..

Call for Papers

Download as   PDF | PS | TXT

Registration Form

Download as   PDF | DOC

Workshop Program

Download as   PDF | TXT

Important Dates

Submission Deadline:2009/12/06
Author Notification:2010/01/03
Final version due:2010/01/25

Supported by:




Contact

Local Organisation
cosade2010{at}cased.de

Contributions 

1 Invited Talk by Pankaj Rohakgi
2 Session 1: Side Channel Attacks I
3 Session 2: Side Channel Attacks II
4 Invited Talk by Ingrid Verbauwhede
5 Session 3: Tools
6 Session 4: Protection & Design
7 Session 5: Countermeasures
8 Invited Talk by Stefan Mangard
9 Session 6: Preprocessing & Preselection

Download Proceedings as complete PDF.

Invited Talk #1: Side-Channel Resistance Engineering

Speaker
Pankaj Rohatgi
Schedule
Date 2010/02/04
Start time 10:30
Duration 01:00
Downloads & Links
Slides PDF

Pankaj Rohatgi
Cryptography Research Inc., San Francisco, CA
Technical Director, Hardware Security Solutions

Abstract:

tba.

Session 1: Side-Channel Attacks

Talk #1: Correlation power analysis in frequency domain

Speaker
Paul Duplys
Schedule
Date 2010/02/04
Start time 11:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Oliver Schimmel, Technical University Darmstadt, Germany
Paul Duplys, Robert Bosch GmbH, Germany
Eberhard Boehl, Robert Bosch GmbH, Germany
Jan Hayek, Robert Bosch GmbH, Germany
Wolfgang Rosenstiel, University of Tübingen, Germany

Abstract:

In this work we introduce a power analysis attack in frequency domain called Correlation Power Frequency Analysis (CPFA). Our attack is based on power spectral density of the signal and – unlike public state-of-the-art frequency domain attacks – uses correlation coefficient for key hypothesis verification. This allows us to utilize measurements more efficiently than differential power analysis attacks in frequency domain. We demonstrate the feasibility of our attack and compare it with time domain correlation power analysis in respect to noise impact.



Talk #2: The Variance Power Attack

Speaker
Philippe Hoogvorst
Schedule
Date 2010/02/04
Start time 12:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Philippe Hoogvorst
LTCI-CNRS, TELECOM ParisTech

Abstract:

The side-channel attacks are a serious threat to secrets protected by cryptographic functions implemented in electronic devices. The threat is serious when the crytographic operations are performed using a PC but is yet more dangerous for embedded devices for which the various side-channels are more easily available to the attacker. This article describes a generalisation of the dpa and cpa which not only finds the secret key in used but gives the attacker a lot of informations about the internals of the target system, which enables her to optimize other attacks. The attack can also be used as a characterization tool by the designer of the embedded system to check that his countermeasures work as expected in a more precise way than performing an attack and obtaining a yes/no answer.


Session 2: Side-Channel Attacks II

Talk #3: An Empirical Study of the EIS Assumption in Side Channel Attacks against Hardware Implementations

Speaker
Sylvain Guilley
Schedule
Date 2010/02/04
Start time 13:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Sylvain Guilley, Olivier Meynard, Laurent Sauvage, and Jean-Luc Danger, Telecom ParisTech, France

Abstract:

Side-channel analyses are powerful techniques to extract secrets from a circuit handling sensitive information. We discuss in this paper the optimal way to conduct side-channel attacks, based on the extensive knowledge of the circuit's leakage. This approach allows to unify two attack methodologies: those requiring a pre-characterization step (such as template or stochastic attacks) and those based on a known or on-line discovered model (DPA, CPA or MIA). The computation or measurement of an exhaustive behavior is a costly investment.  However, it is non-recurrent; therefore, afterwards, optimal attacks can be realized with a considerable speed-up.

The first contribution of this paper is to put forward that an exhaustive characterization of the leakage indeed brings an advantage in terms of attacks. We notably, for the first time, bring practical and theoretical evidences of the origin of the deviation from an incomplete characterization or an incomplete model. More precisely, we prove that the most important cause for non-optimality is logical and not technological. Indeed, the non-linearity of the functionality is the first reason for the partial templates or models to be approximate. 

