Filters

2017 - 201912020 - 20214

More filters

2019 - 201912020 - 20234
Reset filters

Settings

Author: Dyka, Zoya × WGL Institute: IHP ×

Search Results

Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    Methods increasing inherent resistance of ECC designs against horizontal attacks
    (Amsterdam [u.a.] : Elsevier Science, 2020) Kabin, Ievgen; Dyka, Zoya; Klann, Dan; Langendoerfer, Peter
    Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2n)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%.
  • Thumbnail Image
    Item
    Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice
    (Dordrecht [u.a.] : Springer Science + Business Media B.V, 2021) Kabin, Ievgen; Dyka, Zoya; Klann, Dan; Aftowicz, Marcin; Langendoerfer, Peter
    The Montgomery kP algorithm i.e. the Montgomery ladder is reported in literature as resistant against simple SCA due to the fact that the processing of each key bit value of the scalar k is done using the same sequence of operations. We implemented the Montgomery kP algorithm using Lopez-Dahab projective coordinates for the NIST elliptic curve B-233. We instantiated the same VHDL code for a wide range of clock frequencies for the same target FPGA and using the same compiler options. We measured electromagnetic traces of the kP executions using the same input data, i.e. scalar k and elliptic curve point P, and measurement setup. Additionally, we synthesized the same VHDL code for two IHP CMOS technologies, for a broad spectrum of frequencies. We simulated the power consumption of each synthesized design during an execution of the kP operation, always using the same scalar k and elliptic curve point P as inputs. Our experiments clearly show that the success of simple electromagnetic analysis attacks against FPGA implementations as well as the one of simple power analysis attacks against synthesized ASIC designs depends on the target frequency for which the design was implemented and at which it is executed significantly. In our experiments the scalar k was successfully revealed via simple visual inspection of the electromagnetic traces of the FPGA for frequencies from 40 to 100 MHz when standard compile options were used as well as from 50 MHz up to 240 MHz when performance optimizing compile options were used. We obtained similar results attacking the power traces simulated for the ASIC. Despite the significant differences of the here investigated technologies the designs’ resistance against the attacks performed is similar: only a few points in the traces represent strong leakage sources allowing to reveal the key at very low and very high frequencies. For the “middle” frequencies the number of points which allow to successfully reveal the key increases when increasing the frequency.
  • Thumbnail Image
    Item
    On the Complexity of Attacking Elliptic Curve Based Authentication Chips
    (Amsterdam [u.a.] : Elsevier, 2021) Kabin, Ievgen; Dyka, Zoya; Klann, Dan; Schaeffner, Jan; Langendoerfer, Peter
    In this paper we discuss the difficulties of mounting successful attacks against crypto implementations if essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to the Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. If attacking commercial designs without signing NDAs, we were forced to intensively search the Internet for information about the designs. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. But we could not reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, as we did not knew the used keys we could not evaluate the success of our attack. To summarize, the effort of such an attack is significantly higher than the one of attacking a well-known implementation.
  • Thumbnail Image
    Item
    On wireless channel parameters for key generation in industrial environments
    (New York, NY : IEEE, 2017) Kreiser, Dan; Dyka, Zoya; Kornemann, Stephan; Wittke, Christian; Kabin, Ievgen; Stecklina, Oliver; Langendoerfer, Peter
    The advent of industry 4.0 with its idea of individualized mass production will significantly increase the demand for more flexibility on the production floor. Wireless communication provides this type of flexibility but puts the automation system at risk as potential attackers now can eavesdrop or even manipulate the messages exchanged even without getting access to the premises of the victim. Cryptographic means can prevent such attacks if applied properly. One of their core components is the distribution of keys. The generation of keys from channel parameters seems to be a promising approach in comparison to classical approaches based on public key cryptography as it avoids computing intense operations for exchanging keys. In this paper we investigated key generation approaches using channel parameters recorded in a real industrial environment. Our key results are that the key generation may take unpredictable long and that the resulting keys are of low quality with respect to the test for randomness we applied.
  • Thumbnail Image
    Item
    Resilience in the Cyberworld: Definitions, Features and Models
    (Basel : MDPI, 2021) Vogel, Elisabeth; Dyka, Zoya; Klann, Dan; Langendörfer, Peter
    Resilience is a feature that is gaining more and more attention in computer science and computer engineering. However, the definition of resilience for the cyber landscape, especially embedded systems, is not yet clear. This paper discusses definitions provided by different authors, on different years and with different application areas the field of computer science/computer engineering. We identify the core statements that are more or less common to the majority of the definitions, and based on this we give a holistic definition using attributes for (cyber-) resilience. In order to pave a way towards resilience engineering, we discuss a theoretical model of the life cycle of a (cyber-) resilient system that consists of key actions presented in the literature. We adapt this model for embedded (cyber-) resilient systems.