scispace - formally typeset
Search or ask a question
Author

Jasper G. J. van Woudenberg

Bio: Jasper G. J. van Woudenberg is an academic researcher. The author has contributed to research in topics: Computer science & Smart card. The author has an hindex of 6, co-authored 6 publications receiving 501 citations.

Papers
More filters
Proceedings ArticleDOI
29 Sep 2011
TL;DR: Fault injection methods are developed to show experimentally that protected smart cards are still vulnerable and the use of jitter-free diode lasers shows current countermeasures may be inadequate for the near future.
Abstract: In this paper we detail the latest developments regarding optical fault injection on secure micro controllers. On these targets, a combination of countermeasures makes fault injection less than trivial. We develop fault injection methods to show experimentally that protected smart cards are still vulnerable. We perform power signal guided fault injection, using a triggering mechanism based on real-time pattern recognition. Furthermore, the use of jitter-free diode lasers shows current countermeasures may be inadequate for the near future.

167 citations

Book ChapterDOI
14 Feb 2011
TL;DR: The elastic alignment algorithm for non-linearly warping trace sets in order to align them is designed and investigated and it is shown that misalignment is reduced significantly, and that even under an unstable clock the algorithm is able to perform alignment.
Abstract: To prevent smart card attacks using Differential Power Analysis (DPA), manufacturers commonly implement DPA countermeasures that create misalignment in power trace sets and decrease the effectiveness of DPA. We design and investigate the elastic alignment algorithm for non-linearly warping trace sets in order to align them. Elastic alignment uses FastDTW, originally a method for aligning speech utterances in speech recognition systems, to obtain so-called warp paths that can be used to perform alignment. We show on traces obtained from a smart card with random process interrupts that misalignment is reduced significantly, and that even under an unstable clock the algorithm is able to perform alignment.

150 citations

Book ChapterDOI
14 Feb 2011
TL;DR: A new correlation power attack on RSA's modular exponentiation implementations is introduced, defeating both message blinding and multiply-always countermeasures, and it is demonstrated that cross correlation analysis is efficient on hardware RSA implementations, even in the presence of messages blinding and strong hiding countermeasures.
Abstract: We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always countermeasures. We analyze the correlation between power measurements of two consecutive modular operations, and use this to efficiently recover individual key bits. Based upon simulation and practical application on a state-of-the-art smart card we show the validity of the attack. Further we demonstrate that cross correlation analysis is efficient on hardware RSA implementations, even in the presence of message blinding and strong hiding countermeasures.

95 citations

Book ChapterDOI
27 Feb 2012
TL;DR: It is concluded that Principal Component Analysis can successfully be used as a preprocessing technique to reduce the noise in a trace set and improve the correlation for the correct key guess using Differential Power Analysis attacks.
Abstract: Differential Power Analysis (DPA) is commonly used to obtain information about the secret key used in cryptographic devices. Countermeasures against DPA can cause power traces to be misaligned, which reduces the effectiveness of DPA. Principal Component Analysis (PCA) is a powerful tool, which is used in different research areas to identify trends in a data set. Principal Components are introduced to describe the relationships within the data. The largest principal components capture the data with the largest variance. These Principal Components can be used to reduce the noise in a data set or to transform the data set in terms of these components. We propose the use of Principal Component Analysis to improve the correlation for the correct key guess for DPA attacks on software DES traces and show that it can also be applied for other algorithms. We also introduce a new way of determining key candidates by calculating the absolute average value of the correlation traces after a DPA attack on a PCA-transformed trace. We conclude that Principal Component Analysis can successfully be used as a preprocessing technique to reduce the noise in a trace set and improve the correlation for the correct key guess using Differential Power Analysis attacks.

83 citations

Book ChapterDOI
14 Sep 2011
TL;DR: This paper proposes a new algorithm to align the measurements after this desynchronizing through the variations of the internal clock, random delays, etc.
Abstract: Several countermeasures against side-channel analysis result in misalignment of power traces, in order to make DPA more difficult. In this paper we propose a new algorithm to align the measurements after this desynchronizing through the variations of the internal clock, random delays, etc. The algorithm is based on the ideas of SIFT and U-SURF algorithm that were originally proposed for image recognition. The comparison with other known methods favors our solution in terms of efficiency and computational complexity.

37 citations


Cited by
More filters
Book ChapterDOI
06 Jul 2017
TL;DR: Intel SGX provides a mechanism that addresses this scenario and aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.
Abstract: In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.

