The Experts below are selected from a list of 497544 Experts worldwide ranked by ideXlab platform
Ingrid Verbauwhede - One of the best experts on this subject based on the ideXlab platform.
-
Scan attacks on side-channel and fault attack resistant public-key implementations
Journal of Cryptographic Engineering, 2012Co-Authors: Jean Da Rolt, Amitabh Das, Santosh Ghosh, Marie-lise Flottes, Bruno Rouzeyre, Giorgio Di Natale, Ingrid VerbauwhedeAbstract:Cryptographic devices are the targets of side-channel attacks, which exploit physical characteristics (e.g. power consumption) to compromise the system’s security. Several side-channel attacks and Countermeasures have been proposed in the literature in the past decade. However, Countermeasures are usually designed to resist attacks for a single side-channel. Few papers study the effects of a particular countermeasure on a specific side-channel attack on another attack which was not the target of the countermeasure. In this paper, we present scan-based side-channel attacks on public-key cryptographic hardware implementations in the presence Countermeasures for power analysis and fault attacks. These aspects were not considered in any of the previous work on scan attacks. We have also considered the effect of Design for Test structures such as test compression and X-masking in our work to illustrate the effectiveness of our proposed scan-attack on practical implementations. Experimental results showing the requirement of the number of messages/points and retrieval time are presented to evaluate the complexity of the attacks. Results show that algorithmic Countermeasures for Simple Power Analysis and Fault attack are not immune against our differential scan-attacks, whereas the algorithmic Countermeasures against Differential Power Analysis are secure against such scan-attacks.
-
An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost
Cryptography and Security: From Theory to Applications, 2012Co-Authors: Junfeng Fan, Ingrid VerbauwhedeAbstract:Unprotected implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and Countermeasures is of paramount importance to system designers. This paper summarises known physical attacks and Countermeasures on Elliptic Curve Cryptosystems. For implementers of elliptic curve cryptography, this paper can be used as a road map for countermeasure selection in the early design stages.
-
state of the art of secure ecc implementations a survey on known side channel attacks and Countermeasures
Hardware-Oriented Security and Trust, 2010Co-Authors: Junfeng Fan, Xu Guo, Elke De Mulder, Patrick Schaumont, Bart Preneel, Ingrid VerbauwhedeAbstract:Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and Countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and Countermeasures on Elliptic Curve Cryptosystems. Instead of repeating the details of different attacks, we focus on a systematic way of organizing and understanding known attacks and Countermeasures. Three principles of selecting Countermeasures to thwart multiple attacks are given. This paper can be used as a road map for countermeasure selection in a first design iteration.
-
power and fault analysis resistance in hardware through dynamic reconfiguration
Cryptographic Hardware and Embedded Systems, 2008Co-Authors: Nele Mentens, Benedikt Gierlichs, Ingrid VerbauwhedeAbstract:Dynamically reconfigurable systems are known to have many advantages such as area and power reduction. The drawbacks of these systems are the reconfiguration delay and the overhead needed to provide reconfigurability. We show that dynamic reconfiguration can also improve the resistance of cryptographic systems against physical attacks. First, we demonstrate how dynamic reconfiguration can realize a range of Countermeasures which are standard for software implementations and that were practically not portable to hardware so far. Second, we introduce a new class of countermeasure that, to the best of our knowledge, has not been considered so far. This type of countermeasure provides increased resistance, in particular against fault attacks, by randomly changing the physical location of functional blocks on the chip area at run-time. Third, we show how fault detection can be provided on certain devices with negligible area-overhead. The partial bitstreams can be read back from the reconfigurable areas and compared to a reference version at run-time and inside the device. For each countermeasure, we propose a prototype architecture and evaluate the cost and security level it provides. All proposed Countermeasures do not change the device's input-output behavior, thus they are transparent to upper-level protocols. Moreover, they can be implemented jointly and complemented by other Countermeasures on algorithm-, circuit-, and gate-level.
David Naccache - One of the best experts on this subject based on the ideXlab platform.
-
A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards
Journal of Cryptographic Engineering, 2013Co-Authors: Jean-luc Danger, CÉDRIC MURDICA, Philippe Hoogvorst, Sylvain Guilley, David NaccacheAbstract:Elliptic curve cryptography in embedded systems is vulnerable to side-channel attacks. Those attacks exploit biases in various kinds of leakages, such as power consumption, electromagnetic emanation, execution time, .... The integration of Countermeasures is required to thwart known attacks. No single countermeasure can cover the whole range of attacks; thus many of them shall be combined. However, as each of them has a non negligible cost, one cannot simply apply all of them. It is necessary to wisely select Countermeasures, depending on the context and on the trade-off between security and performance. This paper summarizes the side-channel attacks and Countermeasures on Elliptic Curve Cryptography. For each countermeasure, the cost in time and space is given. Some attacks are clarified such as the doubling attack; others are improved like the horizontal SVA, and new attacks are described like the horizontal attack against the unified formulae.
