Keywords: information protection, untrusted environment, time attack, energy consumption analysis, electromagnetic field, algorithmic and hardware methods
TIMING ATTACKS ON INFORMATION IN UNTRUSTED ENVIRONMENTS
UDC 004.056.5
DOI: 10.26102/2310-6018/2018.23.4.034
The relevance of improving the software and algorithmic protection of hardware devices operating in untrusted environments (UTE), due to the fact that they are most likely to be exposed to the purpose of disruption of their internal structure. The purpose of the article is to analyze, evaluate the effectiveness, and predict the development of promising tools and methods of attacks on information in the UTE. The article discusses the main characteristics of attacks on information in untrusted environments. A detailed analysis of these characteristics is given. Attention is paid to algorithmic and hardware methods of information protection from time attacks. Among these attacks are considered using cache memory, analysis of power consumption and characteristics of electromagnetic fields. The advantages of attacks over other methods of side-channel attacks are shown: no expensive laboratory equipment is required; they can be implemented remotely, without physical access to the attacked information security tool; can be included as part of a complex attack. The disadvantages of time attacks are: the need for high accuracy of determining the time of the encryption operation; the requirement of a large amount of data for analysis; understanding of all the features of the implementation of the algorithm used in this type of processor, its architecture; the availability of access to the cache memory used by the process under study. Among the shortcomings of the methods of countering attacks over time are: they are not complex; they can create a side channel of information leakage; there are no estimates of their effectiveness. The results are valuable in the practical organization of information protection in UTE.
1. Panasenko, S. P. Ataki na shifratory, ispol'zuyushchie utechki dannyh po pobochnym kanalam. Algoritmy shifrovaniya. Special'nyj spravochnik. SPb.: BHV-Petersburg, 2009. – 576 p.
2. Skorobogatov, S. P. Side-Channel Attacks: New Directions and Horizons // Design and Security of Cryptographic Algorithms and Devices (ECRYPT II) (3 June 2011). Albena. Bulgaria.
3. Kocher, P. Timing Attacks on Implementations of Diffie-Hellmann, RSA, DSS, and Other Systems // Advances in Cryptology — CRYPTO '96. Lecture Notes in Computer Science. 1996. Vol. 1109. — Pp. 104 - 113.
4. Poussier, R., Standaert, F., Grosso, V. Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach // CHES. 2016. Pp. 61–81.
5. Schindler, W., Lemke, K., Paar, C. A Stochastic Model for Differential Side Channel Cryptanalysis // CHES. 2005. Pp. 30–46.
6. Biham, E., Shamir, A. Differential cryptanalysis of DES-like cryptosystems // CRYPTO'90 & Journal of Cryptology. 1991. Vol. 4, Issue 1. – Pp. 3 - 72.
7. Chari, S., Jutla, C., Rao, J., Rohatgi, P. Towards Sound Approaches to Counteract Power-Analysis Attacks. Crypto'99. Springer-Verlag. – Pp. 398 – 411.
8. Goubin, L., Patarin, J. DES and Differential Power Analysis. URL: https://link.springer.com/content/pdf/10.1007%2F3-540-48059-5_15.pdf.
9. Shivani, M., Padmini, C. Enhanced Delay-based Dual-rail Precharge Logic against Leakage Power Analysis Attack // International Journal of Current Engineering and Technology. 2015. Vol. 5, No. 4. – Pp. 2800-2803.
10. Tiri, K., Verbauwhede, I. Charge Recycling Sense Amplifier Based Logic: Securing Low Power Security IC’s against Differential Power Analysis. URL: https://eprint.iacr.org/2004/067.pdf .
11. Tiri, K., Hwang, D., Hodj, A., Lai Bo-Cheng, Yang, S., Schaumont, P., Verbauwhede, I. Prototype IC with WDDL and Differential Routing – DPA ResistanceAssessment. URL: https://www.iacr.org/archive/ches2005/026.pdf .
12. Mizuno, H., Iwai, K., Tanaka, H., Kurokawa, T. A Correlation Power Analysis Countermeasure for Enocoro-128 v2 Using Random Switching Logic.URL:https://www.computer.org/csdl/proceedings/icnc/2012/4893/00/ 4893 a326. pdf .
13. Chen, Z., Zhou, Y. Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage. URL: http://www.sciweavers.org/read/dual-rail-random-switching-logic-acountermeasure-to-reduce-side-channel-leakage-187407
14. Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestr, P., Quisquater, J.-J., Willems, J.-L. A Practical Implementation of the Timing Attack. Technical Report CG1998/1. Brussels: Universities catholique de Louvain, 1998. – 19 p.
15. Schindler, W. Optimized timing attacks against public key cryptosystems // Statistics & Decisions. 2002. No 20 (2). – Pp.191-210.
16. Schindler, W., Koeune, F., Quisquater, J.-J. Improving Divide and Conquer Attacks against Cryptosystems by Better Error Detection/Correction Strategies // Proc. of 8th IMA International Conference on Cryptography and Coding. 2001. – Pp. 245 - 267.
17. Schindler, W. A Timing Attack against RSA with the Chinese Remainder Theorem. URL: https://tls.mbed.org/public/WSchindlerRSA_Timing_Attack.pdf
18. Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G. AES Power Attack Based on Induced Cache Miss and Countermeasure / IEEE Computer Society, 2005. Information Technology: Coding and Computing, International Conference. Apr. 4. 2005. Las Vegas, Nevada. – Pp. 586-591.
19. Messerges, T. Using Second-Order Power Analysis to Attack DPA Resistant Software. URL: https://link.springer.com/content/pdf/10.1007%2F3-540- 44499-8_19.pdf .
20. Quisquater, J.-J., Samyde, D. Electromagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards. Smart Cards Programming and Security (eSmart 2001). Lectures Notes in Computer Science (LNCS). 2001. Vol. 2140. Springer. – Pp. 200—210
21. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P. The EM Side Channel(s): Attacks and Assessment Methodologies. In Cryptographic Hardware and Embedded Systems // CHES 2002, LNCS 2523. SpringerVerlag. – Pp. 29–45.
22. Quisquater, J.-J., Samyde, D. Automatic Code Recognition for Smart Cards Using a Kohonen Neural Network. URL: https://www.usenix.org/legacy /event/cardis02/full papers/quisquater/quisquater.pdf.
Keywords: information protection, untrusted environment, time attack, energy consumption analysis, electromagnetic field, algorithmic and hardware methods
For citation: Minaev V.A., Zelentsova E.V., Petrov S.S. TIMING ATTACKS ON INFORMATION IN UNTRUSTED ENVIRONMENTS. Modeling, Optimization and Information Technology. 2018;6(4). URL: https://moit.vivt.ru/wp-content/uploads/2018/10/MinaevSoatori_4_18_1.pdf DOI: 10.26102/2310-6018/2018.23.4.034 (In Russ).
Published 31.12.2018