Pankaj Rohatgi scite author profile

Abstract. We present template attacks, the strongest form of side channel attack possible in an information theoretic sense. These attacks can break implementations and countermeasures whose security is dependent on the assumption that an adversary cannot obtain more than one or a limited number of side channel samples. They require that an adversary has access to an identical experimental device that he can program to his choosing. The success of these attacks in such constraining situations is due manner in which noise within each sample is handled. In contrast to previous approaches which viewed noise as a hindrance that had to be reduced or eliminated, our approach focuses on precisely modeling noise, and using this to fully extract information present in a single sample. We describe in detail how an implementation of RC4, not amenable to techniques such as SPA and DPA, can easily be broken using template attacks with a single sample. Other applications include attacks on certain DES implementations which use DPA-resistant hardware and certain SSL accelerators which can be attacked by monitoring electromagnetic emanations from an RSA operation even from distances of fifteen feet.

show abstract

Towards Sound Approaches to Counteract Power-Analysis Attacks

Chari

et al. 1999

View full text Add to dashboard Cite

Side channel cryptanalysis techniques, such as the analysis of instantaneous power consumption, have been extremely e ective i n attacking implementations on simple hardware platforms. There are several proposed solutions to resist these attacks, most of which are ad hoc and can easily be rendered ine ective. A scienti c approach is to create a model for the physical characteristics of the device, and then design implementations provably secure in that model, i.e, they resist generic attacks with an a priori bound on the number of experiments. We propose an abstract model which approximates power consumption in most devices and in particular small single chip devices. Using this, we propose a generic technique to create provably resistant implementations for devices where the power model has reasonable properties, and a source of randomness exists. We prove a l o wer bound on the number of experiments required to mount statistical attacks on devices whose physical characteristics satisfy reasonable properties.

show abstract

Trojan Detection using IC Fingerprinting

Agrawal¹,

Baktır²,

Karakoyunlu

et al. 2007

647

381

View full text Add to dashboard Cite

The EM Side—Channel(s)

et al. 2003

View full text Add to dashboard Cite

Abstract. We present results of a systematic investigation of leakage of compromising information via electromagnetic (EM) emanations from CMOS devices. These emanations are shown to consist of a multiplicity of signals, each leaking somewhat different information about the underlying computation. We show that not only can EM emanations be used to attack cryptographic devices where the power side-channel is unavailable, they can even be used to break power analysis countermeasures.

show abstract

Introduction to differential power analysis

Kocher¹,

Jaffe²,

Jun³

et al. 2011

J Cryptogr Eng

527

324

View full text Add to dashboard Cite

The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs. This paper examines how information leaked through power consumption and other side channels can be analyzed to extract secret keys from a wide range of devices. The attacks are practical, non-invasive, and highly effective-even against complex and noisy systems where cryptographic computations account for only a small fraction of the overall power consumption. We also introduce approaches for preventing DPA attacks and for building cryptosystems that remain secure even when implemented in hardware that leaks.

show abstract

How to Sign Digital Streams

Gennaro¹,

Rohatgi²

2001

Information and Computation

189

220

View full text Add to dashboard Cite

We present a new e cient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially di erent from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long (or in nite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio les, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The rst one is for the case of a nite stream which is entirely known to the sender (say a movie). We use this constraint to devise an extremely e cient solution. The second case is for a (potentially in nite) stream which is not known in advance to the sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications in other areas, for example, e cient authentication of long les when communication is at a cost and signature based ltering at a proxy server.

show abstract

Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control

et al. 2007

View full text Add to dashboard Cite

Efficient Rijndael Encryption Implementation with Composite Field Arithmetic

et al. 2001

View full text Add to dashboard Cite

Abstract.We explore the use of subfield arithmetic for efficient implementations of Galois Field arithmetic especially in the context of the Rijndael block cipher. Our technique involves mapping field elements to a composite field representation. We describe how to select a representation which minimizes the computation cost of the relevant arithmetic, taking into account the cost of the mapping as well. Our method results in a very compact and fast gate circuit for Rijndael encryption. In conjunction with bit-slicing techniques applied to newly proposed parallelizable modes of operation, our circuit leads to a high-performance software implementation for Rijndael encryption which offers significant speedup compared to previously reported implementations.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Pankaj Rohatgi

Template Attacks

Towards Sound Approaches to Counteract Power-Analysis Attacks

Trojan Detection using IC Fingerprinting

The EM Side—Channel(s)

Introduction to differential power analysis

How to Sign Digital Streams

Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control

Efficient Rijndael Encryption Implementation with Composite Field Arithmetic

Contact Info

Product

Resources

About