Using strong cryptographic primitives is not sufficient to obtain a secure system; the way these components are integrated into an actual application must also be studied with great care, at the risk of losing all the benefit of these strong components.
This thesis focuses on the weak links that may appear during this integration process. Rather than trying to break cryptographic primitives themselves, we will try to identify and exploit potential weaknesses appearing at various levels of the process, from protocol design to physical implementation. Countermeasures to these attacks, as well as some secure integration methods, are also proposed.
The first part considers physical attacks, with most attention devoted to timing attacks. We show how it is possible to recover an RSA secret key on the sole basis of running times. Through successive improvements of the model, we build an attack capable of recovering 512-bit RSA keys using only 5000-10000 time measurements. A timing attack against the future Advanced Encryption Standard (Rijndael), capable of recovering secret keys using roughly 3000 measurements per key byte, is also developed.
Part 2 discusses some cryptographic primitives. We propose a provably secure way of extending a fixed length RSA padding method into a general scheme processing arbitrary long input. The problem of true random number generation is then discussed, with special attention paid to practical entropy estimation methods, and we build a skeleton of random number generator aimed at producing very sensitive numbers on a general-purpose personal computer.
Part 3 deals with protocols. We first show how dangerous it can be to rely too much on an apparently unbreakable identification method such as biometrics, by presenting some ways of dodging the biometric device if it is not carefully integrated into a complete protocol. Finally, we bring to the fore a preliminary step of watermarking schemes (the vector extraction step) that, although always implicitly performed, seems to be often neglected, and therefore badly secured. A codemarking scheme is then proposed.