The technological effects, such as cross-talk between adjacent wires or intra-die electrical characteristics variations account only as second order contributions. We advocate that the deeper the non-linear combinatorial gates are, the worse the incomplete pre-characterizations or the partially parameterized models will match the actual leakage. Therefore, for a fair evaluation of parallel implementations that compute one or more rounds per clock period, we recommend building and using rainbow tables (exhaustive or close to exhaustive precharacterization


Talk #4: About Probability Density Function Estimation for Side Channel Analysis

Speaker
Florent Flament
Schedule
Date 2010/02/04
Start time 14:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Florent Flament, Houssem Maghrebi, Moulay Aziz Elabid, Jean-Luc Danger, Sylvain Guilley, and Laurent Sauvage 
Telecom ParisTech, France

Abstract:

The side-channel attacks are a serious threat to secrets
protected by cryptographic functions implemented in electronic devices. The threat is serious when the crytographic operations are performed using a PC but is yet more dangerous for embedded devices for which the various side-channels are more easily available to the attacker.
This article describes a generalisation of the dpa and cpa which not only finds the secret key in used but gives the attacker a lot of informations about the internals of the target system, which enables her to optimize other attacks. The attack can also be used as a characterization tool by the designer of the embedded system to check that his countermeasures work as expected in a more precise way than performing an attack and obtaining a yes/no answer.


Talk #5: Side channels attacks in code-based cryptography

Speaker
Falko Strenzke
Schedule
Date 2010/02/04
Start time 14:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Pierre-Louis Cayrel, CASED, Germany
Falko Strenzke, FlexSecure GmbH, Germany

Abstract:

The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post quantum world because there is no efficient quantum algorithm for the underlying problems upon which these cryptosystems are built. The CFS, Stern and KKS signature schemes are post-quantum secure because they are based on hard problems of coding theory. The purpose of this article is to describe what kind of attacks have been proposed against code-based constructions and what is missing.



Invited Talk #2: Constructive Side Channel Analysis and Secure Design for novel Design Platforms and Design Environments

Speaker
Ingrid Verbauwhede
Schedule
Date 2010/02/04
Start time 15:30
Duration 01:00
Downloads & Links
Slides PDF

Ingrid Verbauwhede
Katholieke Universiteit Leuven, Belgium,
ESAT/COSIC

Abstract:

The goal of this presentation is to give an overview of novel design platforms and novel design methods to make next generation embedded systems. Next generation embedded systems are complex and very heterogeneous systems-on-chip.

They combine full-custom building blocks, embedded controllers, many different types of memory, remote reconfigurable building blocks and many forms of hardware and software. They also adapt to changing environmental conditions or workloads.

Providing side-channel security in this context is a challenge. Therefore, novel design methods to make COSADE possible will be needed. In this presentation, an overview of design trends, challenges and open problems for side-channel security will be given.


Session 3: Tools

Talk #6: Side Channel Leakage Profiling in Software

Speaker
Daniel Shumow
Schedule
Date 2010/02/04
Start time 16:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Daniel Shumow and Peter Montgomery, 
Microsoft Research, USA

Abstract:

Testing cryptographic implementations for side channel leakage is a difficult and important problem. The techniques used to uncover side channel leakage are more involved than the usual methodologies of software testing, for example sometimes involving physical measurements of hardware. As such, it is difficult to work this sort of analysis into the usual software testing process. To this end we have developed the Side Channel Profiler. This is an extensible framework for capturing dynamic execution of cryptographic code and applying side channel analysis regardless of underlying architecture.  This tool can be used to selectively emulate different hardware components, or apply other side channel leakage criteria. We also demonstrate how the tool can be used to analyze an implementation of naive square and multiply modular exponentiation.