Jean-luc Danger - One of the best experts on this subject based on the ideXlab platform.
-
A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards
Journal of Cryptographic Engineering, 2013Co-Authors: Jean-luc Danger, CÉDRIC MURDICA, Philippe Hoogvorst, Sylvain Guilley, David NaccacheAbstract:Elliptic curve cryptography in embedded systems is vulnerable to side-channel attacks. Those attacks exploit biases in various kinds of leakages, such as power consumption, electromagnetic emanation, execution time, .... The integration of Countermeasures is required to thwart known attacks. No single countermeasure can cover the whole range of attacks; thus many of them shall be combined. However, as each of them has a non negligible cost, one cannot simply apply all of them. It is necessary to wisely select Countermeasures, depending on the context and on the trade-off between security and performance. This paper summarizes the side-channel attacks and Countermeasures on Elliptic Curve Cryptography. For each countermeasure, the cost in time and space is given. Some attacks are clarified such as the doubling attack; others are improved like the horizontal SVA, and new attacks are described like the horizontal attack against the unified formulae.
Jeanpierre Seifert - One of the best experts on this subject based on the ideXlab platform.
-
fault attacks on rsa with crt concrete results and practical Countermeasures
Cryptographic Hardware and Embedded Systems, 2002Co-Authors: Christian Aumuller, Peter Bier, Wieland Fischer, Peter Hofreiter, Jeanpierre SeifertAbstract:This article describes concrete results and practically validated Countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware Countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software Countermeasures.We start by describing our laboratory setting for the attacks. Hereafter, we describe the experiments and results of a straightforward implementation of a well-known countermeasure. This implementation turned out to be not sufficient. With the data obtained by these experiments we developed a practical error model. This enabled us to specify enhanced software Countermeasures for which we were not able to produce any successful attacks on the investigated chips.Nevertheless, we are convinced that only sophisticated hardware Countermeasures (sensors, filters, etc.) in combination with software Countermeasures will be able to provide security.
Sylvain Guilley - One of the best experts on this subject based on the ideXlab platform.
-
Countermeasures Against High-Order Fault-Injection Attacks on CRT-RSA
2014Co-Authors: Pablo Rauzy, Sylvain GuilleyAbstract:In this paper we study the existing CRT-RSA Countermeasures against fault-injection at-tacks. In an attempt to classify them we get to achieve deep understanding of how they work. We show that the many Countermeasures that we study (and their variations) actually share a number of common features, but optimize them in different ways. We also show that there is no conceptual distinction between test-based and infective Countermeasures and how either one can be transformed into the other. Furthermore, we show that faults on the code (skipping instructions) can be captured by considering only faults on the data. These intermediate results allow us to improve the state of the art in several ways: (a) we fix an existing and that was known to be broken countermeasure (namely the one from Shamir); (b) we drastically optimize an existing countermeasure (namely the one from Vigilant) which we reduce to 3 tests instead of 9 in its original version, and prove that it resists not only one fault but also an arbitrary number of randomizing faults; (c) we also show how to upgrade Countermeasures to resist any given number of faults: given a correct first-order countermeasure, we present a way to design a prov-able high-order countermeasure (for a well-defined and reasonable fault model). Finally, we pave the way for a generic approach against fault attacks for any modular arithmetic computations, and thus for the automatic insertion of Countermeasures.
-
A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards
Journal of Cryptographic Engineering, 2013Co-Authors: Jean-luc Danger, CÉDRIC MURDICA, Philippe Hoogvorst, Sylvain Guilley, David NaccacheAbstract:Elliptic curve cryptography in embedded systems is vulnerable to side-channel attacks. Those attacks exploit biases in various kinds of leakages, such as power consumption, electromagnetic emanation, execution time, .... The integration of Countermeasures is required to thwart known attacks. No single countermeasure can cover the whole range of attacks; thus many of them shall be combined. However, as each of them has a non negligible cost, one cannot simply apply all of them. It is necessary to wisely select Countermeasures, depending on the context and on the trade-off between security and performance. This paper summarizes the side-channel attacks and Countermeasures on Elliptic Curve Cryptography. For each countermeasure, the cost in time and space is given. Some attacks are clarified such as the doubling attack; others are improved like the horizontal SVA, and new attacks are described like the horizontal attack against the unified formulae.
