Modern Methods of Attacking Cryptographic Systems

As a countermeasure, strict evaluations to enhance the resistivity of the devices and the inclusion of security techniques that are hard to infiltrate have to be taken into consideration. This paper will, therefore, discuss the vulnerabilities that exist in a smart card as a cryptographic device, different models of side-channel attack, their classification, analysis methods for side-channel attacks, the different methods that attackers use in executing their attacks and the effective countermeasures to counter the attacks. Keywords: cryptographic device, Attacks, public key, private key, cryptanalysis, cryptosystems, side-channel. Table of Contents Abstract 2 Introduction 4 Smart Card Overview (Cryptographic Device) 5 Side-channel Attack Models 5 Classification of Side-channel attacks 7 Ways to access the module 7 Invasive attacks 7 Semi invasive attacks 7 Non-invasive attack 8 Methods used in analysis 9 Side-channel attacks 10 Timing attack (TA) 10 Fault attack (FA) 11 Power Analysis Attack 12 Electromagnetic Attack (EMA) 13 Countermeasures 13 Randomization 13 Blinding 14 Masking 14 Conclusion 15 Table of figures Figure 1: traditional model 7 Figure 3: cryptographic model plus side-channel 8 Figure 4: how DSCA works 11 Figure 5: working principle of a timing attack 12 Figure 6: sample fault attack against a smart card 13 Introduction Security is a major concern for all computing and communication systems as it poses the greatest threat to the safety and integrity of information and the computing device.

For this reason, substantial research and resources flow towards finding long-lasting solutions to address this challenge. Furthermore, we will look at the different types of side-channel attacks including probing, timing, fault induction, electromagnetic attacks and single and differential attacks. Finally, we will discuss the countermeasures to the attacks at both the software and the hardware level. Smart Card Overview (Cryptographic Device) A smart card is a computer which consists of a processor either 8-bit or 32-bit, an EEPROM, RAM, a ROM and which is capable of handling input and perform computations on the data. The main objective of a smart card is to provide for the cryptographic operation executions, using a hidden key thus hiding the contents from surfacing to the adversary.

The smart card processor is mounted on a chip and allows connection to the external environment through an eight-channel wire for input and output (Rankl & Effing, 2016). This makes side-channel information available to the attacker under the traditional cryptographic model. The other model is the cryptographic model combined with a side-channel. Non-constant running time of a cipher will most probably leak secret key information as Paul Kocher notes that, timing attacks occur during the process of implementing RSA, Diffie-Hellman, and DSA in his paper (Kocher, 2014). The problem that arises as a result of the leakage becomes more pronounced when the optimizations become loopholes for implementations of the attacks. It is possible that, a one form of attack may not be so much of a real threat under other conditions.

Non-invasive attack This execution of this attack occurs by making a close observation to understand the operation of the device. Non-invasive attacks center on weak points that unintentionally leak information from the device. The best example for this form of attack is timing analysis where the attacker will patiently monitor the time that the device takes to perform an operation then comparing with predefined mathematical operations then computing the secret keys of the device (Black, 2014). It is important to note that, the two orthogonal axes of classification are not mutually exclusive to one another in that, a non-invasive attack may well be a preliminary step towards an active attack and also, a passive attack may be a way to introduce an invasive attack into the chip.

Although smart cards always have a protection mechanism to protect them from invasive attacks, some invasive attacks are more likely to beat the security feature on the smart cards (Rankl & Effing, 2016). The DSCA, on the other hand, works by exploiting the correlation that exists between the side-channel output and the data undergoing processing. It attacks the output as a result of the data in execution. The DSCA obtains numerous traces are captured in the execution then it will deduce the private key using a series of statistical methods that the attacker designs (Tiwari, Garg & Singh, 2017). DSCAs exploit the instantaneous leakage from the side-channel of the smart card. Statistical methods are useful for this attack because the correlation is usually minimal. It is worth noting that TAs seeks to exploit the variance in the individual algorithm operations.

Figure 5: working principle of a timing attack Fault attack (FA) A fault attack is the most common form of attack on generally all cryptographic devices. Nearly all the cryptographic algorithms have undergone exploitation using this attack in spite of the assumptions that some devices are 100% secure (Salam, Simpson, Bartlett, Dawson & Koon-Ho Wong, 2018). An attack arises as a result of hardware flaws and errors that sometimes are very tiny for the user to notice. The physical faults that come with the devices gives the attacker so much operational space to carry out their attacks on the cryptosystem and prevail. DPA is more effective and more powerful than SPA and it requires lesser resources in the long run. Electromagnetic Attack (EMA) Electromagnetic radiations that computers and complementary devices generate when running is the basis of EMA attacks as an attacker can easily make keen observations on these radiations and figure out their causal relationship.

Using the data the attacker receives, they are able to make computations using the data and end up with useful information. EMA just like power analysis attacks is subdivided into Simple EMA and differential EMA (Naija, Beroulle & Machhout, 2017). Countermeasures Some strategies provide ways to combat SCAs although there are ongoing studies that focus on the future ways to combat side-channel attacks on cryptographic devices. On the other hand the provider computes the function f using an additional private input. This concept is operating on the property of RSA signing function and is considered one of the most effective countermeasures against SCA in form of timing attacks and power analysis attacks (Tiwari, Garg & Singh, 2017). Masking This is one of the most commonly used countermeasures against timing attacks and power analysis attacks.

The masking process comprises of masking an algorithm so that the proposed immediate values are hidden in a mask. The idea behind masking is simple as follows: the key and the message are hidden in a mask using generally random masks at the start of the computations and then leaving everything that follows unhidden (Salam, Simpson, Bartlett, Dawson & Koon-Ho Wong, 2018). References Amini, E. , Jeddi, Z. , Khattab, A. , & Bayoumi, M. Performance Evaluation and Design Optimization for Flexible Multiple Instruction Multiple Data Elliptic Curve Cryptography Crypto Architecture. Kocher, P. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems.  Advances In Cryptology — CRYPTO ’96, 104-113 NAIJA, Y. , BEROULLE, V. , & MACHHOUT, M. Rankl, W. , & Effing, W. Atmel's smart card business in flux.  Card Technology Today, 19(4), 4.