Timing attacks... and what is special with Institut Mines-Telecom DES SBox #5? R. Pacalet Introduction Side channels DES Timing attacks, the HWSec lab case Outline Introduction Side channels DES Timing attacks, the HWSec lab case 2/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Outline Introduction Side channels DES Timing attacks, the HWSec lab case 3/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Auguste Kerckhoffs’ principles (1883) I The system must be substantially, if not mathematically, undecipherable; I The system must not require secrecy and can be stolen by the enemy without causing trouble; I It must be easy to communicate and remember the keys without requiring written notes, it must also be easy to change or modify the keys with different participants; I The system ought to be compatible with telegraph communication; I The system must be portable, and its use must not require more than one person; I Finally, regarding the circumstances in which such system is applied, it must be easy to use and must neither require stress of mind nor the knowledge of a long series of rules. 4/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case The spirit is strong, the flesh is weak I Eventually, security is always implemented in hardware I An Intel Core i7 processor is a piece of hardware I A smartcard too I Your brain, a pencil, a piece of paper too I Hardware computes and does also some more... I Consumes power I Takes time I Emits electromagnetic radiations I Plus heat, noise,... I While apparently not exploitable these ”side channels” are serious information leaks 5/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Outline Introduction Side channels DES Timing attacks, the HWSec lab case 6/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Hardware leaks information I The ”side-channels” are usually correlated with the processing I In security applications they can be used to retrieve embedded secrets I Less than 1000 power traces can be sufficient to retrieve a secret key from a theoretically unbreakable system I Unlike in quantum cryptography the information leakage is usually undetectable I True for time I Almost true for power 7/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case A bit of history I 1956: MI5 against Egyptian Embassy in London (click-sound of the enciphering machine) I 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) I 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, ... I 2000-: New attacks (SEMA, DEMA, TPA, MIA,...). I Importance of hardware security increases (CHES) 8/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Outline Introduction Side channels DES Timing attacks, the HWSec lab case 9/37 April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case History (1/2) I Symmetric bloc cipher I Initial proposal by IBM (Lucifer) in 1975 I Adopted by NSA in 1977 (after some modifications) under the name DES: Data Encryption Standard I Feistel scheme, 56 bits key, 16 rounds I Some analytical attacks (differential and linear cryptanalysis), impractical I Brute force attacks became feasible 56 16 I 2 ≈ 7:2 × 10 I About one year on 1000 PCs @ 2GHz, with 800 clock cycles per DES enciphering (OpenSSL, Eric Young) 10/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case History (2/2) I Triple DES recommended today: TDEA (P) = DES (DES−1(DES (P))) k1;k2;k3 k1 k2 k3 I Some interesting variants: DES-Xk1;k;k2 (P) = k1 ⊕ DESk (k2 ⊕ P) I Superseded in 2002 by AES: Advanced Encryption Standard I Still in use, probably for some time I Easy to implement in hardware (small and fast) I In software, AES is simpler to implement (no bitwise permutations) 11/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Algorithm (1/4) DES: a 16 rounds Input Feistel scheme 64 Initial permutation (64 ) 64) IP 32 32 L0 R0 32 32 48 + F K1 32 32 L1 = R0 R1 = L0 ⊕ f (R0; K1) + F Kn L15 = R14 R15 = L14 ⊕ f (R14; K15) + F K16 R16 = L15 ⊕ f (R15; K16) L16 = R15 64 FP 64 Inverse initial permutation (64 ) 64) Output 12/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Algorithm (2/4) (1) (2) (8) Rn Kn = kn jkn j:::jkn 32 The Feistel F function E 48 48 + 48 6666666 6 S1 S2 S3 S4 S5 S6 S7 S8 4 4444444 32 P 32 13/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Algorithm (2/4) (1) (2) (8) Rn Kn = kn jkn j:::jkn 32 The Feistel F function E 48 48 + 48 6666666 6 S1 S2 S3 S4 S5 S6 S7 S8 4 4444444 32 P 32 14/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Algorithm (3/4) Key schedule: the 16 round keys Key are 48 bits, permutated, subsets of 56 the 56 bits secret key Permutated choice 1 (56 ) 56) PC1 28 56 28 C0 D0 Left shifts (1) Left shifts (1) Rotations to the Permutated choice 2 (56 ) 48) left by one or two positions, depending C1 D1 on the round: Round Left shifts K1 PC2 48 56 1 1 Left shifts (1)Leftshifts (1) 2 1 3 2 Cn Dn 8 2 K PC 9 1 n 2 10 2 Left shifts (1) Left shifts (1) 15 2 16 1 C16 D16 K16 PC2 15/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Algorithm (4/4) I IP, FP, P and PC1 are pure permutation functions I E is an expansion (32 ) 48) – permutation function I PC2 is a selection (56 ) 48) – permutation function I S1, S2, ..., S8 are non-linear, 6 bits to 4 bits, functions: the substitution boxes or ”SBoxes” I The key-schedule consists in simple or double left circular rotations (specified for each round) I The decryption function is obtained by inverting the key-schedule (right circular rotations) 16/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Outline Introduction Side channels DES Timing attacks, the HWSec lab case 17/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case History of timing attacks I First published by Paul Kocher (CRYPTO’96) I Implemented by Dhem, Quisquater, et al. (CARDIS’98) I Used by Canvel, Hiltgen, Vaudenay, and Vuagnoux to attack OpenSSL (CRYPTO’03) 18/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Principle of timing attacks (1/2) I Crypto function EK use secret key K to compute output C = EK (P) from input P. I Joint exploit of computing time T and output C (or input P, depending on what is known by the attacker) I Attacher builds partial timing model TMg(C) depending on guessed value g for small part k of secret K I TMg(C) is an estimate of time taken by an elementary operation of EK when computing C = EK (P)... if guess g is correct... I ... else TMg(C) is just random 19/37April 24, 2018 Institut Mines-Telecom Timing attacks... and what is special with DES SBox #5? Introduction Side channels DES Timing attacks, the HWSec lab case Principle of timing attacks (2/2) I Run Ci = EK (Pi ) on N random inputs and record fCi ; Ti g; 1 ≤ i ≤ N pairs of {output, computing time} I For each possible value g (guess) of k compute the TMg(Ci ); 1 ≤ i ≤ N... I ...and estimate correlation Cg between Ti and TMg(Ci ) over the N measurements I One guess gbest exhibits the best correlation Cgbest ) best guess for k is gbest I Repeat for all (small) parts k of K ) best guess for K I Same measurements collection can be used for all parts k of K 20/37April 24, 2018 Institut Mines-Telecom Timing attacks..