Talk #7: DPA Characteristic Evaluation of SASEBO for Board Level Simulation

Speaker
Naofomi Homma
Schedule
Date 2010/02/04
Start time 17:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Toshihiro Katashita, Akashi Satoh, Katsuya Kikuchi, Hiroshi Nakagawa, Masahiro Aoyagi
National Institute of Advanced Industrial Science and Technology, AIST/RCIS, Japan

Abstract:

For development of a secure cryptographic hardware against power analysis attacks, security evaluation methodologies based on simulation is required before its manufacturing to reduce concern about redesign. In order to create an appropriate simulation model for the security evaluation and to investigate leakage mechanism of side-channel information, we conducted DPA on a newly developed SASEBO-GII board, and evaluate signal-to-noise ratio of side-channel information with changing amount of decoupling capacitances on a power line. The impedance characteristics of SASEBO-GII were also measured for the modeling.





Session 4: Protection & Design

Talk #8: Right-to-Left or Left-to-Right Exponentiation?

Speaker
Colin Walter
Schedule
Date 2010/02/05
Start time 10:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Colin Walter, Royal Holloway, United Kingdom

Abstract:

The most recent left-to-right and right-to-left multibase exponentiation methods are compared for elliptic curve and modular residue groups to gauge the value and cost of switching from the normal left-to-right mode to the more side channel resistant right-to-left direction.

Talk #9: Side-Channel based Watermarks for IP Protection

Speaker
Christof Paar
Schedule
Date 2010/02/05
Start time 11:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Georg T. Becker, Markus Kasper and Christof Paar
Ruhr-Universität Bochum, Germany

Abstract:

Copyright violations are an increasing problem for hardware designers. Illegal copies of IP cores can cost manufactures millions of dollars. As one possi- ble solution to this problem, digital watermarking for integrated circuits has been proposed in the past. We propose a new watermarking mechanism that is based on side-channels and that can easily and reliably be detected. The idea is to embed a unique signal into a side-channel of the device that serves as a watermark, similar to a side-channel based hardware Trojan. This enables the owner of the watermark to check ICs for their code using the established side-channel. But detecting the illegal use of code in a hardware design is only the first step. With watermarking the owner can also proof towards a third party (e.g a judge) that the code was illegally reused.


Talk #10: Performance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices

Speaker
Johann Großschädl
Schedule
Date 2010/02/04
Start time 17:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Johann Großschädl,
University of Luxembourg, Luxembourg

Abstract:

The SSL/TLS protocol is the de-facto standard for secure Internet communications, and supported by virtually all modern e-mail clients and Web browsers. With more and more PDAs and cell phones providing wireless e-mail and Web access, there is an increasing demand for establishing secure SSL/TLS connections on devices that are relatively constrained in terms of computational resources. Therefore, the efficient implementation of the cryptographic primitives executed on the client side of the SSL/TLS protocol is essential for the emergence of a wireless Internet with strong end-to-end security. In addition, the cryptographic primitives need to be protected against side-channel analysis since an attacker may be able to monitor, for example, electromagnetic emanations from a mobile device. Using an RSA-based cipher suite has the advantage that all modular exponentiations on the client side are carried out with public exponents, which is uncritical in terms of performance and side-channel leakage. However, the current migration to AES-equivalent security levels makes a good case for using an Elliptic Curve Cryptography (ECC)-based cipher suite. We demonstrate in this paper that, for high security levels, ECC-based cipher suites outperform their RSA counterparts on the client side, even though they require the integration of diverse countermeasures against side-channel attacks. In addition, we propose a new countermeasure to protect the symmetric encryption of application messages (i.e. bulk data) against Differential Power Analysis (DPA) attacks. This new countermeasure, which we call inter-block shuffling, is based on an "interleaved" encryption of several 128-bit blocks of data (using, for example, the AES), and randomizes the order in which the individual rounds of the individual blocks are executed. Our experimental results show that inter-block shuffling is a highly effective countermeasure as it provides excellent DPA-protection at the expense of a slight degradation in performance.

