Grin logo
Go to shop Computer Science - IT-Security

An Improved Modular Exponentiation To Resist Power Analysis Attacks

Title: An Improved Modular Exponentiation To Resist Power Analysis Attacks

Master's Thesis , 2019 , 60 Pages , Grade: A

Autor:in: Moushumi Barman (Author)

Computer Science - IT-Security
Excerpt & Details   Look inside the ebook

Modular exponentiation has been the primary operation in most of the asymmetric cryptosystems. However, for large exponents which serves as the keys for encryption and decryption, conventional way to compute modular exponentiation is very time consuming. Hence, different binary methods based on bit wise "squaring-multiplication" operations is more widely used. However, these approaches are vulnerable to side-channel attacks, specially timing and power analysis attacks. Hence, these approaches are improved so that such attacks can be mitigated.
Two processes have been designed based on "Multiply-Always" binary method which injects dummy multiplications so that the original multiplications can remain intact. The two processes are being invoked based on a random variable which generates either 0 or 1. With these randomized modular exponentiation, the proposed approach can resist simple and differential power analysis attacks to a large extent. The proposed approach has been implemented using conventional "squaring-multiplication" and "Montgomery-Ladder" methods. Further, the work has also been extended to CRT-RSA which is widely used for fast computation. The analysishas been done for different key sizes of 1024 bit, 1536 bit and 2048 bit RSA & CRT-RSA.

Excerpt


Table of Contents

  • ABSTRACT
  • LIST OF TABLES
  • LIST OF FIGURES
  • ABBREVIATIONS
  • NOMENCLATURE
  • 1 INTRODUCTION
    • 1.1 Cryptography and attacks on Cryptosystem
    • 1.2 Side-Channel Attacks
      • 1.2.1 Timing Attacks
      • 1.2.2 Electromagnetic Attacks
      • 1.2.3 Fault Analysis Attacks
      • 1.2.4 Power Analysis Attacks
    • 1.3 Countermeasures
      • 1.3.1 Software-based Approach
      • 1.3.2 Hardware-based Approach
    • 1.4 Objective of the Project
  • 2 Power Analysis Attacks and Countermeasures
    • 2.1 Power Analysis Attack
      • 2.1.1 Simple Power Analysis Attacks:
      • 2.1.2 Differential Power Analysis Attacks:
    • 2.2 Power Analysis Attacks on Smart Card
    • 2.3 Countermeasures
  • 3 LITERATURE SURVEY
    • 3.1 The RSA Cryptosystem
    • 3.2 Implementing Modular Exponentiations
    • 3.3 DPA Attacks on Modular Exponentiation
    • 3.4 Resisting Modular Exponentiation against DPA attacks
  • 4 Proposed Work
    • 4.1 Generating processes
    • 4.2 Randomization
    • 4.3 Proposed Algorithm
    • 4.4 Implementation in CRT-RSA
    • 4.5 Security Analysis
  • 5 Result and Analysis
    • 5.1 Experimental Environment and Test Bench
    • 5.2 System Configuration
    • 5.3 The PKCS v2.1.10 Test Bench
      • 5.3.1 1024 bit RSA
      • 5.3.2 1536 bit RSA
      • 5.3.3 2048 bit RSA
    • 5.4 Complexity Analysis
    • 5.5 Average Computation Time
  • 6 Conclusion and future work
  • A LIST OF PUBLICATIONS

Objective & Key Themes

The primary objective of this work is to introduce and analyze an improved modular exponentiation approach designed to effectively resist various power analysis attacks, such as Simple Power Analysis (SPA) and Differential Power Analysis (DPA), in asymmetric cryptosystems like RSA and CRT-RSA.

  • Improved modular exponentiation for cryptographic security.
  • Resistance against side-channel attacks, particularly power analysis.
  • Application in RSA and CRT-RSA cryptosystems.
  • Introduction of randomization and dummy operations in algorithms.
  • Analysis of security and computational complexity for different key sizes.
  • Development of software-based countermeasures against physical attacks.

Excerpt from the Book

1.2 Side-Channel Attacks

Side-channel analysis refers to analysis of those properties which are independent of the cryptographic algorithms but of cryptographic devices. These analyses are made on power consumption, computation time, electro-magnetic effects etc. that leaks from a device. When these analyses are done to challenge the strength of a cryptographic algorithm in a device, they are termed as Side-Channel Attack (SCA). SCA depend on information collected from the physical system being used to encrpyt or decrypt. Successful side-channel attacks use the encrpytion process nor the plaintext to the encrypted but rather may be related to the amount of time it takes for a system to respond to queries, the amount of power consumed by encrypting system. It is a form of reverse engineering. Electronic circuits are inherently leaky-they produce emissions as byproducts that make it possible for an attacker without access to the circuitry itself to deduce how the circuit works and what data it is processing. Some widely used side channel attacks are power analysis attacks, timing attacks, EM attacks, fault attacks etc. In asymmetric cryptosystem two different keys are generated to encrypt and decrypt the data. One kind of asymmetric cryptographic algorithm is Rivest-Shamir-Adleman (RSA) developed in 1977. RSA consists three phases they are:-

For performing encryption and decryption, two different keys are used. The key that is used for encryption and which is known to everyone is called "public-key". The key that is known by receiver only and remains secret is called "private-key". As RSA

1.2.1 Timing Attacks

In a computer system, every logical operations performs take time and that time depends on the input provides in a sysytem. Timing attack is the attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute the cryptographic algorithms. Due to optimization, the cryptographic algotithm performs computation during execution in non-constant time. Involvement of such computation provides a secret parameters, that leads to variation in time, such variations of time can leak some data and give enough informstiom of the usage which as a type of statiscal analysis it could even prompt the entire retrieval of secret parameters.Timing attack is a technique to exploit the time variance of cryptographic operations. Attacker uses timing attack to obtain user's personal data by attentively measuring the time take by the user's to perform cryptographic operations [36]. Figure 1.3 gives a conceptual view of timing attack.

