PhD Defense by Monjur Alam

Event Details
  • Date/Time:
    • Friday September 6, 2019
      1:00 pm - 3:00 pm
  • Location: Klaus 3100
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: Making Crypto Libraries Robust Against Physical Side-Channel Attacks

Full Summary: No summary paragraph submitted.

Title: Making Crypto Libraries Robust Against Physical Side-Channel Attacks

 

Monjur Alam

Ph.D. Candidate in Computer Science

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Friday, September 6, 2019

Time: 13:00 - 15:00 (EST)

Location: Klaus 3100

 

 

Committee:

Dr. Milos Prvulovic (Advisor), School of Computer Science, Georgia Institute of Technology

Dr. Alenka Zajic(Co-advisor), School of Computer Science, Georgia Institute of Technology

Dr. Alexandra Boldyreva, School of Computer Science, Georgia Institute of Technology

Dr. Raheem Beyah, School of Computer Science, Georgia Institute of Technology

Dr. Angelos Keromytis, School of Electrical and Computer Engineering, Georgia Institute of Technology

 

 

Abstract:

The connection between theoretical and applied cryptography is often not well established due to difficulties in translating the theoretical security proofs to real world software and hardware implementations. Physical side-channel cryptanalysis is a very effective approach to break a secure cryptographic system. Most side-channel attacks on cryptographic primitives and implementations rely on different control flow or memory access patterns. As a countermeasure, the cryptographic community has established the notion of constant time program code which avoids secret-dependent control flow and data access patterns.

 

This thesis focuses on detailing a set of new techniques to exploit widely used open sources for software implementations of cryptographic primitives.  First, we present One&Done,  a side-channel attack that is based on the analysis of signals that correspond to the brief computation activity that computes the value of each window during exponentiation, i.e. activity between large-integer multiplications. As the attack is message-independent, it makes the attack completely immune to existing countermeasures that focus on thwarting chosen-ciphertext attacks and/or square/multiply sequence analysis. Second, we present Nonce@Once, the first side-channel attack that recovers the secret scalar from the electromagnetic signal that corresponds to a single signing operation in current versions of Libgcrypt, OpenSSL. Our attack uses the signal differences created by systematic differences in operand values during a conditional swap operation itself to recover each bit of the secret. We also propose a mitigation that randomizes the exclusive-or mask in the conditional swap operation, is effective in preventing this and similar attacks. Next, we present a physical side-channel attack on DSA implementation, which utilizes constant-time fixed-window (m-ary) modular exponentiation. We demonstrated different implementation aspects and their effects as countermeasures which embrace the importance of re-thinking before designing and implementing PKC, in general. Lastly, We present the security issues on NAF based OpenSSL's ECDSA implementation.

Additional Information

In Campus Calendar
No
Groups

Graduate Studies

Invited Audience
Faculty/Staff, Public, Graduate students, Undergraduate students
Categories
Other/Miscellaneous
Keywords
Phd Defense
Status
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Aug 23, 2019 - 8:58am
  • Last Updated: Aug 23, 2019 - 8:58am