IACR News item: 02 November 2012
PhD Database
Name: Joern-Marc Schmidt
Topic: Implementation Attacks - Manipulating Devices to Reveal Their Secrets
Category: implementation
Description: Nowadays, embedded systems and smart cards are part of everyday life. With the proliferation of these devices the need for security increases. In order to meet this demand, cryptographic algorithms are applied. However, for implementations of such algorithms on mobile devices, not only the security from a cryptanalytical point of view, i.e. in a black box model, is important. This is because the practical realization of a theoretically secure algorithm can be insecure.
\r\n\r\nAn adversary with physical access to the device can benefit from its characteristics or influence its behavior. Methods that measure the properties of a device are passive implementation attacks. In contrast to passive methods, active implementation attacks try to manipulate the computation and benefit from the erroneous results. These methods are called fault attacks.
\r\n\r\nIn this thesis, we discuss the theory of implementation attacks as well as their practical realizations. New attacks and algorithmic countermeasures are presented. We show how to attack RSA implementations that make use of the square and multiply algorithm by manipulating the program flow. The attack is expanded to work on ECC and ECDSA. In order to protect devices against such attacks, we developed a countermeasure that secures the program flow of RSA and ECC implementations by an implicitly calculated program signature. Moreover, we present a probing attack on AES and discuss the problem of an untrusted external memory.
\r\n\r\nFurthermore, we describe our setups for different practical attacks. The possibilities range from low-cost methods using equipment for about 50 Euro up to high-end attacks, involving a focused ion beam (FIB). In particular, we performed non-invasive spike and glitch attacks, semi-invasive optical and electromagnetic fault induction, as well as an invasive chemical attack. In addition, we used a FIB for chip modification attacks.
\r\n\r\nMoreover, we applied fault i[...]
Topic: Implementation Attacks - Manipulating Devices to Reveal Their Secrets
Category: implementation
Description: Nowadays, embedded systems and smart cards are part of everyday life. With the proliferation of these devices the need for security increases. In order to meet this demand, cryptographic algorithms are applied. However, for implementations of such algorithms on mobile devices, not only the security from a cryptanalytical point of view, i.e. in a black box model, is important. This is because the practical realization of a theoretically secure algorithm can be insecure.
\r\n\r\nAn adversary with physical access to the device can benefit from its characteristics or influence its behavior. Methods that measure the properties of a device are passive implementation attacks. In contrast to passive methods, active implementation attacks try to manipulate the computation and benefit from the erroneous results. These methods are called fault attacks.
\r\n\r\nIn this thesis, we discuss the theory of implementation attacks as well as their practical realizations. New attacks and algorithmic countermeasures are presented. We show how to attack RSA implementations that make use of the square and multiply algorithm by manipulating the program flow. The attack is expanded to work on ECC and ECDSA. In order to protect devices against such attacks, we developed a countermeasure that secures the program flow of RSA and ECC implementations by an implicitly calculated program signature. Moreover, we present a probing attack on AES and discuss the problem of an untrusted external memory.
\r\n\r\nFurthermore, we describe our setups for different practical attacks. The possibilities range from low-cost methods using equipment for about 50 Euro up to high-end attacks, involving a focused ion beam (FIB). In particular, we performed non-invasive spike and glitch attacks, semi-invasive optical and electromagnetic fault induction, as well as an invasive chemical attack. In addition, we used a FIB for chip modification attacks.
\r\n\r\nMoreover, we applied fault i[...]
Additional news items may be found on the IACR news page.