Embedded Cryptography 1

Inbunden, Engelska, 2025

Av Emmanuel Prouff, Guenael Renault, Mattieu Rivain, Colin O'Flynn, France) Prouff, Emmanuel (ANSSI, France) Renault, Guenael (ANSSI, France) Rivain, Mattieu (CryptoExperts, Canada) O'Flynn, Colin (Dalhousie University

2 199 kr

Beställningsvara. Skickas inom 5-8 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

Embedded Cryptography provides a comprehensive exploration of cryptographic techniques tailored for embedded systems, addressing the growing importance of security in devices such as mobile systems and IoT. The books explore the evolution of embedded cryptography since its inception in the mid-90s and cover both theoretical and practical aspects, as well as discussing the implementation of cryptographic algorithms such as AES, RSA, ECC and post-quantum algorithms.The work is structured into three volumes, spanning forty chapters and nine parts, and is enriched with pedagogical materials and real-world case studies, designed for researchers, professionals, and students alike, offering insights into both foundational and advanced topics in the field.Embedded Cryptography 1 is dedicated to software side-channel attacks, hardware side-channel attacks and fault injection attacks.

Produktinformation

Utgivningsdatum2025-02-04
Mått166 x 239 x 27 mm
Vikt680 g
FormatInbunden
SpråkEngelska
SerieISTE Invoiced
Antal sidor400
FörlagISTE Ltd
ISBN9781789452136

Tillhör följande kategorier

Hårdvara inom Data och it
Referensverk och tvärvetenskap inom Samhalle och politik
IT-säkerhet inom Data och it

Emmanuel Prouff is a researcher in Applied Cryptography and Embedded Security. He has worked as an expert for ANSSI, France, as well as for major security companies such as IDEMIA and SAFRAN, both to develop secure implementations against physical attacks.Guénaël Renault is Deputy Head of the Hardware Security Lab at ANSSI, France. His research interests include cryptography, algebraic (symbolic) computation and computational number theory.Mattieu Rivain is a researcher and entrepreneur in Cryptography, currently working as CEO at CryptoExperts, France. His research interests include provable security against side-channel attacks, white-box cryptography, zero-knowledge proofs and post-quantum signatures.Colin O'Flynn is Assistant Professor in Embedded Hardware Security at Dalhousie University, Canada. His interests include embedded hardware security, PCB design and prototype construction.

