My summary of the paper "Scan Based Side-Channel Attack on Data Encryption Standard" by Yang et al.
This work was published in IACR 2004.
https://hsiung.cc/posts/yang-scan-based-side-channel-attack-on-des/
OpenFlow Data Center - A case Study by Pica8nvirters
White box switches are emerging as a viable alternative for network architects deploying software defined networks, but SDN deployments will require OpenFlow support. In this presentation, David will explain the experience of taking an OpenFlow white box switch to production in 3 data centers. The presentation will cover the following topics:
- How to work through limited TCAM in commercial silicon and maximize the TCAM usage for production
- How to scale an OpenFlow-based data center network under constraints
- How commercial silicon supports the OpenFlow 1.3 specification
- Additional features of the OpenFlow specification that will drive commercial silicon development
- Interworking L2/L3 and an OpenFlow network on the same switch
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
OpenFlow Data Center - A case Study by Pica8nvirters
White box switches are emerging as a viable alternative for network architects deploying software defined networks, but SDN deployments will require OpenFlow support. In this presentation, David will explain the experience of taking an OpenFlow white box switch to production in 3 data centers. The presentation will cover the following topics:
- How to work through limited TCAM in commercial silicon and maximize the TCAM usage for production
- How to scale an OpenFlow-based data center network under constraints
- How commercial silicon supports the OpenFlow 1.3 specification
- Additional features of the OpenFlow specification that will drive commercial silicon development
- Interworking L2/L3 and an OpenFlow network on the same switch
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Pushing a camel through the eye of a needleSensePost
Presentation by Marco Slaviero, Haroon Meer and Glenn Wilkinson at BlackHat USA in 2008.
This presentation is about tunneling information thought networks in innovative ways. The Reduh and Squeeza tools which were developed by the presenters are discussed.
Lowering the bar: deep learning for side-channel analysisRiscure
Deep learning can help automate the signal analysis process in power side channel analysis. We show how typical signal processing problems such as noise reduction and re-alignment are automatically solved by the deep learning network. We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation. These experiments indicate that where previously side channel analysis had a large dependency on the skills of the human, first steps are being developed that bring down the attacker skill required for such attacks using Deep Learning automation.
⭐⭐⭐⭐⭐ CHARLA FIEC: Monitoring of system memory usage embedded in #FPGAVictor Asanza
Introduction:
Field Programmable Gate Array #FPGA
System on Chip #SoC
#Nios_II_Processor
Hard Processor System #HPS
Advanced RISC Machine #ARM
Logical bridges
Share physical resources
Related Works:
Renovell et Al., testing #RAM modules in #FPGA
Focus on functional tests RAM of the FPGA
Wei et Al., RAM memory monitoring
Embedded System from the #HardProcessor
Wang et Al., Real-time applications
Use memory optimized way during the execution of tasks based on SoC architecture
real-time Electrocardiogram #ECG
FPGA with two 8GB Dual Data Rate Synchronous Dynamic Random Access Memories #DDR3 #SDRAM
Results:
As shown in Fig 12, the SRAM is working in the logical part executing several tasks and it is validated that as time passes the memory consumption increases. In addition, the writing times will depend on the amount of memory to be written and this varies according to the task that is being executed by the user or those that he has programmed in the Nios II.
As for the DD3, it is executing the Linux OS as a basis and additionally, a size proportional to the size of the SRAM is reserved for the respective comparisons, so it is observed that it has a higher consumption and longer response times. It should be considered in this comparison that the DD3 in addition to running the OS, also has the web server implemented which consumption varies according to the clients that are connecting to the webpage where it can be seen the memory monitoring of the embedded system. Also, thanks to the part of the HPS it is possible to monitor the memory of the embedded system without affecting its consumption.
As shown in Fig. 13, the SRAM is not under the same workload since it is only responsible for storing what Nios II needs for the execution of the tasks.
Finally, it was consider that the HPS portion to be very important for a clean monitoring not only of the SRAM but also of any core that is implemented in the FPGA portion, since if this application is implemented on a chip that only has FPGA the application would affect the consumption and performance of it, therefore you could not have completely reliable results.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
APNIC Training Delivery Manager presents an analysis on Thailand's RPKI status at ThaiNOG Day 2021, held with the BKNIX Peering Forum 2021 from 13 to 14 May 2021.
