Pankaj Rohatgi

How to Sign Digital Streams

We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise an extremely efficient solution. The second case is for a (potentially infinite) stream which is not known in advance to the sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications in other areas, for example, efficient authentication of long files when communication is at a cost and signature based filtering at a proxy server.

Trojan Detection using IC Fingerprinting

Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.

The EM Side-Channel(s)

We present results of a systematic investigation of leakage of compromising information via electromagnetic (EM) emanations from CMOS devices. These emanations are shown to consist of a multiplicity of signals, each leaking somewhat different information about the underlying computation. We show that not only can EM emanations be used to attack cryptographic devices where the power side-channel is unavailable, they can even be used to break power analysis countermeasures.

Cryptographic Hardware and Embedded Systems – CHES 2008

Side-Channel Analysis 1.- Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform.- Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs.- Multiple-Differential Side-Channel Collision Attacks on AES.- Implementations 1.- Time-Area Optimized Public-Key Engines: -Cryptosystems as Replacement for Elliptic Curves?.- Ultra High Performance ECC over NIST Primes on Commercial FPGAs.- Exploiting the Power of GPUs for Asymmetric Cryptography.- Fault Analysis 1.- High-Performance Concurrent Error Detection Scheme for AES Hardware.- A Lightweight Concurrent Fault Detection Scheme for the AES S-Boxes Using Normal Basis.- RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks.- Random Number Generation.- A Design for a Physical RNG with Robust Entropy Estimators.- Fast Digital TRNG Based on Metastable Ring Oscillator.- Efficient Helper Data Key Extractor on FPGAs.- Side-Channel Analysis 2.- The Carry Leakage on the Randomized Exponent Countermeasure.- Recovering Secret Keys from Weak Side Channel Traces of Differing Lengths.- Attacking State-of-the-Art Software Countermeasures-A Case Study for AES.- Cryptography and Cryptanalysis.- Binary Edwards Curves.- A Real-World Attack Breaking A5/1 within Hours.- Hash Functions and RFID Tags: Mind the Gap.- Implementations 2.- A New Bit-Serial Architecture for Field Multiplication Using Polynomial Bases.- A Very Compact Hardware Implementation of the MISTY1 Block Cipher.- Light-Weight Instruction Set Extensions for Bit-Sliced Cryptography.- Fault Analysis 2.- Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration.- RFID and Its Vulnerability to Faults.- Perturbating RSA Public Keys: An Improved Attack.- Side-Channel Analysis 3.- Divided Backend Duplication Methodology for Balanced Dual Rail Routing.- Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages.- Mutual Information Analysis.- Invited Talks.- RSA-Past, Present, Future.- A Vision for Platform Security.

Efficient Rijndael Encryption Implementation with Composite Field Arithmetic

We explore the use of subfield arithmetic for efficient implementations of Galois Field arithmetic especially in the context of the Rijndael block cipher. Our technique involves mapping field elements to a composite field representation. We describe how to select a representation which minimizes the computation cost of the relevant arithmetic, taking into account the cost of the mapping as well. Our method results in a very compact and fast gate circuit for Rijndael encryption. In conjunction with bit-slicing techniques applied to newly proposed parallelizable modes of operation, our circuit leads to a high-performance software implementation for Rijndael encryption which offers significant speedup compared to previously reported implementations.

Introduction to differential power analysis

The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs. This paper examines how information leaked through power consumption and other side channels can be analyzed to extract secret keys from a wide range of devices. The attacks are practical, non-invasive, and highly effective—even against complex and noisy systems where cryptographic computations account for only a small fraction of the overall power consumption. We also introduce approaches for preventing DPA attacks and for building cryptosystems that remain secure even when implemented in hardware that leaks.

Towards Sound Approaches to Counteract Power-Analysis Attacks

Side channel cryptanalysis techniques, such as the analysis of instantaneous power consumption, have been extremely effective in attacking implementations on simple hardware platforms. There are several proposed solutions to resist these attacks, most of which are ad-hoc and can easily be rendered ineffective. A scientific approach is to create a model for the physical characteristics of the device, and then design implementations provably secure in that model, i.e, they resist generic attacks with an a priori bound on the number of experiments. We propose an abstract model which approximates power consumption in most devices and in particular small single-chip devices. Using this, we propose a generic technique to create provably resistant implementations for devices where the power model has reasonable properties, and a source of randomness exists. We prove a lower bound on the number of experiments required to mount statistical attacks on devices whose physical characteristics satisfy reasonable properties.

A compact and fast hybrid signature scheme for multicast packet authentication

This paper proposes a compact and fast hybrid signature scheme that can be used to solve the problem of packet source authentication for multicast. This scheme can be viewed as an improvement to off-line/on-line signature schemes, in that the signature size overhead is much smaller. Since this is a generic technique, it should have applications to several other practical problems as well.

XenSocket: a high-throughput interdomain transport for virtual machines

This paper presents the design and implementation of XenSocket, a UNIX-domain-socket-like construct for high-throughput in-terdomain (VM-to-VM) communication on the same system. The design of XenSocket replaces the Xen page-flipping mechanism with a static circular memory buffer shared between two domains, wherein information is written by one domain and read asynchronously by the other domain. XenSocket draws on best-practice work in this field and avoids incurring the overhead of multiple hypercalls and memory page table updates by aggregating what were previously multiple operations on multiple network packets into one or more large operations on the shared buffer. While the reference implementation (and name) of XenSocket is written against the Xen virtual machine monitor, the principle behind XenSocket applies broadly across the field of virtual machines.

Multi-channel Attacks

We introduce multi-channel attacks, i.e., side-channel attacks which utilize multiple side-channels such as power and EM simultaneously. We propose an adversarial model which combines a CMOS leakage model and the maximum-likelihood principle for performing and analyzing such attacks. This model is essential for deriving the optimal and very often counter-intuitive techniques for channel selection and data analysis. We show that using multiple channels is better for template attacks by experimentally showing a three-fold reduction in the error probability. Developing sound countermeasures against multi-channel attacks requires a rigorous leakage assessment methodology. Under suitable assumptions and approximations, our model also yields a practical assessment methodology for net information leakage from the power and all available EM channels in constrained devices such as chip-cards. Classical DPA/DEMA style attacks assume an adversary weaker than that of our model. For this adversary, we apply the maximum-likelihood principle to such design new and more efficient single and multiple-channel DPA/DEMA attacks.