DOCSLIB.ORG

Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment David P

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment David P Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 9-1-2013 Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment David P. Montminy Follow this and additional works at: https://scholar.afit.edu/etd Part of the Other Computer Engineering Commons, and the Other Electrical and Computer Engineering Commons Recommended Citation Montminy, David P., "Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment" (2013). Theses and Dissertations. 888. https://scholar.afit.edu/etd/888 This Dissertation is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. Enhancing Electromagnetic Side-Channel Analysis in an Operational Environment DISSERTATION David P. Montminy, Major, USAF AFIT{ENG{DS{13{S{01 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this dissertation are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. AFIT{ENG{DS{13{S{01 ENHANCING ELECTROMAGNETIC SIDE-CHANNEL ANALYSIS IN AN OPERATIONAL ENVIRONMENT DISSERTATION Presented to the Faculty of the Graduate School of Engineering and Management of the Air Force Institute of Technology Air University In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy David P. Montminy, B.S.E.E., M.S.C.E. Major, USAF September 2013 APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. To my parents and grandparents, The values you instilled in me as a child continue to served me well. To my wife and children, The love and support you have given me over the last three years has kept me strong and focused. This dissertation would not have been possible without your support. iii Acknowledgements Special thanks to my advisor Dr. Rusty Baldwin, whom I was lucky enough to first choose as my advisor for my master's degree. His continued support and encour- agement over the years led me back to AFIT for a PhD. With gentle guidance he allowed me to explore my interests while keeping my research focused. I would also like to thank my research committee, Dr. Temple and Dr. Oxley for the numerous document reviews and feedback sessions. David P. Montminy iv Table of Contents Page Acknowledgements . iv List of Figures . xii List of Tables . xv Abstract . xvi 1. Introduction . .1 1.1 Motivation . .2 1.2 Research Contributions . .3 1.3 Organization . .4 2. Background . .6 2.1 Introduction . .6 2.2 Cryptography Preliminaries . .7 2.2.1 Block Ciphers . .7 2.2.2 Advanced Encryption Standard . .8 2.2.3 Cryptanalysis of Block Ciphers . 12 2.3 Side-Channel Leakage . 14 2.3.1 Power Consumption . 14 2.3.2 Electromagnetic Emissions . 16 2.3.3 Other Side-Channels . 19 2.3.4 Leakage Models . 19 2.4 Side-Channel Attacks . 22 2.4.1 Types of Implementation Attacks . 23 v Page 2.4.2 Adversary Models . 23 2.4.3 Power and EM Analysis . 24 2.4.4 Simple Side-Channel Analysis . 25 2.4.5 Differential Side-Channel Analysis . 26 2.4.6 Profiling Attacks . 29 2.5 Countermeasures . 33 2.5.1 Masking . 33 2.5.2 Hiding . 34 2.6 Collecting Electromagnetic Emissions . 35 2.6.1 Electronic Noise . 36 2.6.2 Improving Collections . 36 2.7 Pre-Processing Processing Techniques . 38 2.7.1 Detecting Compromising Frequency Components 39 2.7.2 Trace Alignment . 42 2.7.3 Frequency-Based Analysis . 44 2.8 Algebraic Cryptanalysis . 45 2.8.1 Describing a Cipher . 45 2.8.2 Solving a System of Equations . 48 2.8.3 Using SAT Solvers . 48 2.8.4 Algebraic Side-Channel Analysis . 50 2.8.5 Related Key Recovery Techniques . 53 2.9 Summary . 55 3. Methodology . 57 3.1 Data Collection . 57 3.2 Targeted Devices . 60 3.2.1 PIC Microcontrollers . 60 3.2.2 ARM Cortex-M4F . 62 vi Page 3.3 Signal Processing Techniques . 65 3.3.1 Filtering . 65 3.3.2 Decimation . 67 3.3.3 Alignment . 67 3.4 Correlation-Based Electromagnetic Analysis . 68 3.4.1 CEMA Attack Methodology . 68 3.4.2 Example CEMA Attack . 71 3.4.3 Known-Key Correlation Analysis . 72 3.4.4 Comparing Effectiveness of CEMA Attacks . 73 3.5 Identifying Information Leaking Frequencies . 