Side Channel Attacks

Transcript

1. Side channel attacks Àòàêè ïî ñòîðîííèì êàíàëàì íà êðèïòîñèñòåìû Íèêèòà

   Ñåðãååâè÷ Âåùèêîâ Îêòÿáðü 2014

2. Ââåäåíèå 2 / 51

3. Êòî çäåñü? Êàðòèíêè [Wikipedia, ULB, QualSec, SideChannelPerspective, Family Guy, freedigitalphotos.net]

   1 / 51

4. Î ÷åì ïîéäåò ðå÷ü? 2 / 51

5. Âñïîìíèòü âñ¼ 3 / 51

6. Âñïîìíèòü âñ¼ 4 / 51

7. Îò êóäà áåðóòñÿ ñòîðîííèå êàíàëû? 5 / 51

8. Îò êóäà áåðóòñÿ ñòîðîííèå êàíàëû? 6 / 51

9. Âèäû àòàê è ñáîð èíôîðìàöèè 7 / 51

10. Âèäû àòàê 8 / 51

11. ß ïðîñòî ïîñìîòðåòü! ‘sidechannelperspective.com“ 9 / 51

12. À ÷òî ýòî âû òóò äåëàåòå? ‘verm—nCPHIQ“ 10 / 51

13. À åñëè åãî âåíèêîì? ‘rutterPHIR“ 11 / 51

14. À åñëè åãî âåíèêîì? ‘rutterPHIR“ 12 / 51

15. ×òî òàì ñïðÿòàíî âíóòðè? ‘rutterPHIR“ 13 / 51

16. ×òî òàì ñïðÿòàíî âíóòðè? ‘f—tin—PHIR“ 14 / 51

17. Âàðâàðñòâî â âûñøåé ñòåïåíè ‘rutterPHIR“ 15 / 51

18. Âàðâàðñòâî â âûñøåé ñòåïåíè ‘rutterPHIR“ 16 / 51

19. Ïðèìåðû àòàê ïî ñòîðîííèì êàíàëàì 17 / 51

20. Çâóê 18 / 51

21. Àêóñòè÷åñêèé êðèïòîàíàëèç ‘qenkinCPHIQ“ 19 / 51

22. Ñïåêòðîãðàììà ‘qenkinCPHIQ“ 20 / 51

23. GPG - RSA ‘qenkinCPHIQ“ 21 / 51

24. Ñâåò 22 / 51

25. Êàìåðà ‘ur¤ —merCPHIQ“ 23 / 51

26. Êàðòà óñòðîéñòâà ‘ur¤ —merCPHIQ“ 24 / 51

27. Ðåãèñòðû ‘ur¤ —merCPHIQ“ 25 / 51

28. Ïàìÿòü ‘ur¤ —merCPHIQ“ 26 / 51

29. Âðåìÿ 27 / 51

30. RSA Require: M, n, exp Ensure: C = Mexp mod

    n if expk−1 = 1 then C = M else C = 1 for i = k − 2 downto 0 do C = C2 mod n if expi = 1 then C = C × M mod n ‘uo™herIWWT“ 28 / 51

31. OpenSSL 29 / 51

32. OpenSSL ‘g—nvelCPHHP“ 30 / 51

33. Ýíåðãîïîòðåáëåíèå 31 / 51

34. RSA - SPA ‘f—tin—PHIQ“ 32 / 51

35. RSA - SPA ‘f—tin—PHIQ“ 33 / 51

36. RSA - SPA 34 / 51

37. RSA - SPA ‘uo™herCIWWW“ 35 / 51

38. Ýòî ÷òî çà ïîêåìîí àëãîðèòì? ‘f—tin—PHIR“ 36 / 51

39. AES - CPA ‘f—tin—PHIR“ CPA idea Íàáîð (çàøèôðîâàííûõ / îòêðûòûõ)

    òåêñòîâ Íàáîð âðåìåííûõ ðÿäîâ (ñ îñöèëëîãðàôà) correlation(Lf (Sbox(key[i][j] ⊕ msg[i][j])), Power) ‘frierCPHHR“ 37 / 51