327 citations

Book ChapterDOI
25 Sep 2017
TL;DR: This paper proposes an end-to-end profiling attack strategy based on the Convolutional Neural Networks that greatly facilitates the attack roadmap, since it does not require a previous trace realignment nor a precise selection of points of interest.
Abstract: In the context of the security evaluation of cryptographic implementations, profiling attacks (aka Template Attacks) play a fundamental role. Nowadays the most popular Template Attack strategy consists in approximating the information leakages by Gaussian distributions. Nevertheless this approach suffers from the difficulty to deal with both the traces misalignment and the high dimensionality of the data. This forces the attacker to perform critical preprocessing phases, such as the selection of the points of interest and the realignment of measurements. Some software and hardware countermeasures have been conceived exactly to create such a misalignment. In this paper we propose an end-to-end profiling attack strategy based on the Convolutional Neural Networks: this strategy greatly facilitates the attack roadmap, since it does not require a previous trace realignment nor a precise selection of points of interest. To significantly increase the performances of the CNN, we moreover propose to equip it with the data augmentation technique that is classical in other applications of Machine Learning. As a validation, we present several experiments against traces misaligned by different kinds of countermeasures, including the augmentation of the clock jitter effect in a secure hardware implementation over a modern chip. The excellent results achieved in these experiments prove that Convolutional Neural Networks approach combined with data augmentation gives a very efficient alternative to the state-of-the-art profiling attacks.

203 citations

Proceedings ArticleDOI
09 Sep 2012
TL;DR: Reporting actual faults injection induced by EMPs in targets and describing their main properties and explaining the coupling mechanism between the antenna used to produce the EMP and the targeted circuit, which causes the faults.
Abstract: This paper considers the use of electromagnetic pulses (EMP) to inject transient faults into the calculations of a hardware and a software AES. A pulse generator and a 500 um-diameter magnetic coil were used to inject the localized EMP disturbances without any physical contact with the target. EMP injections were performed against a software AES running on a CPU, and a hardware AES (with and without countermeasure) embedded in a FPGA. The purpose of this work was twofold: (a) reporting actual faults injection induced by EMPs in our targets and describing their main properties, (b) explaining the coupling mechanism between the antenna used to produce the EMP and the targeted circuit, which causes the faults. The obtained results revealed a localized effect of the EMP since the injected faults were found dependent on the spatial position of the antenna on top of the circuit's surface. The assumption that EMP faults are related to the violation of the target's timing constraints was also studied and ascertained thanks to the use of a countermeasure based on monitoring such timing violations.

190 citations

Book
01 Jan 2008
TL;DR: This paper presents a meta-analysis of the literature on side-channel attacks of RSA, a real-world attack Breaking A5/1 within hours, and some of the approaches used to solve these problems.
Abstract: Side-Channel Analysis 1.- Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform.- Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs.- Multiple-Differential Side-Channel Collision Attacks on AES.- Implementations 1.- Time-Area Optimized Public-Key Engines: -Cryptosystems as Replacement for Elliptic Curves?.- Ultra High Performance ECC over NIST Primes on Commercial FPGAs.- Exploiting the Power of GPUs for Asymmetric Cryptography.- Fault Analysis 1.- High-Performance Concurrent Error Detection Scheme for AES Hardware.- A Lightweight Concurrent Fault Detection Scheme for the AES S-Boxes Using Normal Basis.- RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks.- Random Number Generation.- A Design for a Physical RNG with Robust Entropy Estimators.- Fast Digital TRNG Based on Metastable Ring Oscillator.- Efficient Helper Data Key Extractor on FPGAs.- Side-Channel Analysis 2.- The Carry Leakage on the Randomized Exponent Countermeasure.- Recovering Secret Keys from Weak Side Channel Traces of Differing Lengths.- Attacking State-of-the-Art Software Countermeasures-A Case Study for AES.- Cryptography and Cryptanalysis.- Binary Edwards Curves.- A Real-World Attack Breaking A5/1 within Hours.- Hash Functions and RFID Tags: Mind the Gap.- Implementations 2.- A New Bit-Serial Architecture for Field Multiplication Using Polynomial Bases.- A Very Compact Hardware Implementation of the MISTY1 Block Cipher.- Light-Weight Instruction Set Extensions for Bit-Sliced Cryptography.- Fault Analysis 2.- Power and Fault Analysis Resistance in Hardware through Dynamic Reconfiguration.- RFID and Its Vulnerability to Faults.- Perturbating RSA Public Keys: An Improved Attack.- Side-Channel Analysis 3.- Divided Backend Duplication Methodology for Balanced Dual Rail Routing.- Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages.- Mutual Information Analysis.- Invited Talks.- RSA-Past, Present, Future.- A Vision for Platform Security.

163 citations

Journal ArticleDOI
TL;DR: An insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks and a guide for selecting a set of countermeasures, which provides a sufficient security level to meet the constraints of the embedded devices.
Abstract: Hardware designers invest a significant design effort when implementing computationally intensive cryptographic algorithms onto constrained embedded devices to match the computational demands of the algorithms with the stringent area, power, and energy budgets of the platforms. When it comes to designs that are employed in potential hostile environments, another challenge arises-the design has to be resistant against attacks based on the physical properties of the implementation, the so-called implementation attacks. This creates an extra design concern for a hardware designer. This paper gives an insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks. We analyze fault attacks from different aspects and expose the mechanisms they employ to reveal a secret parameter of a device. In addition, we classify the existing countermeasures and discuss their effectiveness and efficiency. The result of this paper is a guide for selecting a set of countermeasures, which provides a sufficient security level to meet the constraints of the embedded devices.

159 citations