cryptography and copy protection

# S is your answer enough to reveal whats in each pot

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: MING ATTACKS s Well, normally not : 28 × 7 + 10 × 10 = 296 is an even number and 10 × 7 + 28 × 10 = 350 is also even… s However, just by monitoring the time it takes to give the answer (the mental calculation leading to 296 is more complicated than the one leading to 350) one can tell where each amount is! 24 Rennes presentation CONCLUSION s The external monitoring processing time may leak external world (e.g. credit 25 of power consumption or secret information to the keys, PINs etc). Rennes presentation DPA’s Principle Key x Message Mi Cryptographic Algorithm Ciphertext Power Consumption Waveform Pi 26 Rennes presentation Ci DPA is statistical test s Inputs : x a batch of data acquisitions for various inputs Mk 0 1 k x the messages Mk dfdsffb fdgcxv lklkjlsdq M0 M1 Mk x the 256 possible values of some byte xi in the key x 0 27 1 255 2 Rennes presentation The Idea (very important slide) s The encryption algorithm (not it’s source code!) is known to the hacker, the key x is not. s To produce Ck the device must begin, at some point in time, to mix Mk with the unknown key x. s Since the device is an 8-bit microcontroller, at this point in time the operation performed must be: result=operation(function(Mk),function(x)) s Where: x result and function(x) are bytes. x blue formula parts are known to hacker, reds are not. s Let D be one of the bits (say bit 5) of result 28 Rennes presentation Differential Power Analysis s For function(x)=0 to 255 repeat the following: function(x) D D=0 - D=1 n 1 0 lklkjlsdq fdgcxv Mn dfdsffb M1 M0 Average 29 Rennes presentation DPA For a Wrong Guess D=1 D=1 Average 1 D=0 D=0 Average 0 Average 1 - Average 0 30 Rennes presentation No DPA peak DPA For a Right Guess D=1 D=1 Average 1 D=0 D=0 Average 0 DPA peak Average 1 - Average 0 31 Rennes presentation Guess Selection s Choosing the right guess for function(x) 0 32 2n-1 1 Rennes presentation Propagating the blue s After selecting the good guess, function(x) becomes function(x), iterate on next red bytes, turn them to blue and progressively recover the whole key. s Bonus: not only we get the secret key, we also learn where each byte is created i.e. reverse engineer to some extent...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online