Chapter Summaries

ABSTRACT: This section summarizes the problem of modular exponentiation vulnerability to side-channel attacks and introduces a proposed randomized "Multiply-Always" binary method with dummy multiplications to resist these attacks, analyzed for RSA and CRT-RSA.

1 INTRODUCTION: This chapter discusses the growing threat of cyber attackers and hackers in data security, emphasizing the need for robust information security measures, especially cryptography, against various attack types.

2 POWER ANALYSIS ATTACKS AND COUNTERMEASURES: This chapter details different types of power analysis attacks, including Simple Power Analysis (SPA) and Differential Power Analysis (DPA), and explores various software and hardware-based countermeasures designed to mitigate these vulnerabilities.

3 LITERATURE SURVEY: This chapter reviews the RSA cryptosystem, methods for implementing modular exponentiation, existing DPA attacks on these implementations, and previous techniques for resisting such attacks.

4 PROPOSED WORK: This chapter presents a new approach for secured modular exponentiation by incorporating randomization and dummy operations within the "multiply-always" and "Montgomery-ladder" binary methods to resist power analysis attacks, also extended to CRT-RSA.

5 RESULT AND ANALYSIS: This chapter describes the experimental environment, PKCS test benches, and presents computational analysis results for the proposed algorithms against existing countermeasures in RSA and CRT-RSA, demonstrating their effectiveness.

6 CONCLUSION AND FUTURE WORK: This chapter summarizes the proposed modular exponentiation approach as an effective countermeasure against power analysis attacks and outlines future work involving the merging of blinding and randomization techniques for enhanced security.

Keywords

Modular Exponentiation, Power Analysis Attacks, Side-Channel Attacks, RSA, CRT-RSA, Cryptography, Randomization, Dummy Operations, Smart Cards, Security, Countermeasures, Timing Attacks, Differential Power Analysis, Information Security.

Frequently Asked Questions

What is this work fundamentally about?

This work is fundamentally about improving the security of modular exponentiation, a core operation in asymmetric cryptosystems like RSA, by making it more resistant to power analysis attacks.

What are the central thematic areas?

The central thematic areas include cryptography, side-channel attacks (specifically power analysis attacks), modular exponentiation, RSA and CRT-RSA cryptosystems, and the design of cryptographic countermeasures through randomization and dummy operations.

What is the primary objective or research question?

The primary objective is to introduce a new approach to compute modular exponentiation that can effectively resist various power analysis attacks, by designing algorithms based on randomized dummy operations.

Which scientific method is used?

The scientific method employed involves the design and implementation of new algorithms (Proposed Algorithms 6 & 7), followed by an experimental analysis of their performance and security against existing attacks, using test benches like PKCS v2.1.10 and comparing results with other methods.

What is covered in the main part?

The main part of the work covers an introduction to cryptographic attacks, a literature review of modular exponentiation and DPA attacks, the detailed explanation of the proposed randomized algorithms, their implementation in CRT-RSA, and a comprehensive security and complexity analysis with experimental results.

Which keywords characterize the work?

The work is characterized by keywords such as Modular Exponentiation, Power Analysis Attacks, Side-Channel Attacks, RSA, CRT-RSA, Cryptography, Randomization, Dummy Operations, Smart Cards, Security, Countermeasures, Timing Attacks, Differential Power Analysis, and Information Security.

How does the proposed approach resist power analysis attacks?

The proposed approach resists power analysis attacks by injecting dummy multiplication operations into the squaring and multiplication processes, and by randomly choosing between two designed processes, which makes it difficult to distinguish actual operations from power traces.

What cryptographic systems are specifically targeted by this work?

This work specifically targets the RSA (Rivest-Shamir-Adleman) cryptosystem and its variant, CRT-RSA (Chinese Remainder Theorem-RSA), which are widely used asymmetric cryptographic algorithms.

What are the main binary methods improved by the proposed algorithms?

The proposed algorithms are designed based on improvements to two popular binary methods for modular exponentiation: the "Multiply-Always" method and the "Montgomery-Ladder" algorithm.

What kind of attacks can the proposed algorithm resist?

The proposed algorithms are shown to resist Simple Power Analysis (SPA), single trace attacks, doubling attacks, and other specific attacks mentioned in the literature, by obscuring data-dependent power consumption patterns.

Excerpt out of 60 pages  - scroll top

Details

Title
An Improved Modular Exponentiation To Resist Power Analysis Attacks
Course
Computer Science and Engineering
Grade
A
Author
Publication Year
2019
Pages
60
Catalog Number
V1609477
ISBN (PDF)
9783389156100
ISBN (Book)
9783389156117
Language
English
Tags
Side Channel attack cyber attack
Product Safety
GRIN Publishing GmbH
Quote paper
Moushumi Barman (Author), 2019, An Improved Modular Exponentiation To Resist Power Analysis Attacks, Munich, GRIN Verlag, https://www.grin.com/document/1609477