Side-Channel Attacks meet Secure Network Protocols

Biryukov, Alex; Dinu, Dumitru-Daniel; Le Corre, Yann

doi:10.1007/978-3-319-61204-1_22

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Side-Channel Attacks meet Secure Network Protocols

Biryukov, Alex; Dinu, Dumitru-Daniel; Le Corre, Yann

2017 • In Gollmann, Dieter; Miyaji, Atsuko; Kikuchi, Hiroaki (Eds.) Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017. Proceedings

Peer reviewed

Permalink
https://hdl.handle.net/10993/31797

DOI
10.1007/978-3-319-61204-1_22

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

ACNS2017.pdf

Author postprint (3.97 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Side-channel attack; Secure network protocol; CPA; AES

Abstract :

[en] Side-channel attacks are powerful tools for breaking systems that implement cryptographic algorithms. The Advanced Encryption Standard (AES) is widely used to secure data, including the communication within various network protocols. Major cryptographic libraries such as OpenSSL or ARM mbed TLS include at least one implementation of the AES. In this paper, we show that most implementations of the AES present in popular open-source cryptographic libraries are vulnerable to side-channel attacks, even in a network protocol scenario when the attacker has limited control of the input. We present an algorithm for symbolic processing of the AES state for any input configuration where several input bytes are variable and known, while the rest are fixed and unknown as is the case in most secure network protocols. Then, we classify all possible inputs into 25 independent evaluation cases depending on the number of bytes controlled by attacker and the number of rounds that must be attacked to recover the master key. Finally, we describe an optimal algorithm that can be used to recover the master key using Correlation Power Analysis (CPA) attacks. Our experimental results raise awareness of the insecurity of unprotected implementations of the AES used in network protocol stacks.

Disciplines :

Computer science

Author, co-author :

Biryukov, Alex ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Dinu, Dumitru-Daniel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Le Corre, Yann ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

Side-Channel Attacks meet Secure Network Protocols

Publication date :

June 2017

Event name :

15th International Conference on Applied Cryptography and Network Security (ACNS 2017)

Event place :

Kanazawa, Japan

Event date :

from 10-07-2017 to 12-07-2017

Audience :

International

Main work title :

Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017. Proceedings

Editor :

Gollmann, Dieter

Miyaji, Atsuko

Kikuchi, Hiroaki

Publisher :

Springer Verlag

Collection name :

Lecture Notes in Computer Science, volume 10355

Pages :

435-454

Peer reviewed :

Peer reviewed

Additional URL :

http://link.springer.com/chapter/10.1007/978-3-319-61204-1_22

FnR Project :

FNR4009992 - Applied Cryptography For The Internet Of Things, 2012 (01/07/2013-30/06/2016) - Alex Biryukov

Available on ORBilu :

since 24 July 2017

Statistics

Number of views

321 (28 by Unilu)

Number of downloads

2113 (31 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_4
ARM. mbed TLS. https://tls.mbed.org/.Accessed Apr 2017
Balasch, J., Gierlichs, B., Reparaz, O., Verbauwhede, I.: DPA, bitslicing and masking at 1 GHz. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 599–619. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48324-4_30
Biryukov, A., Dinu, D., Großschädl, J.: Correlation power analysis of lightweight block ciphers: from theory to practice. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 537–557. Springer, Cham (2016). doi:10. 1007/978-3-319-39555-5_29
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_2
cryptlib. The cryptlib Security Software Development Toolkit. http://www. cryptlib.com/.Accessed Apr 2017
Crypto++. Crypto++: a free C++ class library of cryptographic schemes. https://www.cryptopp.com/.Accessed Apr 2017
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)
Dworkin, M.J.: Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. NIST Special Publication 800-38C (2007)
GitHub. libtomcrypt: a fairly comprehensive, modular and portable cryptographic toolkit. https://github.com/libtom/libtomcrypt. Accessed Apr 2017
GitHub. mbed TLS - An open source, portable, easy to use, readable and flexible SSL library. https://github.com/ARMmbed/mbedtls/blob/development/library/aes.c. Accessed Apr 2017
GitHub. OpenSSL - TLS/SSL and crypto library. https://github.com/openssl/openssl/blob/master/crypto/aes/aes core.c. Accessed Apr 2017
Hofemeier, G., Chesebrough, R.: Introduction to intel AES-NI and intel secure key instructions. Technical report. https://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction to Intel Secure Key Instructions.pdf. Accessed Apr 2017
Housley, R.: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP). RFC 4309, December 2005. https://tools. ietf.org/html/rfc4309
IEEE. IEEE Standard for Low-Rate Wireless Networks. https://standards.ieee. org/about/get/802/802.15.html
Jaffe, J.: A first-order DPA attack against AES in counter mode with unknown initial counter. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 1–13. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_1
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10. 1007/3-540-48405-1_25
Libgcrypt. Libgcrypt: a general purpose cryptographic library based on the code from GnuPG. https://www.gnu.org/software/libgcrypt/.Accessed Apr 2017
libsodium. The Sodium crypto library (libsodium). https://download.libsodium. org/doc/.Accessed Apr 2017
Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: Armageddon: cache attacks on mobile devices. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 549–564. USENIX Association (2016)
LoRa Alliance. Wide Area Networks for IoT. https://www.lora-alliance.org/.Accessed Apr 2017
Nettle. Nettle - a low-level cryptographic library. http://www.lysator.liu.se/nisse/nettle/.Accessed Apr 2017
NIST. Specification for the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197 (2001)
O’Flynn, C., Chen, Z.: Power Analysis Attacks Against IEEE 802.15.4 Nodes. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 55–70. Springer, Cham (2016). doi:10.1007/978-3-319-43283-0_4
OpenSSL. Cryptography and SSL/TLS Toolkit. https://www.openssl.org/.Accessed Apr 2017
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). doi:10.1007/11605805_1
Randombit. mbed TLS. https://botan.randombit.net/.Accessed Apr 2017
Saab, S., Rohatgi, P., Hampel, C.: Side-channel protections for cryptographic instruction set extensions. Cryptology ePrint Archive, Report 2016/700 (2016). http://eprint.iacr.org/2016/700
Sastry, N., Wagner, D.: Security considerations for IEEE 802.15.4 networks. In: Jakobsson, M., Perrig, A. (eds.) Proceedings of the 2004 ACM Workshop on Wireless Security, Philadelphia, PA, USA, 1 October 2004, pp. 32–42. ACM (2004)
Schwabe, P., Stoffelen, K.: All the AES you need on Cortex-M3 and M4. In: Selected Areas in Cryptography-SAC (2016)
Song, J., Poovendran, R., Lee, J., Iwata, T.: The AES-CMAC algorithm. RFC 4493, June 2006. https://tools.ietf.org/html/rfc4493
STMicroelectronics. STM32 MCU Nucleo. http://www.st.com/en/evaluation-tools/stm32-mcu-nucleo.html. Accessed Apr 2017
Vadnala, P.K.: Time-memory trade-offs for side-channel resistant implementations of block ciphers. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 115–130. Springer, Cham (2017). doi:10.1007/978-3-319-52153-4_7
Whiting, D., Housley, R., and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610, September 2003. https://tools.ietf.org/html/rfc3610
wolfSSL. wolfCrypt Embedded Crypto Engine. https://www.wolfssl.com/wolfSSL/Products-wolfcrypt.html. Accessed Apr 2017