170 likes | 247 Vues
Learn about side channel collision attacks, collision detection, and key recovery methods in AES systems. Discover how Wide Collisions technique improves attack results in embedded systems with constrained resources.
E N D
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10thACNS 2012- Singapore
Overview • Side Channel Collision Attacks • Wide Collisions for AES • Improving Recognition Rates • Attack Results
Embedded Systems • Specific purpose device with computing capabilities • Constrained resources • Many require security
Side Channel Attacks … leaks additional information via side channel! e.g. power consumption / EM emanation plaintext AES Leakage ciphertext
Collisions in AES plaintext Collision:Querying same S-box value twice Collision Attack: Exploiting collision detections to recover secret key Add_Key Sub_Bytes y1 y4 = y1 S-box 1 S-box 4
Collision Detection Collisions are highly frequent: • First round: .41 collisions • One encryption: >40 collisions Detecting collisions is hard: • One encryption: 12 720 comparisons • Probability of a collision: <0.4% • False positive rate of 1%: >120 faulty detections Shouldminimize false positives
Wide Collisions (I) • Two AES encryptions with chosen inputs • Same plaintexts except for diagonals! • AddRoundKey, SubBytes -> same difference
Wide Collisions (II) • ShiftRows aligns differences • MixColumns can result in equal bytes Collision
Wide Collisions (III) • 2ndShiftRows results in equal columns • Full column collides until next ShiftRows! • 5predictable S-Box collisions between 2 encryptions! Full Column Collision
Collision Detection • Direct Comparison of two power traces • Ideally only compared in leaking regions(5 s-Boxes and full MixColumnscolliding) Point selection necessary: • Knowledge of implementation or profiling needed + S-box in round 2 + Mix Columns S-box 4 S-boxes (in round 3)
Key Recovery Phase • 1st byte after 1stMixColumns: • 4 collisions reduce key candidates from 232 to 1 candidate per diagonal. • Full key recovery: 16 distinct collisions. Avoid false positives
Outlier Method Procedure: Find overall Mean Trace Locate Outlier Region Locate Neighboring Pairs Mean Trace Individual Trace Outlier Region
Outlier Method: Details Two parameters: • Size of outlier region • Admitted distance betweenneighboring points Both influence • Number of detected collisions • Rate of false positives Tradeoff depends on implementation
Results • Unprotected SW implementation, 8-bit Smart Card • Results on 3000 power traces: • Wide Collisions stronger, but knowledge of implementation or profiling needed • Blind Templates (+ PCA) are great for device profiling
Optimized Collision Detection • Targeting Wide Collisions • Strong leakage, easier to detect • Requires chosen inputs • UsingOutlier Detection method: • Reduces overall detection of collisions • Minimizes false positives
Conclusion • Wide collisions yield feasible power based collision attack • Outlier Method is a helpful tool for decreasing false positive detections
Thank you very much for your attention! teisenba@fau.edu