Accelerating Correlation Power Analysis Using Graphics Processing Units (original) (raw)
Related papers
IACR Cryptol. ePrint Arch., 2018
Parallel cryptographic implementations are generally considered to be more advantageous than their non-parallel counterparts in mitigating side-channel attacks because of their higher noise-level. So far as we know, the side-channel security of GPU-based cryptographic implementations have been studied in recent years, and those implementations then turn out to be susceptible to some side-channel attacks. Unfortunately, the target parallel implementations in their work do not achieve strict parallelism because of the occurrence of cached memory accesses or the use of conditional branches, so how strict parallelism affects the side-channel security of cryptographic implementations is still an open problem. In this work, we make a case study of the side-channel security of a GPU-based bitsliced AES implementation in terms of bit-level parallelism and threadlevel parallelism in order to show the way that works to reduce the side-channel security of strict parallel implementations. We pr...
Side-Channel Attacks With Multi-Thread Mixed Leakage
IEEE Transactions on Information Forensics and Security
Side-channel attacks are one of the greatest practical threats to security-related applications, because they are capable of breaking ciphers that are assumed to be mathematically secure. Lots of studies have been devoted to power or electromagnetic (EM) analysis against desktop CPUs, mobile CPUs (including ARM, MSP, AVR, etc) and FPGAs, but rarely targeted modern GPUs. Modern GPUs feature their special and specific single instruction multiple threads (SIMT) execution fashion, which makes their power/EM leakage more sophisticated in practical scenarios. In this paper, we study side-channel attacks with leakage from SIMT systems, and propose leakage models suited to any SIMT systems and specifically to CUDA-enabled GPUs. Afterwards, we instantiate the models with a GPU AES implementation, which is also used for performance evaluations. In addition to the models, we provide optimizations on the attacks that are based on the models. To evaluate the models and optimizations, we run the GPU AES implementation on a CUDA-enabled GPU and, at the same time, collect its EM leakage. The experimental results show that the proposed models are more efficient and the optimizations are effective as well. Our study suggests that GPU-based cryptographic implementations may be much vulnerable to microarchitecture-based sidechannel attacks. Therefore, GPU-specific countermeasures should be considered for GPU-based cryptographic implementations in practical applications.
Towards a Software Approach to Mitigate Correlation Power Analysis
Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, 2016
In this research we present a novel implementation for a software countermeasure to mitigate Correlation Power Analysis (CPA). This countermeasure combines pseudo controlled-random dummy code and a task scheduler using multi threads to form dynamic power traces which obscures the occurrence of critical operations of the AES-128 algorithm. This work investigates the use of a task scheduler to generate noise at specific areas in the AES-128 algorithm to mitigate the CPA attack. The dynamic power traces have shown to be an effective contermeasure, as it obscures the CPA into predicting the incorrect secret key. Furthermore, the countermeasure is tested on an ATmega and an ATxmega microcontroller. The basic side channel analysis attack resistance has been increased and in both scenarios the proposed countermeasure has reduced the correlation accuracy and forced the CPA to predict the incorect key. The correlation accuracy decreased from 97.6% to 53.6% on the ATmega microntroller, and decreased from 82% to 51.4% on the ATxmega microcontroller.
Correlation-Enhanced Power Analysis Collision Attack
Cryptographic Hardware and Embedded Systems, 2010
Side-channel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of collision attacks can be adapted to efficiently break some masked hardware implementation of the AES which still have first-order leakage. The proposed attack breaks an AES implementation based on the corrected version of the masked S-box of Canright and Batina presented at ACNS 2008. The attack requires only six times the number of traces necessary for breaking a comparable unprotected implementation. At the same time, the presented attack has minimal requirements on the abilities and knowledge of an adversary. The attack requires no detailed knowledge about the design, nor does it require a profiling phase.
