ارائه حمله تحلیل توان همبستگی روی پیاده‌سازی سخت‌افزاری رمز احرازاصالت‌شدهOCB

جهانبانی, محسن; نوروزی, زین العابدین; باقری, نصور

ارائه حمله تحلیل توان همبستگی روی پیاده‌سازی سخت‌افزاری رمز احرازاصالت‌شدهOCB

نوع مقاله : مقاله پژوهشی

نویسندگان

¹ دانشجوی دکتری ریاضی، رمز، دانشگاه جامع امام حسین (ع)

² دانشگاه جامع امام حسین (ع)، هیات علمی

³ هیئت علمی- دانشگاه شهید رجایی

چکیده

طراحی رمزهای احرازاصالت‌شده جدید با هدف ایجاد یکپارچگی بین دو سرویس محرمانگی و جامعیت داده ایجاد شده‌اند. اخیراً مسابقه سزار به‌منظور طراحی این رمزها برگزار و 6 طرح به عنوان برنده نهایی انتخاب شده‌اند. یکی از معیارهای ارزیابی این رمزها علاوه بر امنیت تئوری، امنیت در برابر حملات کانال جانبی است که تاکنون کمتر مورد توجه قرار گرفته است. رمز احراز‌اصالت‌شده OCB به عنوان یکی از برندگان مسابقه سزار دارای ویژگی‌های امنیتی خاص نظیر استفاده از ساختار رمزهای قالبی تنظیم‌پذیر در طرح می‌باشد که انجام حملات کانال جانبی را با چالش روبرو می‌نماید. در این کار برای اولین‌بار، یک طرح حمله تحلیل توان همبستگی 7-مرحله‌ای در زمان پردازش تک‌شمار، ارائه شده است. برای این هدف، رمز OCB به‌صورت سخت‌افزاری روی برد SAKURA-G پیاده‌سازی شده است. با کمک اثرهای ثبت‌شده ناشی از توان مصرفی S-box، حمله تحلیل توان CPA با مدل نشت توان مقدار-صفر به‌صورت موفق اجرا ‌و تمامی بایت‌های کلید بازیابی شده ‌است.

کلیدواژه‌ها

موضوعات

Hardware security

عنوان مقاله [English]

Correlation Power Attack on Hardware Implementation of OCB Authenticated Cipher

نویسندگان [English]

Mohsen Jahanbani ¹
زین العابدین نوروزی ²
Nasour Bagheri ³

¹ PhD student, Imam Hossein Comprehensive University

² Faculty member

³ Lavizan

چکیده [English]

Authenticated encryption schemes provide both confidentiality and integrity services simultaneously. To design such schemes, the CAESAR competition was being held with six winners. One of the criteria for evaluation theses ciphers, besides general security, is the security against side-channel attacks, which has been studied less so far. The OCB authenticated cipher, one of the CAESAR’s winners, has special security properties such as a tweakable block cipher based construction that makes the side-channel attacks challenging. In this paper, for the first time, a 7-stage correlation power analysis (CPA) attack on nonce processing time is presented to indicate its vulnerability. For this purpose, OCB cipher is implemented on a SAKURA-G board. By measuring and collecting the power traces on S-box, a successful CPA attack with a zero-value power model is mounted and all bytes of the key are recovered.

Keywords
Authenticated encryption (AE) scheme, OCB scheme, Correlation power analysis, CAESAR competition, SAKURA-G.

کلیدواژه‌ها [English]

Authenticated encryption scheme
OCB
Correlation power analysis
SAKURA-G

مراجع

[1] D. Whiting, R. Housley, and N. Ferguson, “Counter with cbc-mac (ccm), RFC3610,” 2003.

[2] T. Krovetz and P. Rogaway, “The OCB authenticated-encryption algorithm, RFC 7253,” 2014. [Online]. Available: https://tools.ietf.org/html/rfc7253.

[3] D. McGrew and J. Viega, “The Galois/counter mode of operation (GCM),” Submiss. to NIST Modes Oper. Process, vol. 20, 2004.

[4] N. Ferguson, “Authentication weaknesses in GCM,” Comments submitted to NIST Modes of Operation Process, 2005. [Online]. Available: https://csrc.nist.gov/csrc/media /projects/block-cipher-techniques/documents /bcm/comments/cwc-gcm/ferguson2.pdf.

[5] H. Böck, A. Zauner, S. Devlin, J. Somorovsky, and P. Jovanovic, “Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.,” IACR Cryptology ePrint Archive, Report 2016/475, 2016. [Online]. Available: https://eprint.iacr.org /2016/475.

[6] “CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustnes.” [Online]. Available: http:// competitions.cr.yp.to/caesar.html.

[7] H. Wu, “ACORN: a lightweight authenticated cipher (v3),” Candidate for the CAESAR Competition, 2016. [Online]. Available: http://competitions.cr.yp.to/round3/acornv3.pdf.

[8] C. Dobraunig, M. Eichlseder, F. Mendel, and M. Schläffer, “Ascon v1.2,” Submission to the CAESAR Competition, 2016. [Online]. Available: http://competitions.cr.yp.to/round3/asconv1.2.pdf.