74 3.5.1 Frequency Interval Break Down Approach . 75 3.5.2 Overlapping Frequency Interval Approach . 76 3.6 Template Attacks . 79 3.6.1 Class Identification . 81 3.6.2 Classifier Training . 81 3.6.3 Classifying Observed Traces . 82 3.6.4 Class Selection . 83 3.6.5 Distinguishing Feature Selection . 83 3.6.6 Comparing Effectiveness of Template Attacks 85 3.7 Algebraic Cryptanalysis . 86 3.7.1 Generating a System of Equations for AES-128 86 3.7.2 Converting to a SAT Problem . 87 3.7.3 Solving the System of Equations . 89 3.7.4 Unique Contributions of this SAT Solver Tool 89 3.8 Summary . 90 vii Page 4. Key Schedule Redundancy Attack . 91 4.1 Introduction . 91 4.2 Background . 93 4.2.1 Key Schedule Background . 93 4.3 Related Work . 94 4.4 The Attack . 97 4.4.1 Data Collection . 97 4.4.2 Targeted Intermediate Values . 98 4.4.3 Template Attack . 100 4.4.4 Reconciling Round Key-Byte Guesses . 101 4.5 Results and Comparison . 102 4.5.1 Evaluating Performance . 102 4.5.2 Comparison of Distinguishing Features . 103 4.5.3 Experimental Results . 104 4.5.4 Comparison . 108 4.6 Conclusion . 110 5. Improving Cross-Device Template Attacks . 112 5.1 Introduction . 112 5.2 Cross-Device EM leakage . 114 5.2.1 Compensating for Device Differences . 116 5.3 Experimental Methodology . 117 5.3.1 Targeted Devices . 117 5.3.2 Template Attack Methodology . 117 5.3.3 Distinguishing Feature Data Normalization . 119 5.4 Results . 120 5.4.1 Selected Features . 120 5.4.2 Baseline Standard Template Attack . 122 viii Page 5.4.3 MVN Technique Results . 125 5.4.4 PCA-based Attack . 127 5.4.5 Comparison of Attacks . 128 5.5 Conclusion . 131 5.6 Constructing a Master Template . 132 6. Cross-Device Attacks on Complex Microprocessors . 134 6.1 Introduction . 134 6.2 Related Work . 135 6.3 Methodology . 136 6.3.1 Device Leakage Cartography . 136 6.3.2 Identifying Unrelated Signals . 137 6.3.3 Combining Techniques . 140 6.4 Results . 141 6.4.1 Effectiveness of Cross-Device Methods . 141 6.4.2 Probe Position Tolerance . 144 6.4.3 Comparison of Successful CEMA and Template Attacks Locations . 147 6.4.4 Notch-Filtering for CEMA Attacks . 149 6.5 Conclusion . 150 7. Differential Electromagnetic Attacks on a 32-bit Microprocessor Using Software Defined Radios . 152 7.1 Introduction . 152 7.2 Background . 154 7.2.1 Triggering and Alignment . 154 7.2.2 Software Defined Radios . 155 7.3 Related Work . 156 7.4 Baseline Attack Performance . 157 ix Page 7.4.1 Electromagnetic Cartography Scan . 158 7.4.2 Correlation-Based Frequency-Dependent Leak- age Analysis . 159 7.4.3 Baseline Results . 161 7.5 Software Defined Radio Methodology . 163 7.5.1 Sub-Nyquist Sampling . 165 7.5.2 Software Defined Radios . 165 7.5.3 Identifying and Aligning Encryption Operations 167 7.5.4 Additional Processing for the RTL-SDR . 171 7.6 Software-Defined Radio Results . 171 7.6.1 USRP . 171 7.6.2 RTL-SDR . 177 7.6.3 Additional Observations . 180 7.6.4 Comparison of the Baseline and SDR Results 182 7.7 Conclusion and Future Work . 184 8. Conclusion . 186 8.1 Research Summary . 186 8.1.1 Algebraic Cryptanalysis . 186 8.1.2 Cross-Device Template Attacks . 188 8.1.3 Software Defined Radios (SDR) . 190 8.2 Recommendations for Future Research . 191 8.2.1 Algebraic Cryptanalysis . 191 8.2.2 Cross-Device Template Attacks . 192 8.2.3 Software Defined Radios . 193 Appendix A. Constructing and Solving Systems of Equations . 195 A.1 Conjunctive Normal Form . 195 x Page A.2 SAT Solvers . 196 A.3 Converting MQ to SAT . 196 A.3.1 Step 1: Convert the Polynomial System to a Lin- ear System . 197 A.3.2 Step 2: Linear System to CNF Expression . 197 A.3.3 Step 3: DIMACS CNF Form . 199 A.4 Methods for Solving Non-linear Multivariate Systems of Equations . 200 Appendix B. Writing AES-128 for a SAT Solver . 202 B.1 SR Polynomial Generator . 202 B.1.1 Variable Names . 204 B.2 ANF to CNF Converter . 205 B.2.1 Specifying Known Values . 205 B.2.2 SAT Solver . 207 B.3 Example Code . 207 B.3.1 Full System of Equations . 207 B.3.2 Key.