Preface xiiiEmmanuel PROUFF, Guénaël RENAULT, Matthieu RIVAIN and Colin O’FLYNNPart 1 Software Side-Channel Attacks 1Chapter 1 Timing Attacks 3Daniel PAGE1.1. Foundations 31.1.1. Execution latency in theory 41.1.2. Execution latency in practice 51.1.3. Attacks that exploit data-dependent execution latency 61.2. Example attacks 101.2.1. Example 1.1: an explanatory attack on password validation 101.2.2. Example 1.2: an attack on xtime-based AES 121.2.3. Example 1.3: an attack on Montgomery-based RSA 141.2.4. Example 1.4: a padding oracle attack on AES-CBC 171.3. Example mitigations 201.4. Notes and further references 211.5. References 24Chapter 2 Microarchitectural Attacks 31Yuval YAROM2.1. Background 312.1.1. Memory caches 312.1.2. Cache hierarchies 322.1.3. Out-of-order execution 332.1.4. Branch prediction 342.1.5. Other caches 342.2. The Prime+Probe attack 342.2.1. Prime+Probe on the L1 data cache 352.2.2. Attacking T-table AES 362.2.3. Prime+probe on the LLC 382.2.4. Variants of Prime+Probe 392.3. The Flush+Reload attack 412.3.1. Attack technique 412.3.2. Attacking square-and-multiply exponentiation 422.3.3. Attack variants 432.3.4. Performance degradation attacks 442.4. Attacking other microarchitectural components 452.4.1. Instruction cache 452.4.2. Branch prediction 462.5. Constant-time programming 472.5.1. Constant-time select 472.5.2. Eliminating secret-dependent branches 482.5.3. Eliminating secret-dependent memory access 492.6. Covert channels 502.7. Transient-execution attacks 512.7.1. The Spectre attack 512.7.2. Meltdown-type attacks 532.8. Summary 542.9. Notes and further references 542.10. References 57Part 2 Hardware Side-Channel Attacks 65Chapter 3 Leakage and Attack Tools 67Davide BELLIZIA and Adrian THILLARD3.1. Introduction 673.2. Data-dependent physical emissions 673.2.1. Dynamic power 683.2.2. Static power 703.2.3. Electro-magnetic emissions 723.2.4. Other sources of physical leakages 733.3. Measuring a side-channel 753.3.1. Power analysis setup 753.3.2. Probes and probing methodologies 753.4. Leakage modeling 783.4.1. Mathematical modeling 783.4.2. Signal-to-noise ratio 813.4.3. Open source boards 833.4.4. Open source libraries for attacks 853.5. Notes and further references 863.6. References 87Chapter 4 Supervised Attacks 91Eleonora CAGLI and Loïc MASURE4.1. General framework 914.1.1. The profiling ability: a powerful threat model 914.1.2. Maximum likelihood distinguisher 944.2. Building a model 984.2.1. Generative model via Gaussian templates 984.2.2. Discriminative model via logistic regression 1004.2.3. From logistic regression to neural networks 1024.3. Controlling the dimensionality 1054.3.1. Points of interest selection with signal-to-noise ratio 1064.3.2. Fisher’s linear discriminant analysis 1074.4. Building de-synchronization-resistant models 1084.5. Summary of the chapter 1124.6. Notes and further references 1134.7. References 115Chapter 5 Unsupervised Attacks 117Cécile DUMAS5.1. Introduction 1175.1.1. Supervised attacks 1175.1.2. Unsupervised attacks 1185.1.3. How to attack without profiling? 1205.2. Distinguishers 1225.3. Likelihood distinguisher 1235.3.1. Distinguisher definition 1235.3.2. Determining Gaussian model parameters 1255.3.3. Linear leakage model for sensitive data 1255.3.4. Linear leakage model for sensitive data bits 1275.3.5. Conclusion 1285.4. Mutual information 1295.4.1. Information theory 1295.4.2. Distinguisher 1315.4.3. Bijectivity 1325.4.4. Probability calculation 1335.4.5. Conclusion 1355.5. Correlation 1365.5.1. Linear relationship – CPA 1365.5.2. Equivalence 1385.5.3. Conclusion 1395.6. A priori knowledge synthesis 1395.7. Conclusion on statistical tools 1425.8. Exercise solutions 1445.9. Notes and further references 1495.10. References 150Chapter 6 Quantities to Judge Side Channel Resilience 153Elisabeth OSWALD6.1. Introduction 1536.1.1. Assumptions and attack categories 1546.1.2. Attack success 1556.2. Metrics for comparing the effectiveness of specific attack vectors 1566.2.1. Magnitude of scores 1576.2.2. Number of needed leakage traces/success rate estimation 1576.3. Metrics for evaluating the leakage (somewhat) independent of a specific attack vector 1586.3.1. Signal to noise ratio 1586.3.2. Mutual information 1596.4. Metrics for evaluating the remaining effort of an adversary 1606.4.1. Key rank 1606.4.2. Average