[9] A. Baksi, V. Pudi, S. Mandal, and A. Chattopadhyay, “Lightweight ASIC Implementation of AEGIS-128,” in 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2018, pp. 251–256.

[10] E. T. and K. Y. A. Elena, A. Bogdanov, N. Datta, A. Luykx, B. Mennink, M. Nandi, “COLM v1.,” CAESAR competition proposal, 2016. [Online]. Available: https:// competitions.cr.yp.to/round3/colmv1.pdf.

[11] A. Mehrdad, F. Moazami, and H. Soleimany, “Impossible differential cryptanalysis on Deoxys-BC-256,” ISC Int. J. Inf. Secur., vol. 10, no. 2, pp. 93–105, 2018.

[12] A. Adomnicai, J. J. Fournier, and L. Masson, “Masking the Lightweight Authenticated Ciphers ACORN and Ascon in Software,” Cryptogr. Inf. Secur. Balk. Springer Int. Publ. Cham, 2018.

[13] N. Samwel and J. Daemen, “DPA on hardware implementations of Ascon and Keyak,” in Proceedings of the Computing Frontiers Conference, 2017, pp. 415–424.

[14] G. Bertoni, J. Daemen, M. Peeters, G. Van Assche, and R. Van Keer, “Keyak v2,” CAESAR Submiss., 2015. [Online]. Available:http://competitions.cr.yp.to/round3/keyakv22.pdf

[15] H. Gross, E. Wenger, C. Dobraunig, and C. Ehrenhöfer, “Ascon hardware implementations and side-channel evaluation,” Microprocess. Microsyst., vol. 52, pp. 470–479, 2017.

[16] W. Diehl and K. Gaj, “RTL implementations and FPGA benchmarking of selected CAESAR Round Two authenticated ciphers,” Microprocess. Microsyst., vol. 52, pp. 202–218, 2017.

[17] A. E. Mode, “The JAMBU Lightweight Authentication Encryption Mode (v2. 1),” CAESAR competition proposal, 2016. [Online]. Available: http://competitions.cr. yp.to/round3/jambuv21.pdf.

[18] T. Iwata, K. Minematsu, J. Guo, and E. Kobayashi, “CLOC and SILC,” CAESAR competition proposal, 2016. [Online]. Available: http://competitions.cr.yp.to/round3 /clocsilcv3.pdf.

[19] R. V. K. Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, “Ketje v2,” CAESAR Submiss., 2015. [Online]. Available: http://competitions.cr.yp.to/round3 /ketjev2.pdf .

[20] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Annual International Cryptology Conference, 1999, pp. 388–397.

[21] E. Brier, C. Clavier, and F. Olivier, “Correlation power analysis with a leakage model,” in International workshop on cryptographic hardware and embedded systems, 2004, pp. 16–29.

[22] D. Agrawal, J. R. Rao, and P. Rohatgi, “Multi-channel attacks,” in International Workshop on Cryptographic Hardware and Embedded Systems, 2003, pp. 2–16.

[23] B. Gierlichs, L. Batina, P. Tuyls, and B. Preneel, “Mutual information analysis,” in International Workshop on Cryptographic Hardware and Embedded Systems, 2008, pp. 426–442.

[24] B. Hettwer, S. Gehrer, and T. Güneysu, “Applications of machine learning techniques in side-channel attacks: a survey,” J. Cryptogr. Eng., pp. 1–28, 2019.

[25] S. Mangard, E. Oswald, and T. Popp, “Power analysis attacks: Revealing the secrets of smart cards,” vol. 31. Springer Science & Business Media, 2008.

[26] P. Rogaway, M. Bellare, J. Black, and T. Krovetz, “OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption,” in Proceedings of the 8th ACM conference on Computer and Communications Security, 2001, pp. 196-205.

[27] W. Stallings, “The offset codebook (OCB) block cipher mode of operation for authenticated encryption,” Cryptologia, vol. 42, no. 2, pp. 135–145, 2018.

[28] J. Jaffe, “A first-order DPA attack against AES in counter mode with unknown initial counter,” in International Workshop on Cryptographic Hardware and Embedded Systems, 2007, pp. 1–13.

[29] H. Gross, S. Mangard, and T. Korak, “Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order.,” IACR Cryptology ePrint Archive, Report 2016/486, 2016. [Online]. Available: https://eprint. iacr.org/2016/486.

[30] “Side-channel AttacK User Reference Architecture.” [Online]. Available: http:// satoh.cs.uec.ac.jp/SAKURA/hardware.html.

[31] [Online]. Available: “https://github.com/ newaetech/chipwhisperer.”.

[32] م. معصومی، ع. دهقان منشادی، ا. مددی و س. ساعیمقدم، "یک روش جدید و کارآمد نقاب‌گذاری جمعی و ارزیابی مقاومت آن در برابر تحلیل توان"، پدافند الکترونیکی و سایبری، جلد 6، شماره 2، صفحه 123-134، 1396.