POWER AMOUNT ANALYSIS: AN EFFICIENT MEANS TO REVEAL THE SECRETS IN CRYPTOSYSTEMS
In this paper we propose a novel approach to reveal the information leakage of cryptosystems by means of a side-channel analysis of their power consumption. We therefore introduce first a novel power trace model based on communication theory to better understand and to efficiently exploit power traces in side-channel attacks. Then, we discuss a dedicated attack method denoted as Power Amount Analysis, which takes more time points into consideration compared to many other attack methods. We use the well-known Correlation Power Analysis method as the reference in order to demonstrate the figures of merit of the advocated analysis method. Then we perform a comparison of these analysis methods at identical attack conditions in terms of run time, traces usage, misalignment tolerance, and internal clock frequency effects. The resulting advantages of the novel analysis method are demonstrated by mounting both mentioned attack methods for an FPGA-based AES-128 encryption module.
Power amount analysis: Another way to understand power traces in side channel attacks
2012 Second International Conference on Digital Information Processing and Communications (ICDIPC), 2012
Correlation power analysis, a method aiming to reveal the secrets of a cryptosystem, is based on one fixed time point of the captured power traces, which unveils the largest key dependent information leakage. In this paper, we propose a new power trace model based on communication theory to better understand and to efficiently exploit power traces in side channel attacks. Then, a new attack method denoted as Power Amount Analysis is proposed, which takes more time points into consideration compared to the correlation power analysis. Based on this trace model, we compare and discuss attack results produced by both methods at identical attack conditions. The superior efficiency of the Power Amount Analysis is demonstrated for an AES-128 encryption module. As an additional asset, this method features a high robustness in presence of randomly misaligned power traces.
Multi-core architecture with asynchronous clocks to prevent power analysis attacks
IEICE Electronics Express
This paper proposes a multi-core architecture with asynchronous clocks to prevent power analysis attacks for the first time. The multi cores normally execute different tasks with default clocks, but will execute the cryptographic algorithm together with asynchronous clocks to foil the side channel attacks. The cryptographic algorithm is split into multi parts, each of which is executed simultaneously by one core. Security analysis and simulation results show that the differential power analysis (DPA) attack and correlation power analysis (CPA) attack fail on data encryption standard (DES) and advanced encryption standard (AES) with the proposed architecture.
Power analysis attacks against FPGA implementations of the DES
Field Programmable Logic …, 2004
Cryptosystem designers frequently assume that secret parameters will be manipulated in tamper resistant environments. However, physical implementations can be extremely difficult to control and may result in the unintended leakage of side-channel information. In power analysis attacks, it is assumed that the power consumption is correlated to the data that is being processed. An attacker may therefore recover secret information by simply monitoring the power consumption of a device. Several articles have investigated power attacks in the context of smart card implementations. While FPGAs are becoming increasingly popular for cryptographic applications, there are only a few articles that assess their vulnerability to physical attacks. In this article, we demonstrate the specific properties of FPGAs w.r.t. Differential Power Analysis (DPA). First we emphasize that the original attack by Kocher et al. and the improvements by Brier et al. do not apply directly to FPGAs because their physical behavior differs substantially from that of smart cards. Then we generalize the DPA attack to FPGAs and provide strong evidence that FPGA implementations of the Data Encryption Standard (DES) are vulnerable to such attacks.
2008
Abstract Side channel attack based upon the analysis of power traces is an effective way of obtaining the encryption key from secure processors. Power traces can be used to detect bitflips which betray the secure key. Balancing the bitflips with opposite bitflips have been proposed, by the use of opposite logic. This is an expensive solution, where the balancing processor continues to balance even when encryption is not carried out in the processor.
2009
Cryptography, the science of writing secrets, has been used for centuries to conceal information from eavesdroppers and spies. Today, in the information age, data security and authenticity are paramount, as more services and applications start to rely on the Internet, an unsecured channel. Despite the existence of security protocols and implementations, many online services refrain to use cryptographic algorithms due to their poor performance, even when using cryptography would be a clear advantage.