key rank measures 1616.4.3. Relationship with enumeration capabilities 1626.5. Leakage detection as a radical alternative to attack driven evaluations 1626.6. Formal evaluation schemes 1646.6.1. CC evaluations 1656.6.2. Fips 140-3 1666.6.3. Worst-case adversaries 1676.7. References 167Chapter 7 Countermeasures and Advanced Attacks 171Brice COLOMBIER and Vincent GROSSO7.1. Introduction 1717.2. Misalignment of traces 1737.2.1. Countermeasures 1747.2.2. Attacks 1797.3. Masking 1807.3.1. Countermeasures 1817.3.2. Attacks 1827.4. Combination of countermeasures 1837.5. To go further 1847.6. References 185Chapter 8 Mode-Level Side-Channel Countermeasures 187Olivier PEREIRA, Thomas PETERS and François-Xavier STANDAERT8.1. Introduction 1878.2. Building blocks 1888.3. Security definitions 1908.3.1. Authenticated encryption and leakage 1918.3.2. Integrity with leakage 1928.3.3. Confidentiality with leakage 1938.3.4. Discussion 1958.4. Leakage models 1978.4.1. Models for integrity 1988.4.2. Models for confidentiality 1998.4.3. Practical guidelines 2018.5. Constructions 2018.5.1. A leakage-resilient MAC 2018.5.2. A leakage-resistant encryption scheme 2048.5.3. A leakage-resistant AE scheme 2078.6. Acknowledgments 2088.7. Notes and further references 2088.8. References 210Part 3 Fault Injection Attacks 213Chapter 9 An Introduction to Fault Injection Attacks 215Jean-Max DUTERTRE and Jessy CLÉDIÈRE9.1. Fault injection attacks, disturbance of electronic components 2169.1.1. History of integrated circuit disturbance 2169.1.2. Fault injection mechanisms 2199.1.3. Fault injection benches 2459.1.4. Fault models and fault injection simulation 2539.2. Practical examples of fault injection attacks 2629.2.1. Introduction 2629.2.2. 1997 light attack on a secure product when loading a DES key 2639.2.3. Experimental examples of an attack on a PIN identification routine 2659.3. Notes and further references 2729.4. References 273Chapter 10 Fault Attacks on Symmetric Cryptography 277Debdeep MUKHOPADHYAY and Sayandeep SAHA10.1. Introduction 27710.2. Differential fault analysis 27810.2.1. Block ciphers and fault models 27810.2.2. DFA on AES: single-byte fault 28110.2.3. DFA on AES: multiple-byte fault 28410.2.4. DFA on AES: other rounds 28510.2.5. DFA on AES: key schedule 28510.2.6. DFA on other ciphers: general idea 28610.3. Automation of DFA 28610.3.1. ExpFault 28710.4. DFA countermeasures: general idea and taxonomy 28910.4.1. Detection countermeasures 29010.4.2. Infective countermeasures 29110.4.3. Instruction-level countermeasures 29210.5. Advanced FA 29210.5.1. Biased fault model 29310.5.2. Statistical fault attack 29310.5.3. Statistical ineffective fault attack 29410.5.4. Fault template attacks 29610.5.5. Persistent fault attacks 30110.6. Leakage assessment in fault attacks 30210.7. Chapter summary 30510.8. Notes and further references 30610.9. References 307Chapter 11 Fault Attacks on Public-key Cryptographic Algorithms 311Michael TUNSTALL and Guillaume BARBU11.1. Introduction 31111.2. Preliminaries 31211.2.1. Rsa 31211.2.2. Elliptic curve cryptography 31411.3. Attacking the RSA using the Chinese remainder theorem 31511.4. Attacking a modular exponentiation 31611.5. Attacking the ECDSA 31811.6. Other attack strategies 31911.6.1. Safe errors 31911.6.2. Statistical ineffective fault attacks 31911.6.3. Lattice-based fault attacks 32011.7. Countermeasures 32111.7.1. Padding schemes 32211.7.2. Verification, detection and infection 32211.7.3. Attacks on countermeasures 32311.8. Conclusion 32411.9. Notes and further references 32511.10. References 328Chapter 12 Fault Countermeasures 333Patrick SCHAUMONT and Richa SINGH12.1. Anatomy of a fault attack 33312.2. Understanding the attacker 33412.2.1. Fault attacker objectives 33412.2.2. Fault attacker means 33512.3. Taxonomy of fault countermeasures 33612.4. Fault countermeasure principles 33712.4.1. Redundancy 33712.4.2. Randomness 33812.4.3. Detectors 33912.4.4. Safe-error defense 33912.5. Fault countermeasure examples 34012.5.1. Algorithm level countermeasures 34012.6. ISA level countermeasures 34212.7. RTL-level countermeasures 34312.8. Circuit-level countermeasures 34312.9. Design automation of fault countermeasures 34412.10. Notes and further references 34512.11. References 348List of Authors 355Index 357Summary of Volume 2 363Summary of Volume 3 371