Load more

Recommended publications
  • Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers
    Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers Zhihui Shao∗ Mohammad A. Islam∗† Shaolei Ren University of California, Riverside University of Texas at Arlington University of California, Riverside [email protected] [email protected] [email protected] ABSTRACT program’s usage pattern of CPU resources, if detected by another Attacks based on power analysis have been long existing and stud- program, can be modulated for information transfer between the ied, with some recent works focused on data exfiltration from victim two [50, 57]. Consequently, to mitigate data theft risks, enterprise systems without using conventional communications (e.g., WiFi). users commonly have restricted access to outside networks — all Nonetheless, prior works typically rely on intrusive direct power data transfer from and to the outside is tightly scrutinized. measurement, either by implanting meters in the power outlet or Nevertheless, such systems may still suffer from data exfiltration tapping into the power cable, thus jeopardizing the stealthiness of at- attacks that bypass the conventional communications protocols tacks. In this paper, we propose NoDE (Noise for Data Exfiltration), (e.g., WiFi) by transforming the affected computer into a transmitter a new system for stealthy data exfiltration from enterprise desk- and establishing a covert channel. For example, the transmitting top computers. Specifically, NoDE achieves data exfiltration over computer can modulate the intensity of the generated acoustic a building’s power network by exploiting high-frequency voltage noise by varying its cooling fan or hard disk spinning speed to ripples (i.e., switching noises) generated by power factor correction carry 1/0 bit information (e.g., a high fan noise represents “1” and circuits built into today’s computers.
    [Show full text]
  • Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander
    Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander 2006 Link to publication Citation for published version (APA): Maximov, A. (2006). Some Words on Cryptanalysis of Stream Ciphers. Department of Information Technology, Lund Univeristy. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 Some Words on Cryptanalysis of Stream Ciphers Alexander Maximov Ph.D. Thesis, June 16, 2006 Alexander Maximov Department of Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.it.lth.se/ ISBN: 91-7167-039-4 ISRN: LUTEDX/TEIT-06/1035-SE c Alexander Maximov, 2006 Abstract n the world of cryptography, stream ciphers are known as primitives used Ito ensure privacy over a communication channel.
    [Show full text]
  • Sok: Design Tools for Side-Channel-Aware Implementations
    SoK: Design Tools for Side-Channel-Aware Implementations Ileana Buhan∗, Lejla Batina∗, Yuval Yarom†, and Patrick Schaumont‡ ∗ Radboud University, Digital Security † University of Adelaide and Data61 ‡ Worcester Polytechnic Institute Abstract—Side-channel attacks that leak sensitive information involve collecting side-channel traces, e.g., power traces, from through a computing device’s interaction with its physical envi- the device and analyzing these traces to demonstrate an attack ronment have proven to be a severe threat to devices’ security, or the existence of leaks. While effective, such methodologies particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure require the physical device’s presence for evaluation, and this the physical properties of the device. Hence, they cannot be demand poses significant challenges. used during the design process and fail to provide root cause In the pre-silicon stage of the development, the device does analysis. An alternative approach that is gaining traction is to not yet exist; hence it cannot be adequately assessed. Con- automate leakage detection by modeling the device. The demand versely, in the post-silicone stage, detailed design information to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. may not be accessible, for example, when using third-party In this SoK, we classify approaches to automated leakage components. Consequently, it may be challenging to identify detection based on the model’s source of truth. We classify the root cause of leakage. Moreover, detecting, verifying, and the existing tools on two main parameters: whether the model mitigating side-channel leaks require expert knowledge and includes measurements from a concrete device and the abstrac- expensive equipment.