IPv6 Segment Routing is a major IPv6 extension that provides a modern version of source routing that is currently being developed within the Internet Engineering Task Force (IETF). We propose the first open-source implementation of IPv6 Segment Routing in the Linux kernel. We first describe it in details and explain how it can be used on both endhosts and routers. We then evaluate and compare its performance with plain IPv6 packet forwarding in a lab environment. Our measurements indicate that the performance penalty of inserting IPv6 Segment Routing Headers or encapsulat- ing packets is limited to less than 15%. On the other hand, the optional HMAC security feature of IPv6 Segment Routing is costly in a pure software implementation. Since our implementation has been included in the official Linux 4.10 kernel, we expect that it will be extended by other researchers for new use cases.
Presented at ANRW'17 https://irtf.org/anrw/2017/program.html on behalf of David Lebrun
Kernel Recipes 2013 - Deciphering OopsiesAnne Nicolas
The Linux kernel is a very complex beast living in millions of households and data centers around the world. Normally, you’re not supposed to notice its presence but when it gets cranky because of something not suiting it, it spits crazy messages called colloquially
oopses and panics.
In this talk, we’re going to try to understand how to read those messages in order to be able to address its complaints so that it can get back to work for us.
The presentation covers the basics of packet forwarding and simplified architecture of the router. Additionally it explains what problem Cisco Express Forwarding (CEF) solves and how. At the end static routing is covered.
Delivered by Dmitry Figol, CCIE R&S #53592.
Moved to https://speakerdeck.com/ebiken/zebra-srv6-cli-on-linux-dataplane-enog-number-49
Introduction to SRv6, Linux SRv6 implementation and how to add SRv6 CLI to Zebra 2.0 Open Source Network Operation Stack.
Presented at ENOG (Echigo NOG) #49.
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Lowering the bar: deep learning for side-channel analysisRiscure
Deep learning can help automate the signal analysis process in power side channel analysis. We show how typical signal processing problems such as noise reduction and re-alignment are automatically solved by the deep learning network. We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation. These experiments indicate that where previously side channel analysis had a large dependency on the skills of the human, first steps are being developed that bring down the attacker skill required for such attacks using Deep Learning automation.
⭐⭐⭐⭐⭐ CHARLA FIEC: Monitoring of system memory usage embedded in #FPGAVictor Asanza
Introduction:
Field Programmable Gate Array #FPGA
System on Chip #SoC
#Nios_II_Processor
Hard Processor System #HPS
Advanced RISC Machine #ARM
Logical bridges
Share physical resources
Related Works:
Renovell et Al., testing #RAM modules in #FPGA
Focus on functional tests RAM of the FPGA
Wei et Al., RAM memory monitoring
Embedded System from the #HardProcessor
Wang et Al., Real-time applications
Use memory optimized way during the execution of tasks based on SoC architecture
real-time Electrocardiogram #ECG
FPGA with two 8GB Dual Data Rate Synchronous Dynamic Random Access Memories #DDR3 #SDRAM
Results:
As shown in Fig 12, the SRAM is working in the logical part executing several tasks and it is validated that as time passes the memory consumption increases. In addition, the writing times will depend on the amount of memory to be written and this varies according to the task that is being executed by the user or those that he has programmed in the Nios II.
As for the DD3, it is executing the Linux OS as a basis and additionally, a size proportional to the size of the SRAM is reserved for the respective comparisons, so it is observed that it has a higher consumption and longer response times. It should be considered in this comparison that the DD3 in addition to running the OS, also has the web server implemented which consumption varies according to the clients that are connecting to the webpage where it can be seen the memory monitoring of the embedded system. Also, thanks to the part of the HPS it is possible to monitor the memory of the embedded system without affecting its consumption.
As shown in Fig. 13, the SRAM is not under the same workload since it is only responsible for storing what Nios II needs for the execution of the tasks.
Finally, it was consider that the HPS portion to be very important for a clean monitoring not only of the SRAM but also of any core that is implemented in the FPGA portion, since if this application is implemented on a chip that only has FPGA the application would affect the consumption and performance of it, therefore you could not have completely reliable results.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
APNIC Training Delivery Manager presents an analysis on Thailand's RPKI status at ThaiNOG Day 2021, held with the BKNIX Peering Forum 2021 from 13 to 14 May 2021.
