Novel Side-Channel Attacks on Emerging Cryptographic Algorithms and Computing Systems A Dissertation Presented by Chao Luo to The Department of Electrical and Computer Engineering in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Engineering Northeastern University Boston, Massachusetts December 2018 To my family. i Contents List of Figures iv List of Tables vi List of Acronyms vii Acknowledgments viii Abstract of the Dissertation ix 1 Introduction 1 1.1 Motivation ....................................... 1 1.2 Research Agenda ................................... 3 2 Side-Channel Analysis of XTS-AES 5 2.1 Introduction and Motivation ............................. 5 2.2 Preliminaries ..................................... 6 2.2.1 XTS-AES Algorithm ............................. 6 2.2.2 Attack and Leakage Model .......................... 7 2.3 Simple Power Analysis of Software Implementation on Microcontroller . ..... 8 2.4 Horizontal Attack of Hardware Implementation: Analysis of Modular Multiplication 9 2.4.1 Tweak Generation Leakage Analysis without Noise ............. 10 2.4.2 Improved Tweak Recovery .......................... 13 2.4.3 Block Tweak Leakage Analysis with Noise ................. 14 2.4.4 Experimental Results ............................. 19 2.5 Vertical Attack of Hardware Implementation: CPA on XTS-AES .......... 20 2.6 Countermeasures ................................... 23 2.7 Summary ....................................... 25 3 Side-channel Analysis of AES on GPU 26 3.1 Introduction and Motivation ............................. 26 3.2 Preliminaries ..................................... 27 3.2.1 GPU Basics .................................. 27 3.2.2 AES and a CUDA implementation of AES ................. 30 ii 3.2.3 Side-channel Attack and Typical Correlation Power analysis . ...... 31 3.2.4 Attack Model ................................. 32 3.3 Experimental Setup and Power Trace Acquisition .................. 32 3.4 Power Model Building ................................ 34 3.4.1 Hamming Distance Based Power Leakage Extraction ............ 34 3.4.2 GPU’s Power Leakage Model ........................ 36 3.5 Key Discovery of GPU by Power Analysis Attacks ................. 39 3.5.1 Full Key Extraction .............................. 40 3.5.2 A More Realistic Execution Environment .................. 42 3.6 Countermeasures ................................... 46 3.7 Summary ....................................... 47 4 Side-channel Analysis of RSA on GPU 48 4.1 Introduction and Motivation ............................. 48 4.2 Background: RSA and GPU Implementation ..................... 50 4.2.1 Sliding Window Exponentiation ....................... 50 4.2.2 Montgomery Multiplication ......................... 52 4.2.3 GPU Parallelization of RSA ......................... 53 4.3 The Timing Models of RSA on GPUs ........................ 54 4.3.1 GPU Timing Model ............................. 54 4.3.2 Timing Model Verification .......................... 56 4.4 Correlation Timing Attack .............................. 56 4.4.1 Attack CLNW ................................ 57 4.4.2 Attack VLNW ................................ 59 4.5 Success Rate Analysis ................................ 60 4.6 Error Correction .................................... 63 4.7 Experimental Results ................................. 65 4.8 Countermeasures ................................... 66 4.9 Summary ....................................... 67 5 Side-channel Analysis of ECC on Embedded Systems 68 5.1 Introduction and Motivation ............................. 68 5.2 Preliminary ...................................... 70 5.2.1 ECC Background ............................... 70 5.2.2 Side-Channel Countermeasures of micro-ecc ................ 72 5.3 Noval Simple Power Analysis ............................ 74 5.4 Collision Attack .................................... 80 5.5 Discussion ....................................... 83 5.6 Summary ....................................... 83 6 Conclusion 85 Bibliography 87 iii List of Figures 2.1 Diagram of XTS-AES sector encryption ....................... 7 2.2 Power difference for Tj[127] = 1 and0 ....................... 9 2.3 Operation of modular multiplication for different cases of {Tj[127],Tj+1[127]} .. 11 2.4 Hamming weights/distances of block tweaks ..................... 12 2.5 Probability distribution of number of possible values for the 7 least significant bits . 14 2.6 Bit error rate of Bayesian test and ML-based test .................. 