Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications

  • Conference paper
Information, Security and Cryptology – ICISC 2009 (ICISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5984))

Included in the following conference series:

  • 1377 Accesses

Abstract

The design of embedded processors demands a careful trade-off between many conflicting objectives such as performance, silicon area and power consumption. Finding such a trade-off often ignores the issue of security, which can cause, otherwise secure, cryptographic software to leak information through so-called micro-architectural side channels. In this paper we show that early-terminating integer multipliers found in various embedded processors (e.g., ARM7TDMI) represent an instance of this problem. The early-termination mechanism causes differences in the time taken to execute a multiply instruction depending on the magnitude of the operands (e.g., up to three clock cycles on an ARM7TDMI processor), which are observable via variations in execution time and power consumption. Exploiting the early-termination mechanism makes Simple Power Analysis (SPA) attacks relatively straightforward to conduct, and may even allow one to attack implementations with integrated countermeasures that would not leak any information when executed on a processor with a constant-latency multiplier. We describe several case studies, including both secret-key (RC6, AES) and public-key algorithms (RSA, ECIES) to demonstrate the threat posed by embedded processors with early-terminating multipliers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Acıiçmez, O.: Yet another microarchitectural attack: Exploiting I-cache. In: Proceedings of the 1st ACM Workshop on Computer Security Architecture (CSAW 2007), pp. 11–18. ACM Press, New York (2007)

    Chapter  Google Scholar 

  2. Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), pp. 312–320. ACM Press, New York (2007)

    Google Scholar 

  3. Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 225–242. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Acıiçmez, O., Seifert, J.-P., Koç, Ç.K.: Micro-architectural cryptanalysis. IEEE Security & Privacy 5(4), 62–64 (2007)

    Article  Google Scholar 

  5. ARM Limited. ARM7TDMI Technical Reference Manual (Revision r4p1). ARM Doc No. DDI 0210, Issue C (November 2004)

    Google Scholar 

  6. ARM Limited. ARM Architecture Reference Manual. ARM Doc No. DDI 0100, Issue I (July 2005)

    Google Scholar 

  7. Bernstein, D.J.: Cache-timing attacks on AES. Preprint (2005), http://cr.yp.to/papers.html#cachetiming

  8. Bertoni, G., Breveglieri, L., Fragneto, P., Macchetti, M., Marchesin, S.: Efficient software implementation of AES on 32-bit platforms. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 159–171. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES power attack based on induced cache miss and countermeasure. In: Proceedings of the 6th International Conference on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 586–591. IEEE Computer Society Press, Los Alamitos (2005)

    Chapter  Google Scholar 

  10. Booth, A.D.: A signed binary multiplication technique. Quarterly Journal of Mechanics and Applied Mathematics 4(2), 236–240 (1951)

    Article  MathSciNet  MATH  Google Scholar 

  11. Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Dadda, L.: Some schemes for parallel multipliers. Alta Frequenza 34(5), 349–356 (1965)

    Google Scholar 

  14. Daemen, J., Rijmen, V.: The Design of Rijndael: AES – The Advanced Encryption Standard. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  15. Furber, S.B.: ARM System-on-Chip Architecture, 2nd edn. Addison-Wesley, Reading (2000)

    Google Scholar 

  16. Gebotys, C.H., Gebotys, R.J.: Secure elliptic curve implementations: An analysis of resistance to power-attacks in a DSP processor. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 114–128. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Großschädl, J., Oswald, E., Page, D., Tunstall, M.: Side-channel analysis of cryptographic software via early-terminating multiplications. Cryptology ePrint Archive, Report 2009/538 (2009), http://eprint.iacr.org/

  19. Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  20. Hartley, R., Corbett, P.: Digit-serial processing techniques. IEEE Transactions on Circuits and Systems 37(6), 707–719 (1990)

    Article  Google Scholar 

  21. IBM Corporation: PowerPC 440x6 Embedded Processor Core User’s Manual (Version 07) (July 2008), http://www.ibm.com/chips/techlib/techlib.nsf/products/PowerPC_440_Embedded_Core

  22. Intel Corporation. Intel® StrongARM® SA-1100 Microprocessor for Embedded Applications. Brief datasheet, order number 278092-005 (June 1999)

    Google Scholar 

  23. Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  25. Kocher, P.C., Lee, R.B., McGraw, G.E., Raghunathan, A., Ravi, S.: Security as a new dimension in embedded system design. In: Proceedings of the 41st Design Automation Conference (DAC 2004), pp. 753–760. ACM Press, New York (2004)

    Google Scholar 

  26. MIPS Technologies, Inc. MIPS32 4KmTM Processor Core Datasheet (November 2004), http://www.mips.com/products/processors/32-64-bit-cores/mips32-m4k/

  27. Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  28. Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  29. National Institute of Standards and Technology (NIST). Digital Signature Standard (DSS). FIPS Publication 186-2 (February 2000)

    Google Scholar 

  30. National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES). FIPS Publication 197 (November 2001)

    Google Scholar 

  31. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  32. Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol, Bristol, U.K. (June 2002)

    Google Scholar 

  33. Ravi, S., Raghunathan, A., Kocher, P.C., Hattangady, S.: Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems 3(3), 461–491 (2004)

    Article  Google Scholar 

  34. Rivest, R.L., Robshaw, M.J., Sidney, R., Yin, Y.L.: The RC6TM block cipher. Technical report, RSA Laboratories, Bedford, MA, USA (August 1998), ftp://ftp.rsasecurity.com/pub/rsalabs/rc6/rc6v11.pdf

  35. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  36. RSA Security, Inc. PKCS #1 v2.1: RSA Cryptography Standard (June 2002), ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

  37. Standards for Efficient Cryptography Group (SECG). SEC 1: Elliptic Curve Cryptography (September 2000), http://www.secg.org/download/aid-385/sec1_final.pdf

Download references

Author information

Authors and Affiliations

  1. Laboratory of Algorithmics, Cryptology and Security (LACS), University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, L–1359, Luxembourg, Luxembourg

    Johann Großschädl

  2. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, U.K.

    Johann Großschädl, Elisabeth Oswald, Dan Page & Michael Tunstall

Authors
  1. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisabeth Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dan Page
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Tunstall
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. CIST (Center for Information Security Technologies), Korea University Anam Dong, Sungbuk Gu, Seoul, Korea

    Donghoon Lee

  2. Center for Information Security Technologies(CIST), Korea University, Seoul, Korea

    Seokhie Hong

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Großschädl, J., Oswald, E., Page, D., Tunstall, M. (2010). Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications. In: Lee, D., Hong, S. (eds) Information, Security and Cryptology – ICISC 2009. ICISC 2009. Lecture Notes in Computer Science, vol 5984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14423-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14423-3_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14422-6

  • Online ISBN: 978-3-642-14423-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation