|일정시작 :||2019-05-07 (화)|
|일정종료 :||2019-05-07 (화)|
Are difficult math problems enough to protect sensitive information?
Traditionally, the security of most cryptosystems has been guaranteed by the difficulty of solving the mathematical problems in which they are based. In this sense, the Integer Factorization Problem (IFP) and the Discrete Logarithm Problem (DLP) are only two of the most widely used problems to protect confidential information from the eyes of adversaries. Both problems are nowadays considered infeasible from a computational point of view because the time needed to obtain a solution is very very large (exponential or subexponential time).
Nevertheless, the aforementioned traditional belief changed in 1996 when Boneh, Demillo and Lipton , and Kocher , showed, respectively, that it is possible to obtain information about the keys used in cryptographical devices if an adversary can induce faults during the execution of the cryptosystem, or can measure the amount of time required to perform private key operations (time is then a side channel; other typical side channels associated to the device are the electromagnetic emanations, power consumption, temperature, etc.). That is, the attackers do not target the mathematical strength of the cryptosystem, but its physical implementation in a device.
We are working in Side-channel attacks by developing a framework for acquiring and analysing traces from cryptographic devices, in particular from a Samsung Galaxy S3 smartphone , and by implementing a modular toolbox for differential power analysis .
In this lecture, we present a couple of examples of implementation attacks against one of the today most used cryptosystems: the RSA cryptosystem .
For the first example, we will recall the RSA protocols used to encrypt and decrypt messages. Then, we will analyse how to determine the private (secret) key employed by user to decrypt a message, by measuring the power consumption of the cryptographical device where the algorithm is implemented.
In the second example, we will show the RSA-CRT protocol employed to elaborate and verify a digital signature, and later, we will study how to obtain the private key used to sign a message by inducing a fault in the device when the algorithm is being executed.
D. Boneh, R.A. Demillo, and R.J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults, Lecture Notes Comput. Sci., 1233 (1997), 37-51.
P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, Lecture Notes in Comput. Sci., 1109 (1996), 104-113.
A. Blanco Blanco, J.M. de Fuentes, L. González-Manzano, L. Hernández Encinas, A. Martín Muñoz, J.L. Rodrigo Oliva, and J.I. Sánchez García. A Framework for Acquiring and Analyzing Traces from Cryptographic Devices, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 239 (2018), 283-300.
A. Fuentes Rodríguez, L. Hernández Encinas, A. Martín Muñoz, and B. Alarcos Alcázar, A Modular and Optimized Toolbox for Side-Channel Analysis, IEEE Access 7 (2019), 21889-21903.
R. Rivest, A. Shamir and L. Adelman, A method for obtaining digital signatures and public key cryptosystems, Comm. ACM, 21 (1978), 120-126.
Do you have a spam issue on this site; I also am a blogger, and I was curious about your situation; many of us have created some nice practices and we are looking to exchange methods with other folks, please shoot me an e-mail if interested.|