Constructive Side-Channel Analysis and Secure Design 6th International Workshop, COSADE 2015, Berlin, Germany, April 13-14, 2015. Revised Selected Papers

This book constitutes the thoroughly refereed post-conference proceedings of the 6th International Workshop, COSADE 2015, held in Berlin, Germany, in April 2015. The 17 revised full papers presented were carefully selected from 48 submissions. the focus of this workshop was on following topics: side...

Full description

Saved in:
Bibliographic Details
Main Authors Mangard, Stefan, Poschmann, Axel Y
Format eBook Book
LanguageEnglish
Published Cham Springer Nature 2015
Springer
Springer International Publishing AG
Edition1
SeriesLNCS sublibrary. SL 4, Security and cryptology
Subjects
Computer networks
Computer networks > Security measures > Congresses
Computer programming, programs, data
Computer security
Computer security > Congresses
Online AccessGet full text
ISBN3319214764
9783319214764
9783319214757
3319214756

Cover

Table of Contents:
  • Intro -- Preface -- Organization -- Contents -- Side-Channel Attacks -- Improving Non-profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-channel High-Resolution EM Measurements -- 1 Introduction -- 2 Preliminaries -- 2.1 Non-profiled Attacks Against Exponentiations -- 2.2 Multi-probe Measurements of Magnetic Fields -- 3 Improving Clustering-Based Attacks -- 3.1 PCA for Dimensionality Reduction and Feature Selection -- 3.2 Expectation-Maximization Clustering of Multi-channel Data -- 3.3 Classification Errors and Required Brute-Force Complexity -- 4 Practical Evaluation -- 4.1 Design-Under-Test and Multi-probe Setup -- 4.2 Quality of Principal Components -- 4.3 Analyzing Separate Channels -- 4.4 Combining Multiple Channels -- 5 Conclusion -- A Appendix -- A.1 Illustration of Principal Components After Transformation -- A.2 Countermeasures -- References -- Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis) -- 1 Introduction -- 2 Background -- 2.1 Notations -- 2.2 Template Attacks -- 2.3 Support Vector Machines -- 2.4 Random Forests -- 2.5 Experimental Setting -- 2.6 Evaluation Metrics -- 3 Perfect Profiling -- 4 Experiments with Imperfect Profiling -- 4.1 Nearly Perfect Profiling -- 4.2 Imperfect Profiling -- 5 Conclusion -- References -- Efficient Selection of Time Samples for Higher-Order DPA with Projection Pursuits -- 1 Introduction -- 2 Background -- 2.1 Measurement Setups -- 2.2 Objective Functions (Aka Evaluation Metrics) -- 3 Projection Pursuit Against Unprotected Devices -- 3.1 Projection Pursuit Algorithm -- 3.2 Experimental Results -- 4 Projection Pursuit Against Masked Implementations -- 4.1 Specialized Projection Pursuit Algorithm -- 4.2 Simulated Experiments -- 4.3 Measured Experiments -- 5 Conclusions -- References
  • 3 Design -- 3.1 Masking Architecture -- 3.2 Comparison of S-box Designs -- 4 Evaluation -- 4.1 Non-Specific Statistical t-test -- 4.2 Results -- 5 Conclusion -- References -- Timing Attacks and Countermeasures -- A Faster and More Realistic Flush+Reload Attack on AES -- 1 Introduction -- 2 Cache Side-Channel Attacks -- 2.1 Related Work -- 2.2 Memory Deduplication -- 2.3 The Flush+Reload Side-Channel Attack -- 3 Attack Description -- 3.1 A Single Cache Line Attack on AES -- 3.2 Distinguishers for the AES Attack -- 3.3 Attack Scenarios -- 4 Experiment Setup -- 5 Results -- 5.1 Cross-VM Execution Results -- 6 Conclusion -- References -- Faster Software for Fast Endomorphisms -- 1 Introduction -- 2 Background -- 2.1 GLV Curves -- 2.2 ECC in OpenSSL -- 3 Fast and Secure Software -- 3.1 GLV in OpenSSL -- 3.2 Regular Scalar Encodings -- 3.3 Software Multiplexing -- 4 Results -- 4.1 Performance -- 4.2 Security -- 5 Conclusion -- References -- Toward Secure Implementation of McEliece Decryption -- 1 Introduction -- 2 McEliece Public-Key Encryption -- 3 Decryption Oracle Attacks -- 3.1 Plaintext-Recovery Attacks -- 3.2 Secret Decryption Key Recovery Attacks -- 4 Extended Euclidean Algorithm with Constant Flow -- 5 Conclusion -- References -- Fault Attacks -- Fault Injection with a New Flavor: Memetic Algorithms Make a Difference -- 1 Introduction -- 1.1 Related Work -- 1.2 Our Contribution -- 2 Preliminaries -- 2.1 Smart Card Details -- 2.2 Verdict Classes and Boundaries -- 2.3 Search Space Parameters -- 3 Approach and Methods -- 3.1 Genetic Algorithm -- 3.2 Tabu Search -- 3.3 Local Search -- 3.4 Memetic Algorithm -- 4 Experiments and Results -- 4.1 Experimental Results -- 4.2 Finding Faults -- 4.3 Search Space Characterization -- 5 Conclusions and Future Work -- References -- Differential Fault Intensity Analysis on PRESENT and LED Block Ciphers
