350 likes | 380 Views
Japanese Standards Association ( JSA ) Information Technology Research and Standardization Center (INSTAC). TSRC and Side Channel Security Requirement. Shinichi Kawamura Tamper-resistance Standardization Research Committee (TSRC) Toshiba Corporation shinichi2.kawamura@toshiba.co.jp.
E N D
Japanese Standards Association (JSA) Information Technology Research and Standardization Center (INSTAC) TSRC and Side Channel Security Requirement Shinichi Kawamura Tamper-resistance Standardization Research Committee (TSRC) Toshiba Corporation shinichi2.kawamura@toshiba.co.jp JSA/INSTAC/Tamper-resistance Standardization Research Committee
Members of TSRC WG1 • Tsutomu Matsumoto (Chair, Yokohama National University) • Shinichi Kawamura (Secretary, Toshiba Corp.) • Koichi Fujisaki (Toshiba Corp.) • Naoya Torii (Fujitsu Laboratories Ltd.) • Shuichi Ishida (Hitachi, Ltd.) • Yukiyasu Tsunoo (NEC Corp.) • Minoru Saeki (Mitsubishi Electric Corp.) • Atsuhiro Yamagishi (IPA) JSA/INSTAC/Tamper-resistance Standardization Research Committee
Overview • Introduction • Relationship among the Committees • The Goal and Plan • Systematic Study of Tamper-resistance • Difficulties of Systematic Study • Side Channel Attacks • Attack vs. Target Matrix • Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks • INSTAC-8 (8-bit CPU) • INSTAC-32 (32-bit CPU and FPGA) • Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks • Attack vs. Countermeasure • Requirement focusing on attacks • Requirement focusing on countermeasures • Requirement focusing on metrics JSA/INSTAC/Tamper-resistance Standardization Research Committee
Part 1. Introduction Relationship among the Committees The Goal and Plan JSA/INSTAC/Tamper-resistance Standardization Research Committee
Organizational Structure 1 Ministry of Economy, Trade and Industry Bureau of Industrial Technology Environment Standardization Section Japanese Standardization Association Information Technology Research and Standardization Center (INSTAC) Tamper-resistance Standardization Research Committee (TSRC) WG1 (Technical Committee) Research Team JSA/INSTAC/Tamper-resistance Standardization Research Committee
Purpose of Establishment • Establishing the foundations of secure implementation of information technologies from a point of view of standardization by carrying out the following study and research items: • Systematic study of various tampering techniques • Developing the method to describe requirements to tamper-resistance • Contributing to the international standardization with respect to tamper-resistance JSA/INSTAC/Tamper-resistance Standardization Research Committee
Plan FY2003: • Established in September 2003 • Decide direction and start building platforms for experiments FY2004: • Study tamper-resistance deeply, based on theoretical and experimental analysis • Discuss how to describe requirements to tamper-resistance FY2005: • Make a proposal on tamper-resistance JSA/INSTAC/Tamper-resistance Standardization Research Committee
TSRC Vision Part 4 Tester Vendor Methodology & Metrics Counter- measure State of the art Module Academia & Industry Attacks Security Reliability Attacker Part 2 Part 3 Research literature Standard platform User JSA/INSTAC/Tamper-resistance Standardization Research Committee
Part 2. Systematic Study of Tamper-resistance Difficulties of Systematic Study Side Channel Attacks Attack vs. Target Matrix JSA/INSTAC/Tamper-resistance Standardization Research Committee
Difficulties inStudying Tamper-resistance • Not all attack methods and countermeasure can be discussed openly • Development of temper-resistant technique requires a physical target module • A few literatures discussed evaluation methods of tamper-resistance • Systematic study is a challenge to overcome these difficulties • TSRC have been focusing on Side Channel Attacks due to its urgency, timeliness, and limitation of resources JSA/INSTAC/Tamper-resistance Standardization Research Committee
Examples of Tampering Techniques Non-invasive Analysis Side Channel Attacks Invasive Analysis Fault-based Analysis Timing Analysis Power Analysis Probing A technique to probe signal after exposing surface of chips and removing protective coating A technique to derive internal confidential information using the difference between normal output and faulty output caused artificially A technique to estimate confidential information by analyzing processing time A technique to estimate confidential information by observing power consumption JSA/INSTAC/Tamper-resistance Standardization Research Committee
Survey of Literatures: Attack vs. Target 1 JSA/INSTAC/Tamper-resistance Standardization Research Committee
Survey of Literatures: Attack vs. Target 2 • Matrix has blank cells which should be examined if attacks in other cells could be applied to the cells • Besides completing matrix, essence of each attacks should be extracted and categorized • Ultimate goal of this work would be to make a comprehensive map or dictionary of side channel attacks JSA/INSTAC/Tamper-resistance Standardization Research Committee
Part 3. Development of Specification of Platforms to Evaluate Security of Embedded Software and FPGA Configuration Data Against Side Channel Attacks INSTAC-8 (8-bit CPU) INSTAC-32 (32-bit CPU and FPGA) JSA/INSTAC/Tamper-resistance Standardization Research Committee
Needs for Standard Evaluation Platform • Development of tamper-resistant techniques requires a physical target module. • Although many papers reported experimental results, the specification of target module is not necessarily clear • It is quite rare for a vendor to publish attack results against their own cryptographic module. • It is also rare for a researcher to report attack results against cryptographic module of a particular vendor, because such reports would not be constructive. • Lack of standard plat form seems to hinder the development of tamper-resistance technology. • It will change the situation if there is a standard platform whose specification is publicly available and non-proprietary. JSA/INSTAC/Tamper-resistance Standardization Research Committee
Standard Evaluation Platform • INSTAC-8 is a specification which has 8bit CPU. Its target is a low-end embedded system. • We also develop another specification INSTAC-32 for 32-bit CPU and FPGA. Its target is a middle to high-end system as well as semi-hardware implementation. • It is not the purpose of INSTAC-8 and -32 to emulate a particular cryptographic module. Rather it is the goal to provide a platform, where anyone con compare the data of side channel attacks. Therefore, we made the specification as simple as possible. JSA/INSTAC/Tamper-resistance Standardization Research Committee
The specification outline of INSTAC-8 JSA/INSTAC/Tamper-resistance Standardization Research Committee
An INSTAC-8 Compliant Evaluation Platform JSA/INSTAC/Tamper-resistance Standardization Research Committee
Environment of Experiment JSA/INSTAC/Tamper-resistance Standardization Research Committee
Voltage Waveform at DES Operation DES: Round 15 and Round 16 voltage Round 16 Round 15 time In order to investigate whether a repetition of F function can be checked from a voltage waveform using the INSTAC-8, we acquired a voltage waveform at the time of DES execution. There are repetitions of DES round 15 and round 16 in the voltage waveform. JSA/INSTAC/Tamper-resistance Standardization Research Committee
Result of DPA for DES (without countermeasure) Correlation of reference data and power consumption (3000 samples) Correlation This reference data has the largest correlation value. Attack point is L15 bit0. Time The difference in a color expresses the difference in reference data. There are all reference data(64 pattern) in this graph. JSA/INSTAC/Tamper-resistance Standardization Research Committee
INSTAC-32 (Specification) JSA/INSTAC/Tamper-resistance Standardization Research Committee
INSTAC-32 (Appearance) JSA/INSTAC/Tamper-resistance Standardization Research Committee
Some Results Reported • K. Fujisaki, et al. ISEC2004-No.55, 2004 • Proposal of INSTAC-8 and self-evaluation • H. Miyake, et al. SCIS2005, January 2005 • DPA evaluation on INSTAC-8 • Y. Takahashi, et al. ISEC2004-No.114, March 2005 • EM analysis on INSTAC-8 • K. Fujisaki, et al. ISEC2005-No.19, July 2005 • Proposal of INSTAC-32 and self-evaluation • Y. Tsunoo, et al. This conference, Sept. 2005 • Analysis report on INSTAC-8 Notes) ISEC : IEICE Tech. Rep. on Information Security (Bi-monthly) SCIS: Symp. on Cryptography and Information Security (Annual) JSA/INSTAC/Tamper-resistance Standardization Research Committee
Lessons Learned from INSTAC-8 and -32 • Present spec. is not in detail enough to make boards supplied by different manufacturer have the same property • Standardization of measurement conditions is necessary • Stable supply route should be established • More user friendly interface and manuals should be provided • Feedbacks from users should be reflected to the latest version JSA/INSTAC/Tamper-resistance Standardization Research Committee