18 2.7 Distribution of power difference ΔPj ........................ 20 2.8 Comparison of ΔHDj and ΔPj ........................... 20 2.9 Experiment results with Bayesian test ........................ 21 2.10 Correlation coefficient with T[0] and RT[0] ..................... 22 2.11 Power difference for Tj[127] = 1 and 0 with dummy XOR protection ....... 24 2.12 Comparison of ΔHDj and ΔPj with dummy bit protection ............ 25 3.1 Typical CUDA threads and blocks present in a single grid [1]. ........... 28 3.2 Block diagram of a TESLA C2070 streaming multiprocessor [1]. .......... 29 3.3 The round operation running as one thread. ..................... 31 3.4 The power measurement setup used in this work. .................. 33 3.5 A sample power trace of our GPU running AES, with the DC signal subtracted. 33 3.6 Last round operation on registers for one state byte. ................. 35 3.7 Distribution of confusion coefficient for one byte of the key for the GPU. ..... 38 3.8 Distribution of the confusion coefficient without linearity. .............. 39 3.9 Correlation between the power traces and the Hamming distances for all possible subkey byte values. .................................. 40 3.10 Our CPA attack results. ................................ 41 3.11 Success rate with different combinations of linear and nonlinear Hamming distances. 42 3.12 Empirical and theoretical success rates for 8, 16 and 32 blocks of plaintext. .... 46 4.1 Timing model verification .............................. 57 4.2 Operations on Mtemp with CLNW .......................... 58 4.3 Operations on Mtemp with VLNW. .......................... 59 4.4 Theoretic and empirical success rate ......................... 63 4.5 Sequence of correlation coefficients of a timing attack when an error happens . 64 4.6 Correlation coefficients of attacking zero and nonzero windows. .......... 65 iv 4.7 Always reduce countermeasure ............................ 67 4.8 Random assignment countermeasure ......................... 67 5.1 Modular multiplication and addition ......................... 75 5.2 Simple power leakage from power and EM traces. .................. 76 5.3 Correlation of power trace with sliding multiplication pattern ............ 77 5.4 Count number of additions after modular multiplication ............... 78 5.5 Ephemeral key candidate search ........................... 79 5.6 Power and EM trace collision ............................. 82 v List of Tables 2.1 Threshold and BER for Different SNR ........................ 16 2.2 Complexity of Search Among Erroneous Bits .................... 19 4.1 Attack result with error correction. .......................... 66 5.1 Attacks and Countermeasures ............................. 83 vi List of Acronyms AES Advanced Encryption Standard. The Advanced Encryption Standard (AES), also known by its original name Rijndael is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. CLNW Constant Length Nonzero Window. A sliding window algorithm of RSA, which partitions the private key into segments of windows. The nonzero window has a constant length of bits. CPA Correlation Power Analysis. DPA Differential Power Analysis. ECC Elliptic-Curve Cryptography. ECC is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. RSA Rivest–Shamir–Adleman. RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone. The other key must be kept private. The algorithm is based on the fact that finding the factors of a large composite number is difficult: when the integers are prime numbers, the problem is called prime factorization. SPA Simple Power Analysis. VLNW Variable Length Nonzero Window. A sliding window algorithm of RSA, which partitions the private key into segments of windows. The nonzero window has a variable length of bits. XTS-AES Xor-encrypt-xor-based tweaked-codebook mode with ciphertext stealing AES. An AES mode designed for disk encryption and standardized on 2007-12-19 as IEEE P1619. vii Acknowledgments Thanks to my advisor Professor Yunsi Fei, who guided and supported me through the years of my PhD study and research. Thanks to Professor David Kaeli for all the help with my research. Thanks to Professor Adam Ding for the help with mathematics involved in my research. Thanks to Professor Pau Closas for his contribution to the statistic analysis. Thanks to Professor Aatmesh Shrivastava for proof reading. viii Abstract of the Dissertation Novel Side-Channel Attacks on Emerging Cryptographic Algorithms and Computing Systems by Chao Luo Doctor of Philosophy in Computer Engineering