Marc Stöttinger

A timing attack against patterson algorithm in the McEliece PKC

The security of McEliece public-key cryptosystem is based on the difficulty of the decoding problem which is NP-hard. In this paper we propose a timing attack on the Patterson Algorithm, which is used for efficient decoding in Goppa codes. The attack is based on the relation between the error vector weight and the iteration number of the extended Euclidean algorithm used in Patterson Algorithm. This attack enables the extraction of the secret error vector with minimal overhead. A countermeasure is proposed and verified for a FPGA implementation.

A stochastic method for security evaluation of cryptographic FPGA implementations

We introduce a stochastic method for the security evaluation and dynamic power consumption analysis in the context of side-channel analysis. This method allows to estimate data-dependent power consumption induced by secret parameters, e.g. a cryptographic key, which may be exploited in power attacks. In particular, IP-cores for security applications on FPGAs have to be made secure against these attacks. We show that the same stochastic methods provide FPGA designers constructive feedback on the information leakage of the design. Applied as a constructive tool these stochastic methods allow the designer to quantify the side-channel resistance and weaknesses of the IP-core design, a feature which supports the design of secure and side-channel resistant implementations, especially on FPGAs.

Side channel analysis of the SHA-3 finalists

At the cutting edge of todays security research and development, the SHA-3 competition evaluates a new secure hashing standard in succession to SHA-2. The five remaining candidates of the SHA-3 competition are BLAKE, Grøstl, JH, Keccak, and Skein. While the main focus was on the algorithmic security of the candidates, a side channel analysis has only been performed for BLAKE and Grøstl [1]. In order to equally evaluate all candidates, we identify side channel attacks on JH-MAC, Keccak-MAC, and Skein-MAC and demonstrate the applicability of the attacks by attacking their respective reference implementation. Additionally, we revisit the side channel analysis of Grøstl and introduce a profiling based side channel attack, which emphasizes the importance of side channel resistant hash functions by recovering the input to the hash function using only the measured power consumption.

Revealing side-channel issues of complex circuits by enhanced leakage models

In the light of implementation attacks a better understanding of complex circuits of security sensitive applications is an important issue. Appropriate evaluation tools and metrics are required to understand the origin of implementation flaws within the design process. The selected leakage model has significant influence on the reliability of evaluation results concerning the side-channel resistance of a cryptographic implementation. In this contribution we introduce methods, which determine the accuracy of the leakage characterization and allow to quantify the signal-to-noise ratio. This allows a quantitative assessment of the side-channel resistance of an implementation without launching an attack. We validate the conclusions drawn from our new methods by real attacks and obtain similar results. Compared to the commonly used Hamming Distance model in our experiments enhanced leakage models increased the attack efficiency by up to 500%.

A simple power analysis attack on a McEliece cryptoprocessor

The security of McEliece public-key cryptosystem is based on the difficulty of the decoding problem which is NP-hard. In this article, we propose a simple power analysis attack on this cryptosystem. The attack exploits an information leakage, which results from the relation between the error vector weight and the iteration number of the extended Euclidean algorithm used in Patterson Algorithm. Executing the proposed attacks enables the extraction of the secret error vector, and thus the plain text with minimal overhead. A countermeasure is presented which removes the information leakage and prevents the simple power analysis attack. The attack procedure and the countermeasure are applied to a cryptoprocessor implementation of the McEliece cryptosystem running on a FPGA platform.

A new difference method for side-channel analysis with high-dimensional leakage models

The goal of the DPA contest v2 (2009 --- 2010) was to find the most efficient side-channel attack against a particular unprotected AES-128 hardware implementation. In this paper we discuss two problems of general importance that affect the success rate of profiling based attacks, and we provide effective solutions. First, we consider the impact of temperature variations on the power consumption, which causes a so-called drifting offset. To cope with this problem we introduce a new method called Offset Tolerant Method (OTM) and adjust OTM to the stochastic approach (SA-OTM). The second important issue of this paper concerns the choice of an appropriate leakage model as this determines the success rate of SA and SA-OTM. Experiments with high-dimensional leakage models show that the overall leakage is not only caused by independent transitions of bit lines. Compared to the formely best submitted attack of the DPA contest v2 the combination of SA-OTM with high-dimensional leakage models reduces the required number of power traces to 50%.

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest

Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.

How a Symmetry Metric Assists Side-Channel Evaluation - A Novel Model Verification Method for Power Analysis

Side-channel analysis has become an important field of research for the semiconductor industry and for the academic sector as well. Of particular interest is constructive side-channel analysis as it supports a target-oriented associated design process. The main goal is to increase the side-channel resistance of cryptographic implementations within the design phase by a combination of advanced stochastic methods with design methods, tools, and countermeasures. In this contribution we present a new enhanced tool that utilizes symmetry properties to assist the side-channel evaluation of cryptographic implementations. This technique applies a symmetry metric, which is introduced as an engineering tool to verify the suitability of the leakage model in the evaluation phase of security-sensitive designs. Additionally, this approach also supports the designer in the selection of appropriate time instants.

Hardware trojan design and detection: a practical evaluation

Hardware Trojan design and detection have been extensively studied during the last years. In this work we investigate non-invasive detection methods utilizing so-called side-channel analysis. In the past, almost all proposed detection techniques have been evaluated based on simulations only and thus, the question remains how well they perform in practice. Therefore, we perform a practical evaluation of two previously published Trojan detection methods based on principal component analysis. We evaluate those methods on various designs of a complete functional lightweight hardware Trojan embedded in a PRESENT block cipher circuit. More precisely, we investigate how well the simulations match our practical results and reveal some shortcomings. Subsequently, we introduce a new detection method exploiting statistical properties of the probability distribution functions built from side-channel measurements and show that it is more robust to measurement noise than previously presented methods.

Among slow dwarfs and fast giants: A systematic design space exploration of KECCAK

The SHA-3 competition ended in late 2012 by announcing KECCAK as the winning algorithm. During the contest, several criteria were evaluated for hardware implementations, foremost the resource consumption, the throughput and the tradeoff between both criteria. Unfortunately, especially for lightweight and midrange implementations, a clear rationale for the design choices were missing most of the time. Therefore, in this paper a new methodology is proposed to evaluate such implementations using a new and systematic procedure. With this novel approach we show, that there are several different implementation styles to implement KECCAK with different tradeoffs. Furthermore, we substantiate the usefulness of the new methodology with several concrete and competitive implementations. These implementations are derived from our evaluation estimates and add several data points for midrange and lightweight designs to the current state of the art.