IPv6 Segment Routing is a major IPv6 extension that provides a modern version of source routing that is currently being developed within the Internet Engineering Task Force (IETF). We propose the first open-source implementation of IPv6 Segment Routing in the Linux kernel. We first describe it in details and explain how it can be used on both endhosts and routers. We then evaluate and compare its performance with plain IPv6 packet forwarding in a lab environment. Our measurements indicate that the performance penalty of inserting IPv6 Segment Routing Headers or encapsulat- ing packets is limited to less than 15%. On the other hand, the optional HMAC security feature of IPv6 Segment Routing is costly in a pure software implementation. Since our implementation has been included in the official Linux 4.10 kernel, we expect that it will be extended by other researchers for new use cases.
Presented at ANRW'17 https://irtf.org/anrw/2017/program.html on behalf of David Lebrun
Kernel Recipes 2013 - Deciphering OopsiesAnne Nicolas
The Linux kernel is a very complex beast living in millions of households and data centers around the world. Normally, you’re not supposed to notice its presence but when it gets cranky because of something not suiting it, it spits crazy messages called colloquially
oopses and panics.
In this talk, we’re going to try to understand how to read those messages in order to be able to address its complaints so that it can get back to work for us.
The presentation covers the basics of packet forwarding and simplified architecture of the router. Additionally it explains what problem Cisco Express Forwarding (CEF) solves and how. At the end static routing is covered.
Delivered by Dmitry Figol, CCIE R&S #53592.
Moved to https://speakerdeck.com/ebiken/zebra-srv6-cli-on-linux-dataplane-enog-number-49
Introduction to SRv6, Linux SRv6 implementation and how to add SRv6 CLI to Zebra 2.0 Open Source Network Operation Stack.
Presented at ENOG (Echigo NOG) #49.
As containers are being deployed as part of multi tenant clusters, virtual multi layer switches become essential to interconnect containers while providing isolation guarantees. Assigning tenants their own private networks requires stateful network address translation (NAT) implemented in a scalable architecture to expose containers to public networks. Existing virtual switches integrated into the Linux kernel did not support stateful NAT so far. This presentation introduces a new virtual NAT service deployable as container built using existing kernel functionality such as network namespaces, routing rules and Netfilter to provide NAT services to existing virtual switches such as Open vSwitch and the Linux bridge but also the core L3 layer of Linux.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Presently on a daily basis sharing the information over web is becoming a significant issue due to security problems. Thus lots of techniques are needed to protect the shared info in academic degree unsecured channel. The present work target cryptography to secure the data whereas causing inside the network. Encryption has come up as a solution, and plays an awfully necessary role in data security. This security mechanism uses some algorithms to scramble info into unclear text which can be exclusively being decrypted by party those possesses the associated key. This paper is expounded the varied forms of algorithmic rule for encryption & decryption: DES, AES, RSA, and Blowfish. It helps to hunt out the best algorithmic rule.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Essentials of Automations: The Art of Triggers and Actions in FME
Scan Based Side Channel Attack on Data Encryption Standard
1. Scan Based Side Channel Attack on
Data Encryption Standard
IACR’04
Bo Yang, Kaijie Wu, Ramesh Karri
ECE Dept., Polytechnic University, Brooklyn. (Currently NYU Tandon)
2. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
2
3. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
3
4. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Cryptographic algorithms
– Application-Specific Integrated Circuits (ASIC)
– Cryptographic Coprocessors
• Scan-based tests
– Validate the function of a hardware system at fabrication time and in
field.
– High fault coverage, test pattern generation and signature analysis
w/o additional hardware. (cp. built-in self test (BIST))
4
5. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Scan-based tests
– Constructs several Scan Chains (SCs) in a chip by tying together
internal registers and flip flops and connecting them to the JTAG.
– During test synthesis
• SCs are inserted by synthesis tool.
– During chip packaging
• SCs are connected to external JTAG
interface pins to provide on-chip debugging
and maintenance in field, or left unbound.
5
6. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Scan-based tests
– However, unbound scan chains can still be accessed by breaking the
package open.
6
7. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Data Encryption Standard
– DES is a symmetric encryption algorithm developed in the 1970s by
IBM.
– Encrypts 64-bit data blocks under the control of a 56-bit user key.
– DES decryption is the inverse of DES encryption and uses the same
user key.
7
8. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Data Encryption Standard
8
9. Scan Based Side Channel Attack on Data Encryption Standard
Introduction
• Contributions
– Show that scan chains can be used to discover the secret keys stored
in a cryptographic device.
– The approach is simple yet general and powerful and can be adapted
to any cryptographic implementation on ASICs or FPGAs or general
microprocessors.