Session 5: Countermeasures

Talk #11: Randomizing the Montgomery Multiplication to Repel Template Attacks on Multiplicative Masking

Speaker
Marcel Medwed
Schedule
Date 2010/02/05
Start time 15:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF


Authors:

Christoph Herbst and Marcel Medwed 
IAIK ,TU Graz, Austria

Abstract:

For a long time multiplicative masking together with highly
regular exponentiation algorithms was believed to thwart all side-channel based threats. Recent research results showed that the multiplicative masking itself can be attacked in order to recover the used masks. In this paper we propose a countermeasure which closes this security gap. The basic idea is to protect the masking step by introducing a randomized multiplication. The proposed method is cheap in terms of performance overhead. The memory overhead is reasonable.

Talk #12: Towards a Third Order Side Channel Analysis Resistant Table Recomputation Method

Speaker
Ange Martinelli
Schedule
Date 2010/02/05
Start time 13:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Guillaume Fumaroli, Sylvain Lachartre and Ange Martinelli
Thales, France
Louis Goubin, Université Versailles Saint-Quentin, France

Abstract:

Side Channel Analysis (SCA for short) exploits the information leaked during the execution of a cryptographic algorithm to mount efficient key-recovery attacks.
Typical countermeasures against SCA consists in splitting all the intermediate data in two or more random parts or masks that are manipulated at different times while maintaining some consistency relation throughout the execution. The main issue in designing such a countermeasure is to devise a suitable algorithm for implementing functions that are non-linear with respect to the masking scheme without introducing a flaw in the scheme. An implementation is said to be resistant to d-th order SCA (dO-DPA resistant for short) if any d-tuple of its intermediate variables is independent of sensitive data. While proper dO-SCA resistance non-linear function implementation have been proposed for d<2, it still remains an open problem for d>2. This paper extends the 2O-SCA resistant table recomputation of to provide close to 3O-SCA resistance.


Invited Talk #3: Constructive Power Analysis in Practice

Speaker
Stefan Mangard
Schedule
Date 2010/02/05
Start time 14:00
Duration 01:00
Downloads & Links
Slides PDF

Stefan Mangard
Infineon Technologies AG, Munich, Germany
Security Innovation Research Group

Abstract:

This talk focuses the challenge of how to find and fix DPA problems in practice. First, the differences between finding functional problems of a design and finding security problems are discussed.
The talk then explores how DPA attacks can be used to pinpoint the cause of DPA problems. In this context, the effect of the inputs and parameters of the attacks are discussed: the choice of the hypotheses, the choice of the distinguisher and the simulation or measurement of the power traces. In the second part of the talk, a concrete example is given. Starting with power traces of a chip, the DPA leakage is analyzed one step after the other until the exact transistors are known that cause the leakage. 


Session 6: Preprocessing & Preselection

Talk #13: Biasing power traces to improve correlation in power analysis attacks

Speaker
Yongdae Kim
Schedule
Date 2010/02/05
Start time 13:00
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF

Authors:

Yongdae Kim, Akeshi Sugawara, Naofumi Homma and Takafumi Aoki, Graduate School of Information Sciences, Tohoku University, Japan Akashi Satoh, National Institute of Advanced Industrial Science and Technology, Japan

Abstract:

In this paper, we present a selection method of power traces to improve the efficiency of power analysis attacks. The proposed method improves the correlation factor by biasing distribution of power traces. The biasing is to select a subset from many traces. We demonstrate our method through correlation power analysis (CPA) experiments using two different devices. The results clearly show that the selection of power traces has a significant impact on the results of CPAs. Based on the selection method, an evaluation method to detect such biasing in power traces is also proposed. The method can be used to achieve fair comparison of statistical distinguishers for power analysis attacks.

Talk #14: Improved Template Attacks

Speaker
Jürgen Pulkus
Schedule
Date 2010/02/05
Start time 13:30
Duration 00:30
Downloads & Links
Extended Abstract PDF
Slides PDF


Authors:

Martin Baer, Fraunhofer SIT, Germany
Jürgen Pulkus and Hermann Drexler,
Giesecke & Devrient, Germany

Abstract:

This article describes some observations made during our still on- going experiments on template attacks. Taking an unsecured software implementation of the AES on a smart card with highly data depen- dent current consumption, we try out methods given in the literature as well as some own ideas. Our currently best method is able to de- termine the complete 16-byte key correctly given just one power trace using a search over less than one million key candidates in the worst case.