    [Show full text]
  • Bad Cryptography Bruce Barnett Who Am I?
    Bad Cryptography Bruce Barnett Who am I? • Security consultant @ NYSTEC • 22 years a research scientist @ GE’s R&D Center • 15 years software developer, system administrator @ GE and Schlumberger • I’m not a cryptographer • I attended a lot of talks at Blackhat/DEFCON • Then I took a course on cryptography……….. Who should attend this talk? • Project Managers • Computer programmers • Those that are currently using cryptography • Those that are thinking about using cryptography in systems and protocols • Security professionals • Penetration testers who don’t know how to test cryptographic systems and want to learn more • … and anybody who is confused by cryptography Something for everyone What this presentation is … • A gentle introduction to cryptography • An explanation why cryptography can’t be just “plugged in” • Several examples of how cryptography can be done incorrectly • A brief description of why certain choices are bad and how to exploit it. • A checklist of warning signs that indicate when “Bad Cryptography” is happening. Example of Bad Cryptography!!! Siren from snottyboy http://soundbible.com/1355-Warning-Siren.html What this talk is not about • No equations • No certificates • No protocols • No mention of SSL/TLS/HTTPS • No quantum cryptography • Nothing that can cause headaches • (Almost) no math used Math: Exclusive Or (XOR) ⊕ Your Cat Your Roommates' Will you have Cat kittens? No kittens No kittens Note that this operator can “go backwards” (invertible) What is encryption and decryption? Plain text Good Morning, Mr. Phelps
    [Show full text]
  • RSA Key Extraction Via Low-Bandwidth Acoustic Cryptanalysis∗
    RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis∗ Daniel Genkin Adi Shamir Eran Tromer Technion and Tel Aviv University Weizmann Institute of Science Tel Aviv University [email protected] [email protected] [email protected] December 18, 2013 Abstract Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer, and in particular leak sensitive information about security-related computations. In a preliminary presentation (Eurocrypt’04 rump session), we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was that the acoustic side channel has a very low bandwidth (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers. In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis.
    [Show full text]
  • Side-Channel Analysis of AES Based on Deep Learning
    DEGREE PROJECT IN ELECTRICAL ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2019 Side-Channel Analysis of AES Based on Deep Learning Huanyu Wang KTH ROYAL INSTITUTE OF TECHNOLOGY ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Abstract Side-channel attacks avoid complex analysis of cryptographic algorithms, instead they use side-channel signals captured from a software or a hardware implementation of the algorithm to recover its secret key. Recently, deep learning models, especially Convolutional Neural Networks (CNN), have been shown successful in assisting side-channel analysis. The attacker first trains a CNN model on a large set of power traces captured from a device with a known key. The trained model is then used to recover the unknown key from a few power traces captured from a victim device. However, previous work had three important limitations: (1) little attention is paid to the effects of training and testing on traces captured from different devices; (2) the effect of different power models on the attack’s efficiency has not been thoroughly evaluated; (3) it is believed that, in order to recover all bytes of a key, the CNN model must be trained as many times as the number of bytes in the key. This thesis aims to address these limitations. First, we show that it is easy to overestimate the attack’s efficiency if the CNN model is trained and tested on the same device. Second, we evaluate the effect of two common power models, identity and Hamming weight, on CNN-based side-channel attack’s efficiency. The results show that the identity power model is more effective under the same training conditions.