40. AES - CPA ‘f—tin—PHIR“ CPA idea Íàáîð (çàøèôðîâàííûõ / îòêðûòûõ)

    òåêñòîâ Íàáîð âðåìåííûõ ðÿäîâ (ñ îñöèëëîãðàôà) correlation(Lf (Sbox(key[i][j] ⊕ msg[i][j])), Power) ‘frierCPHHR“ 38 / 51

41. CPA ‘f—tin—PHIQ“ 39 / 51

42. AES - CPA/DPA ‘f—tin—PHIR“ 40 / 51

43. AES - CPA 0 50 100 150 200 250 0.00

    0.05 0.10 0.15 Key byte value abs(correlation) q0x70 ‘h€ev—˜“ 41 / 51

44. AES - CPA áàéòû ‘h€ev—˜“ 42 / 51

45. AES - CPA êîëè÷åñòâî äàííûõ ‘h€ev—˜“ 43 / 51

46. Ñïîñîáû çàùèòû 44 / 51

47. ×òî æå äåëàòü? 45 / 51

48. Çàêëþ÷åíèå 46 / 51

49. Çàêëþ÷åíèå Àòàêè ïî ñòîðîííèì êàíàëàì  ñåðü¼çíàÿ óãðîçà Íîâûå âèäû

    àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþ êðèïòîãðàôèþ1 1åñëè âû íå êðèïòîãðàô 47 / 51

50. Çàêëþ÷åíèå Àòàêè ïî ñòîðîííèì êàíàëàì  ñåðü¼çíàÿ óãðîçà Íîâûå âèäû

    àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþ êðèïòîãðàôèþ1 1åñëè âû íå êðèïòîãðàô 48 / 51

51. Çàêëþ÷åíèå Àòàêè ïî ñòîðîííèì êàíàëàì  ñåðü¼çíàÿ óãðîçà Íîâûå âèäû

    àòàê ïîÿâëÿþòñÿ ðåãóëÿðíî Íå ïèøèòå è íå ïðèäóìûâàéòå ñâîþ ñîáñòâåííóþ êðèïòîãðàôèþ1 1åñëè âû íå êðèïòîãðàô 49 / 51

52. Ñïèñîê ëèòåðàòóðû ƒFw—ng—rd et —lFD €ower en—lysis ett—™ksD PHHU €FgFuo™herD

    „iming ett—™ks on smplement—tions of hi0eErellm—nD ‚ƒeD hƒƒD —nd yther ƒystemsD IWWT €Fuo™her et —lFD hi'erenti—l €ower en—lysisD IWWW fFg—nvel et —lFD €—ssword snter™eption in — ƒƒvG„vƒ gh—nnelD PHHP iFfrier et —lFD gorrel—tion power —n—lysis with — le—k—ge modelD PHHR hFqenkin et —lFD ‚ƒe uey ixtr—™tion vi— vowEf—ndwidth e™ousti™ grypt—n—lysisD PHIQ tFur¤ —mer et —lFD hi'erenti—l €hotoni™ imission en—lysisD PHIQ vFverm—nD et —lFD ƒemiEƒupervised „empl—te ett—™kD PHIQ vFf—tin—D sntrodu™iton to implement—tion —tt—™ks @presF el˜en—D PHIQ 8 ƒi˜enikD PHIRA wFrutterD p—ult ett—™ks —nd gounterme—sures @presF ƒi˜enikD PHIRA 50 / 51

53. Âîïðîñû? Êîììåíòàðèè? Ñìèðèòåëüíûå ðóáàøêè? http://sidechannelperspective.com http://qualsec.ulb.ac.be/ http://ulb.ac.be/di/dpalab/ [email protected] 51 /

    51