9
10. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
10
11. Assumptions
• Know the DES algorithm.
• Have access to high level timing
diagrams.
• Do not know the exact number of
registers used.
• Round keys are stored in a secure
RAM/ROM.
• Round key registers are not included
in the scan chain.
• Do not know the structure of the scan
chain.
11
12. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
12
13. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Step 1. Determine Scan Chain Structure
• Step 2. Recover DES Round Key
• Step 3. Recover DES User Key
13
14. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Switch the DES circuit between normal mode
and test mode.
1. Reset to normal mode -> Load a known plaintext into input register.
2. Switch to test mode -> Scan out the bit stream, pattern 1.
3. Switch to normal mode -> Load the plaintext into L or R registers.
4. Switch to test mode -> Scan out the bit stream, pattern 2.
5. Repeat steps 1 to 3 using a plaintext that is different from the first
plaintext in only one-bit position. Save the pattern 3 and pattern 4.
14
Step 1. Determine Scan Chain Structure
15. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Know the location of L and R registers in the scan chain
→ Break DES algorithm!
15
Step 2. Recover DES Round Key
L1 = R0
‚ R1 = L0 ⨁ d
ƒ d = permutation(c)
„ a = Expand(r)
… b = a ⨁ K1
† c = S_box(b)
d
d
L1
L0
R0
R1
r
a
a
c
c b
b K1
16. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Reverse the S-box (Substitution Box)
– Each S-box compresses the 6-bit input into a 4-bit output.
16
Step 2. Recover DES Round Key
(000110)2, (001111)2, (100010)2 or (101101)2
(001110)2, (000111)2, (101010)2 or (100101)2
c2=8 c2=8
c2=4 c2=6
(010111)2 (111100)2
c3=11 c3=5
K148K143
K147K146K145K144
17. Scan Based Side Channel Attack on Data Encryption Standard
Methodology
• Each round key contains 48 bits of the 56-bit user key.
• By analysis of the DES round key generation algorithm, we
only need to recover round keys K1, K2, and K3 to derive the
user key.
17
Step 3. Recover DES User Key
18. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
18
19. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
19
• Attack Complexity Analysis
– 198 clock cycles to scan-out the first bit stream.
– 198 clock cycles to locate one flip flop in the input register.
• Total 38016 cycles to determine the entire scan chain.
– 397 clock cycles for every input plaintext to reach R0, L0, R1 and L1.
• Total 3561 cycles to discover round keys K1, K2 and K3.
– Overall, 41775 clock cycles are required to discover the user key.
20. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
20
• Attack Complexity Analysis
– 198 clock cycles to scan-out the first bit stream.
• 1 cycle for normal operation + 197 cycles for scan operations
– 198 clock cycles to locate one flip flop in the input register.
• Total 38016 (=192×198) cycles to determine the entire scan chain.
– 397 clock cycles for every input plaintext to reach R0, L0, R1 and L1.
• 2 cycles for normal operation + 197 cycles for scan operation + 1 cycle for
normal operation + 197 cycles for scan operation
• 1191 cycles (397×3) to discover round key K1.
• 1185 cycles to discover round keys K2 and K3.
21. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
21
• Extension to a pipelined DES architecture
– 16-stage pipeline will have 17 pairs: (L0, R0) … (L16, R16).
– L0 and R0 can be located first.
– L1 and R1 can be located by observing that
L1= R0 and R1=L0⊕f (R0, K1).
– If we only change the lowest bit in L0, L1 remains
unchanged, then the lowest bit in R1 will switch
because f (R0, K1) remains unchanged.
– Similarly, we can locate all flip-flops.
– Hence, we can recover round key K1, K2 and K3.
22. Scan Based Side Channel Attack on Data Encryption Standard
Discussion
22
• Characteristics of crypto algorithms on hardware
– Data-driven: different plaintexts, but the control logic performs the
same action.
– Avalanche effect: One-bit difference in a round will translate into
several bit changes in the next round.
• This determines the clock cycle when the plaintext is loaded
into the input plaintext register and the L, R registers.
23. Scan Based Side Channel Attack on Data Encryption Standard
Outline
• Introduction
• Assumptions
• Methodology
• Discussion
• Conclusions
23
24. Scan Based Side Channel Attack on Data Encryption Standard
Conclusions
• Several side-channel attacks have been proposed.
• Show that scan chains and scan-based tests are a potent side-
channel.
• Propose an attack using only 3 plaintexts to break DES.
24