    [Show full text]
  • Physical Key Extraction Attacks On
    contributed articles DOI:10.1145/2851486 needs to never output it or anything that Computers broadcast their secrets via may reveal it. (The operating system may be misused to allow someone else’s inadvertent physical emanations that process to peek into the program’s are easily measured and exploited. memory or files, though we are getting better at avoiding such attacks, too.) BY DANIEL GENKIN, LEV PACHMANOV, ITAMAR PIPMAN, Yet programs’ control over their ADI SHAMIR, AND ERAN TROMER own outputs is a convenient fiction, for a deeper reason. The hardware run- ning the program is a physical object and, as such, interacts with its envi- ronment in complex ways, including Physical electric currents, electromagnetic fields, sound, vibrations, and light emissions. All these “side channels” may depend on the computation per- Key Extraction formed, along with the secrets within it. “Side-channel attacks,” which ex- ploit such information leakage, have been used to break the security of nu- merous cryptographic implementa- Attacks on PCs tions; see Anderson,2 Kocher et al.,19 and Mangard et al.23 and references therein. Side channels on small devices. Many past works addressed leakage from small devices (such as smart- cards, RFID tags, FPGAs, and simple embedded devices); for such devices, CRYPTOGRAPHY IS UBIQUITOUS. Secure websites and physical key extraction attacks have financial, personal communication, corporate, and been demonstrated with devastating effectiveness and across multiple phys- national secrets all depend on cryptographic algorithms ical channels. For example, a device’s operating correctly. Builders of cryptographic systems power consumption is often correlated with the computation it is currently ex- have learned (often the hard way) to devise algorithms ecuting.
    [Show full text]
  • Behavioral Acoustic Emanations: Attack and Verification of PIN Entry
    sensors Article Behavioral Acoustic Emanations: Attack and Verification of PIN Entry Using Keypress Sounds Sourav Panda 1, Yuanzhen Liu 2 , Gerhard Petrus Hancke 2,* and Umair Mujtaba Qureshi 2,3 1 Department of Computer Science and Engineering, University of California, Riverside, CA 92521, USA; [email protected] 2 Department of Computer Science, City University of Hong Kong, Hong Kong, China; [email protected] (Y.L.); [email protected] (U.M.Q.) 3 Department of Telecommunication Engineering, Mehran University of Engineering and Technology, Jamshoro 76062, Sindh, Pakistan * Correspondence: [email protected]; Tel.: +852-3442-9341 Received: 29 April 2020; Accepted: 22 May 2020; Published: 26 May 2020 Abstract: This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.
    [Show full text]
  • Active Electromagnetic Attacks on Secure Hardware
    UCAM-CL-TR-811 Technical Report ISSN 1476-2986 Number 811 Computer Laboratory Active electromagnetic attacks on secure hardware A. Theodore Markettos December 2011 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2011 A. Theodore Markettos This technical report is based on a dissertation submitted March 2010 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Clare Hall. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Active electromagnetic attacks on secure hardware A. Theodore Markettos Summary The field of side-channel attacks on cryptographic hardware has been extensively studied. In many cases it is easier to derive the secret key from these attacks than to break the cryptography itself. One such side- channel attack is the electromagnetic side-channel attack, giving rise to electromagnetic analysis (EMA). EMA, when otherwise known as ‘TEMPEST’ or ‘compromising eman- ations’, has a long history in the military context over almost the whole of the twentieth century. The US military also mention three related at- tacks, believed to be: HIJACK (modulation of secret data onto conducted signals), NONSTOP (modulation of secret data onto radiated signals) and TEAPOT (intentional malicious emissions). In this thesis I perform a fusion of TEAPOT and HIJACK/NONSTOP techniques on secure integrated circuits. An attacker is able to introduce one or more frequencies into a cryptographic system with the intention of forcing it to misbehave or to radiate secrets.
    [Show full text]
  • Tromer-Phd.Pdf
    חבור לשם קבלת התואר Thesis for the degree דוקטור לפילוסופיה Doctor of Philosophy מאת by ערן טרומר Eran Tromer Hardware-Based Cryptanalysis שבירת צפנים באמצעי חומרה מנחה Advisor פרופ ' עדי שמיר Prof. Adi Shamir אייר תשס "ז May 2007 מוגש למועצה המדעית של Presented to the Scientific Council of the מכון ויצמן למדע Weizmann Institute of Science רחובות , ישראל Rehovot, Israel Summary The theoretical view of cryptography usually models all parties, legitimate ones as well as attack- ers, as idealized computational devices with designated interfaces, and their security and com- putational complexity are evaluated in some convenient computational model – usually PC-like RAM machines. This dissertation investigates several cases where reality significantly deviates from this model, leading to previously unforeseen cryptanalytic attacks. The first part of the dissertation investigates the concrete cost of factoring integers, and in partic- ular RSA keys of commonly used sizes such as 1024 bits. Until recently, this task was considered infeasible (i.e., its cost was estimated as trillions of dollars), based on extrapolations that assumed implementation of factoring algorithms on sequential PC-like computers. We have shown that the situation changes significantly when one introduces custom-built hardware architectures, with algorithms and parametrization that are optimized for concrete technological tradeoffs and do not fit the RAM machine model. Focusing on the Number Field Sieve (NFS) factoring algorithm, we propose hardware architectures for both of its computational steps: the sieving step and the linear algebra step. Detailed analysis and a careful choice of the NFS parameters show that for breaking 1024-bit RSA keys, NFS can be be implemented at a fairly practical cost of a few million US dollars for a throughput of one factorization per year.
