[HGI-News] HGI-Seminar am Montag, 10.01.2005

hgi-news at lists.ruhr-uni-bochum.de hgi-news at lists.ruhr-uni-bochum.de
Do Jan 6 13:14:54 CET 2005 



========================================================================

				  Kai Schramm 
             Horst Görtz Institut für IT Sicherheit 		 
            	  
					and

				Pankaj Rohatgi
		IBM Watson Research Center NY, USA

	       "New Applications of Template Attacks"

             Montag, 10.01.2005, 13:15 Uhr, IC 4/39,


Abstract
Side channel attacks try to break cryptographic implementations by
analyzing leakage information such as power consumption, EM radiation or
timing behaviour. An advanced form of side channel attacks are so-called
template attacks. Template attacks apply multivariate gaussian noise
statistics to classify the state of a processor. In general, template
attacks consist of two phases. First an adversary must have access to a
test device, which he uses to train statistical models. Then, the 
adversary uses to these models to attack an identical target device. 
In order to classify the state of a processor template attacks only 
require a single side channel trace, which makes them ideal to attack 
stream ciphers or any cipher, which uses ephemeral keys.

In this work we want to present new applications of template attacks.
First, we show that a single side channel trace carries enough
information for template attacks to classify the state of a single bit.
This leads to a new attack, 
which combines template classification and standard differential power
analysis (DPA) to break cryptographic implementations that are protected
against DPA using the masking countermeasure. 

The main idea is to build templates for classifying bits used in the
execution, that are usually randomized. This can be done by a
manufacturer, or by anyone who gets access to a single smart-card where
the random number generator is biased or has been 
made biased. If such templates can be built, then all similar
smart-cards become vulnerable to DPA, even if they have DPA protection
and perfect RNGs. 

This attacks also calls into question
the current approach of relying on third party certification of
smart-cards. Even if the certifier verifies all the code and
countermeasures on a smart card, and the smart card works perfectly, it
is breakable by anyone who is able to build templates (e.g., someone
involved in design, manufacturing or testing of cards, or anyone getting
access to a faulty card) and this backdoor cannot be detected during
certification.
========================================================================

EMAIL-VERTEILER: Wenn Sie Vortragsankündigungen auch in Zukunft per
Email erhalten wollen, können Sie hier
http://www.hgi.ruhr-uni-bochum.de/deutsch/newsletter/
unseren Newsletter abonnieren.

ANFAHRT: Eine Wegbeschreibung zum IC Gebäude der RUB ist hier zu finden:
http://www.crypto.ruhr-uni-bochum.de/contact.html

VORTRÄGE IM WS 2004/05:
 Abstracts sind hier:
 http://www.crypto.ruhr-uni-bochum.de/hgi_wise0405.html



========================================================================

M.Tech. Sandeep Kumar
Chair for Communication Security
Dept. of Electr. Eng. & Information Sciences
Ruhr-University Bochum
44780 Bochum, Germany

URL: www.crypto.rub.de

Mehr Informationen über die Mailingliste Hgi-News-Deutschland