Part 4. Study of Methods to Describe Security Requirements of Cryptographic Module with Respect to Side Channel Attacks • Attack vs. Countermeasure • Requirement focusing on attacks • Requirement focusing on countermeasures • Requirement focusing on metrics JSA/INSTAC/Tamper-resistance Standardization Research Committee
Attack vs. Countermeasure Attack Cryptographic Module Countermeasures Core of Cryptographic Module Attack Attack Attack JSA/INSTAC/Tamper-resistance Standardization Research Committee
Approach Focusing on Attacks Example: “Cryptographic module is required to be resistant to Timing Attack” • Concrete attack is focused ---Natural approach • Appropriate listing up of attacks is necessary • Adapting to emerging attack is an issue since more attacks seem still to come Cryptographic Module Timing Attack SPA Core of Cryptographic Module DPA Fault-based Attack EMA Other attacks JSA/INSTAC/Tamper-resistance Standardization Research Committee
Approach Focusing on Countermeasures Example: “Cryptographic module is required to implement Data Masking” or “Documentation shall specify countermeasures employed” • Countermeasure to prevent attacks is specified • Appropriate listing up of countermeasures is necessary • Adapting emerging attack is an issue since more attacks seem still to come • Vender would not like to explicitly describe countermeasures because they are • sometimes vendor know-how Cryptographic Module Randomized Timing Timing Attack Data Masking Core of Cryptographic Module SPA DPA Other Measures Fault-based Attack EMA Other attacks JSA/INSTAC/Tamper-resistance Standardization Research Committee
Approach Focusing on Metrics Example: “Cryptographic module is required to have metric A within a given range B with a given test method C” Presently, A, B, and C is not established. • Ideal approach -- if appropriate metrics and test method are defined • Searching for appropriate metrics is a big issue --- Intensive research is required • Good metrics may cover some emerging attacks Cryptographic Module Test Method 1 Metric 1 Countermeasures Core of Cryptographic Module Test Method 2 Metric 2 Other Test Methods Metric x JSA/INSTAC/Tamper-resistance Standardization Research Committee
Attack based Approach as Metric based Approach Randomized Timing Timing Attack Data Masking Cryptographic Module SPA DPA Other Measures Fault-based Attack EMA Other attacks Metric I Metric II First candidate of the metrics is whether attack is successful or not. JSA/INSTAC/Tamper-resistance Standardization Research Committee
Relationship among three approaches • Attack based and countermeasure based approaches are conventional. • But even in these cases, it would be very convenient if such objective metrics be provided, because such metrics would be an evidence of the evaluation. • Thus, the metric based approach is not exclusive with other approaches, rather complementary. • The problem is that there is no metrics specified so far. • It is our expectation such metrics will be found out, if we limit the attacks categories to side channel attacks. JSA/INSTAC/Tamper-resistance Standardization Research Committee
Candidatefor Metrics Development Steps • Investigate the attack methods • Determine physical quantity to measure • Determine conditions for measurement • Determine how to process the measured quantity • Screening, alignment, and filtering to reduce noise • Main procedure to derive metric for evaluation • Auto- or cross correlation, Differences for different conditions will be a candidates • Selection or integration of metrics should be considered • Scoring • Judgment standard for mapping the metrics to some score is necessary • Function to integrate plural scores to a total score is necessary • Optimization of total testing cost • Sampling test should be employed JSA/INSTAC/Tamper-resistance Standardization Research Committee
Summary • TSRC has been focusing on Side Channel Attacks by • Studying literatures and categorizing them • Developing standard platform of evaluation • Proposing metrics based approach and possible steps for metrics development • Comments and suggestions for TSRC’s approach are welcome JSA/INSTAC/Tamper-resistance Standardization Research Committee
Thank you for your attention! JSA/INSTAC/Tamper-resistance Standardization Research Committee