    [Show full text]
  • Improving Network Security by Modifying RSA Algorithm
    ISSN 2350-1022 International Journal of Recent Research in Mathematics Computer Science and Information Technology Vol. 4, Issue 1, pp: (1-4), Month: April 2017 – September 2017, Available at: www.paperpublications.org Improving Network Security by Modifying RSA Algorithm KANNIKA PARAMESHWARI B1, KRITHIKA M2, KARTHI P3 1,2 Computer Science And Engineering, Jeppiaar Engineering College, Semmanchcheri, Chennai, India 3 Computer Science And Engineering, Rajalakshmi Engineering College, Thandalam, Chennai, India Abstract: Security is playing an important and crucial role in the field of network communication system and internet. Here, lot of encryption algorithms were developed and so far .Though many algorithms are used now a days, there is a lack of security in message transformation. Security can be improved by making some modifications in traditional algorithms. Algorithms are DES, RSA, ECC algorithm etc. Among this it is preferred to do some modifications in RSA Algorithm. So, the changes applied in these algorithms, security will be better than the previous. Keywords: Encryption, Decryption, DES, RSA, ECC, Plain Text, Cipher Text. I. INTRODUCTION The process of encoding the plain text into cipher text is called Encryption and the reverse process is called decryption. It can be done by two techniques, symmetric and asymmetric key cryptography. Symmetric key uses same public key for both encryption and decryption but the asymmetric key uses public key for encryption and private key for decryption. The algorithm comes under the symmetric is DES Algorithm and ECC ALGORITHM. The algorithm comes under asymmetric is RSA ALGORITHM. For each algorithm there are two key aspects are involved. They are algorithm type (size of plaintext should be encrypted is defined) and algorithm mode (cryptographic algorithm mode is defined).Algorithm mode is a combination of series of basic algorithm and block cipher and some feedback from above steps.
    [Show full text]
  • Timo Bartkewitz — Towards Efficient Practical Side-Channel Cryptanalysis
    TOWARDS EFFICIENT PRACTICAL SIDE-CHANNEL CRYPTANALYSIS Improved Implementations, Novel Methods, Applications, and Real-world Attacks DISSERTATION zur Erlangung des Grades eines Doktor-Ingenieurs der Fakultat¨ fur¨ Elektrotechnik und Informationstechnik an der Ruhr-Universitat¨ Bochum Timo Bartkewitz Bochum, September 2016 Copyright © 2016 by Timo Bartkewitz. All rights reserved. Printed in Germany. To my parents Claudia and Ralf, and Miriam my wife Timo Bartkewitz Place of birth: Bochum, Germany Author’s contact information: [email protected] www.rub.de Thesis Advisor: Prof. Dr.-Ing. Christof Paar Ruhr University Bochum, Germany Secondary Referees: Prof. Dr.-Ing. Kerstin Lemke-Rust Bonn-Rhine-Sieg University of Applied Sciences, Germany Prof. Dr. rer. nat. J¨org Schwenk Ruhr University Bochum, Germany Thesis submitted: September 23, 2016 Thesis defense: June 9, 2017 Last revision: July 22, 2017 v [As HAL does not open the pod bay doors] Dave: What’s the problem? HAL: I think you know what the problem is just as well as I do. Dave: What are you talking about, HAL? HAL: This mission is too important for me to allow you to jeopardize it. Dave: I don’t know what you’re talking about, HAL. HAL: I know that you and Frank were planning to disconnect me, and I’m afraid that’s something I cannot allow to happen. Dave: Where the hell did you get that idea, HAL? HAL: Dave, although you took very thorough precautions in the pod against my hearing you, I could see your lips move. HAL 9000 and Commander Dr. David Bowman in 2001: A Space Odyssey (1968).
    [Show full text]