Defeating RSA Multiply-Always and Message Blinding Countermeasures
1 like1,398 views
This document discusses a new side channel attack called cross correlation that can defeat RSA implementations. It works by analyzing power traces from an RSA device executing signatures to reveal the private exponent. The attack preprocessing compresses and reveals modular operations in traces. It then uses cross correlation analysis to observe operand sharing between operations, allowing retrieval of the full private key. Countermeasures like exponent blinding and randomizing the operation order can prevent this attack.
Defeating RSA Multiply-Always and Message Blinding Countermeasures
- 1. Marc Witteman Riscure Defeating RSA Multiply-Always and Message Blinding Countermeasures Session ID: CRYP-201 Session Classification: Advanced
- 2. Agenda 2 Introduction Preprocessing modular operations Cross correlation Conclusion
- 3. 3 Introduction • About the authors • Side Channel Analysis • RSA background • Countermeasures • Attack concepts
- 4. About The Authors Marc F. Witteman CTO, Riscure Jasper G. J. van Woudenberg Senior Security Analyst, Riscure Federico Menarini Security Analyst, Riscure 4
- 5. Side Channel Analysis Analyze secret leakage from crypto implementations Example power trace of DES on smart card Leaks hamming weight of processed data 5
- 6. RSA background Exponentiation is sequence of square and multiply operations Naïve implementations do for each key bit Always square Conditional multiplication (if key bit equals ‘1’) Distinction of square and multiply operations may reveal key (SPA) 1 000 11 0 0 8
- 7. Countermeasures noise multiply-always discard multiplication results after processing a zero bit message blinding multiply message with random number, and multiply signature with a matching inverse that removes the mask exponent blinding add random multiples of φ to the exponent 9 Some common countermeasures against side channel analysis of RSA
- 8. Attack concepts Cross correlation is an attack class Comparable to high-order DPA No clear text/cipher text needed Attack demonstrated on RSA smart card implementation with several countermeasures Procedure with two innovative steps Preprocess modular operations Cross correlation analysis 10
- 9. 11 Preprocessing modular operations • Compression • Revealing • Position finding
- 10. Compressing modular operations Modular operation execution typically increases power consumption due to switching of many bits in parallel Old smart cards have easily recognizable modular operations Compression involves selection of threshold, and averaging all sequential samples above a threshold Low pass filtering may be needed if signals are noisy 12
- 11. Revealing hidden modular operations New smart cards hide or scramble power signal (may need EMA) Modular operations may be recognized by alignment and averaging Pattern recognition works only for first operations (clock jitter) 13
- 12. • One averaged pattern is used to identify and locate modular operations in the noisy traces • Correlate the pattern with the trace, and the peaks indicate the starting points of the modular operations Position finding of shifted modular operations 14
- 13. 15 Cross Correlation • Operand sharing • Principle • Matrix • Effect of multiply-always • Neighboring samples
- 14. Operand sharing RSA uses two similar operations (intermediate signature S, message M, modulus N) Square: S’ := S * S mod N Multiply: S’ := S * M mod N Subsequent square operations usually do not share operands Multiply operations do share an operand (M) Operand sharing may be observed if order of square and multiply operations identical for repetitive encryptions 16
- 15. Cross correlation principle Consider a set of k traces with n samples as a matrix Compute correlation between each pair of sample vectors 17
- 16. Cross correlation matrix Correlation matrix represented in colored dots, where a lighter color corresponds to a higher correlation Multiply operations light up like a Christmas tree Can recognize naïve binary exponentiation key: 111101011000101 18
- 17. Cross correlation with multiply always High frequency of correlating pairs reveals multiply always variant Incidental correlation of square operation with predecessor reveals discarded multiply: S’ = S * M S’’ = S * S Can recognize key: 11110101100 19
- 18. Cross correlating neighboring samples Compute and display correlation only between adjacent vectors 1 1 11 0 0 0 0 High and low correlation values correspond to key bits set to zero and one Complete key can be retrieved in short time 20
- 19. 21 Conclusion • Apply • Countermeasures • Future research • Summary • Q&A
- 20. Apply This attack can be applied to any RSA implementation under the following conditions Power consumption or EM radiation can be measured (with minimal S/N) Several thousand crypto operations (signatures) can be executed Implementation uses a fixed sequence of modular operations No data requirements No chosen messages needed No known messages or signatures needed Attack applies to RSA-Straight and RSA-CRT Naïve and Montgomery multiplication Any hashing or padding scheme Attack yields private exponent 22
- 21. Countermeasures Countermeasures that do NOT work Message blinding Multiply always, Montgomery ladder, or BRIP Countermeasures that are NOT enough Noise Signal reduction Random delays / variable clocks Countermeasures that work Exponent blinding Random bit group size Any randomization method that makes the order of square and multiply operations unpredictable 23
- 22. Future research Cross correlation attack applies well to RSA, but the method is not restricted to RSA We study application of the concepts to ECC Symmetric algorithms 24
- 23. Attack summary New side channel attack class developed and demonstrated Applies to many different RSA implementations Defeats several countermeasures Effective countermeasures are possible 25
- 24. Q&A Need help? contact Marc Witteman CTO witteman@riscure.com Riscure Inc. 901 Mariners Island Blvd Suite 595 San Mateo, CA 94404 USA Phone: +1 650 425 7327 www.riscure.com 26 Complete article can be downloaded from: http://www.riscure.com/tech-corner/publications.html