  • 1 Introduction -- 2 Background and Notation -- 2.1 Fault Model -- 2.2 Differential Fault Intensity Analysis Using Multiple Plaintexts -- 2.3 PRESENT Block Cipher -- 2.4 LED Block Cipher -- 2.5 Implementations of the Block Ciphers -- 3 DFIA Attack on PRESENT and LED -- 3.1 Biased Fault Injection in PRESENT and LED -- 3.2 Biased Faults in PRESENT and LED Exist -- 3.3 Post-processing of DFIA on PRESENT -- 3.4 Post-processing of DFIA on LED -- 4 Results -- 4.1 Results of DFIA on PRESENT and LED -- 4.2 Trade-Off Between Fault Injection Resolution and Number of Plaintexts -- 5 Related Work -- 6 Conclusion -- References -- A Biased Fault Attack on the Time Redundancy Countermeasure for AES -- 1 Introduction -- 2 Related Work -- 2.1 The Time Redundancy Countermeasure -- 2.2 Fault Attacks on AES -- 3 Fault Model and Fault Injection Set up -- 3.1 Fault Model -- 3.2 Fault Injection Set up -- 4 Effectiveness of the Biased Fault Model -- 5 Description of the Attack -- 5.1 General Attack Procedure -- 5.2 Distinguisher Functions -- 5.3 The Attack on Time Redundant AES-128 -- 6 Simulated Results -- 6.1 Simulation: Part-1 -- 6.2 Simulation: Part-2 -- 7 Experimental Results -- 7.1 Experimental Procedure -- 7.2 Fault Location Precision -- 8 Conclusions -- References -- Countermeasures -- Faster Mask Conversion with Lookup Tables -- 1 Introduction -- 2 Efficient Second-Order Secure Boolean to Arithmetic Masking -- 2.1 Boolean to Arithmetic Masking of Second-Order -- 2.2 Security Analysis -- 3 Efficient Second-Order Secure Arithmetic to Boolean Masking -- 4 Efficient First-Order Secure Masked Addition -- 5 Implementation Results -- 6 Conclusions -- References -- Towards Evaluating DPA Countermeasures for KECCAK on a Real ASIC -- 1 Introduction -- 2 The SpongeWrap Construction -- 3 Hardware Architecture of Zorro -- 3.1 3-Share, 3-Share*, and 4-Share Architectures
  • 4 Results -- 4.1 Hardware Figures of Zorro -- 4.2 Power-Analysis Results -- 5 Conclusions and Future Work -- References -- Hands-on Side-Channel Analysis -- Side-Channel Security Analysis of Ultra-Low-Power FRAM-Based MCUs -- 1 Introduction -- 2 Features -- 2.1 AES Accelerator -- 2.2 FRAM Architecture -- 3 Analyses -- 3.1 Setup -- 3.2 AES Hardware Accelerator -- 3.3 AES in Software -- 3.4 Cache -- 3.5 Internal Architecture -- 4 Conclusions -- References -- Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment -- 1 Introduction -- 2 Experimental Setup -- 2.1 Sensors -- 2.2 Radio Device -- 2.3 Software Components -- 2.4 Device Under Test (DUT) -- 2.5 Software on DUT -- 3 Emanations of Smartphones -- 4 Side Channel Attack Using Far-Field-Antennas -- 4.1 Correlation to Computations -- 4.2 Square-and-Multiply Algorithm -- 4.3 Evaluation of Attack -- 4.4 Other Devices -- 5 A Low-Cost Setup for EM Analysis -- 5.1 Reproduction of the Far-Field Attack -- 6 Summary -- References -- Author Index
  • Exploring the Resilience of Some Lightweight Ciphers Against Profiled Single Trace Attacks -- 1 Introduction -- 2 Overview of Ciphers, Notation and Implementation Characteristics -- 2.1 Implementation Characteristics -- 3 Assessing the Vulnerability to Profiled Single Trace Attacks -- 4 Attacking Selected Intermediates from a Single Encryption Round -- 4.1 Attack Strategy -- 4.2 Exploiting the `Basic' Attack Surface -- 4.3 Exploring the Impact of Increased Numbers of Intermediates -- 5 Attacking the Key Expansion -- 5.1 Attack Strategies -- 5.2 Attack Outcomes -- 6 Conclusion -- References -- Two Operands of Multipliers in Side-Channel Attack -- 1 Introduction -- 2 Single-Shot Collision Attack -- 2.1 Conventional Single-Shot Attacks -- 2.2 Multiple-Shot Internal Collision Attack by Witteman et al. [14] -- 2.3 Single-Shot Collision Attacks by Hanley et al. [8] -- 2.4 Proposed Extension of the Attack by Hanley et al. -- 3 Asymmetric Leakage -- 3.1 Asymmetry at Integer Multiplier Level -- 3.2 Asymmetry at Long-Integer Multiplication Level -- 4 Experiments -- 4.1 Setup -- 4.2 Multiple-Shot Leakage Using the Attack by Witteman et al. -- 4.3 Single-Shot Attack -- 5 Discussion -- 5.1 Leak Reduction by Designing Operand Order -- 5.2 Attack on Montgomery Powering Ladder -- 6 Conclusion -- References -- FPGA Countermeasures -- Evaluating the Duplication of Dual-Rail Precharge Logics on FPGAs -- 1 Introduction -- 1.1 Related Work -- 1.2 Motivation and Contribution -- 2 Logic Styles -- 3 Duplicating Circuits -- 3.1 Data-Dependent Time of Evaluation -- 3.2 Duplication Tool -- 4 Analysis -- 4.1 Side-Channel Evaluation -- 5 Conclusion -- References -- Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware -- 1 Introduction -- 2 Preliminaries -- 2.1 Memory Primitives -- 2.2 Randomized Look-Up Tables -- 2.3 Block Memory Content Scrambling