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 41
Security metric: average success rate
• Keys selected by the adversary (hard strategy):
• Index matrix:
• Success rate:
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 42
Example: Bayesian classifier
11/52/51/51/5
01/81/41/21/8
1/301/31/31/3
11/92/31/91/9
IndexS=3Sg=2S=1S=0
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 43
Information theoretic metric: mutual information
• Entropy matrix:
• Conditional entropy:
• Leakage matrix:
• Mutual information:
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 44
Example
-0.760.77-0.43-0.43
1/52/51/51/5
1/72/72/72/7
1/92/31/91/9
S=3Sg=2S=1S=0
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 45
• Definition: a leakage function is sound
• If provided with a sound leakage function, a Bayesian adversary with unlimited queries to the target device will eventually be successful– Intuitive meaning: there is enough information
in the side-channel observations
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 46
Combining security and IT metrics
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 47
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 48
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 49
• The security metric can be used to compare different adversaries
• The information theoretic metric can be used to compare different implementations
Exemplary applications
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 50
Outline
• Background: Micali & Reyzin model• Target circuit• Target block cipher• Adversarial context & strategy• Leakage predictions & adversary definition• Computational restrictions• Definition of security• Evaluation criteria• Evaluation methodology• Side-channel tradeoffs• Conclusions & open problems
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 51
Side-channel tradeoffs
• Flexibility vs. Efficiency
DPA … correlation … templates
• Information vs. Computation
hard strategy … soft strategy
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 52
Conclusions and open problems
• Introduction of a formal model for the analysis of cryptographic primitives against side-channel attacks as a specialization of Micali and Reyzin
• Both theoretical and practical contribution
• Open problems:– More analyzes of practical contexts
– Design of provably secure implementations– Optimal leakage prediction functions
/ distinguishers
A Formal Model for the Analysis of Side-Channel Attacks - January 2007 53
-THANKS-Send comments to:
More information on:
http://www.dice.ucl.ac.be/~fstandae/tsca/