International Association for Cryptologic Research

International Association
for Cryptologic Research


Claire Whelan


Side Channel Analysis of Practical Pairing Implementations: Which Path is More Secure?
Claire Whelan Mike Scott
We present an investigation into the security of three practical pairing algorithms; the Tate, Eta and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, yet no in depth side channel analysis has yet appeared in the literature. Since the secret parameter input to the pairing can potentially be entered in either of the two possible positions, there exist two avenues of attack, i.e. e(P,Q) or e(Q,P) where P is public and Q is private. We analyse the core operations fundamental to pairings and not only highlight how each implementation may potentially succumb to a side channel attack, but also show how one path is more susceptible than the other in Tate and Ate. For those who wish to deploy pairing based systems we make a simple suggestion to improve resistance to side channel attacks.
The Sorcerer?s Apprentice Guide to Fault Attacks
The effect of faults on electronic systems has been studied since the 1970s when it was noticed that radioactive particles caused errors in chips. This led to further research on the effect of charged particles on silicon, motivated by the aerospace industry who was becoming concerned about the effect of faults in airborn electronic systems. Since then various mechanisms for fault creation and propagation have been discovered and researched. This paper covers the various methods that can be used to induce faults in semiconductors and exploit such errors maliciously. Several examples of attacks stemming from the exploiting of faults are explained. Finally a series of countermeasures to thwart these attacks are described.
Mobile Terminal Security
The miniaturization of electronics and recent developments in biometric and screen technologies will permit a pervasive presence of embedded systems. This - and the inclusion of networking capabilities and IP addresses in many handheld devices - will foster the widespread deployment of personal mobile equipment.\smallskip This work attempts to overview these diverse aspects of mobile device security. We will describe mobile networks' security (WLAN and WPAN security, GSM and 3GPP security) and address platform security issues such as bytecode verification for mobile equipment and protection against viruses and Trojan horses in mobile environment - with a concrete J2ME implementation example. Finally we will turn to hardware attacks and briefly survey the physical weaknesses that can be exploited to compromise mobile equipment.\smallskip
Experimenting with Faults, Lattices and the DSA
We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce k used for generating the signature: k will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given sufficiently many signatures such that a few bits of each corresponding k are known. In practice, when one byte of each k is zeroed, 27 signatures are sufficient to disclose the private key. The more bytes of k we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures.