Raspberry Pi üzerinde gerçeklenmiş RSA algoritmasına yan kanal analizi

Abstract

RSA şifreleme algoritması güvenli veri aktarımı için yaygın olarak kullanılan açık anahtarlı şifreleme sistemlerinden biridir. Bu algoritma ilk defa 1978'de Ron Rivest, Adi Shamir ve Len Adleman tarafından açıklanmıştır. Algoritmanın ismi ise bu kişilerin soyadlarının ilk harflerinden oluşmaktadır. RSA şifreleme algoritması verinin şifrelenmesi, şifrelenen verinin çözülmesi ve verinin imzalanması işlemlerinde kullanılmaktadır.Gelişen teknolojiyle beraber bilgilerimizin büyük çoğunluğu elektronik ortama aktarılmaktadır.. Akıllı telefonlarımızı küçük birer bilgisayar gibi düşünebiliriz. Teknolojinin gelişmesi bilginin erişilebilirliğinin arttırmasının yanında bilgi güvenliğinin önemini de artırmaktadır. Bilginin güvenliğinin sağlanması için ilk tercih edilen yöntemlerden biri şifrelemedir. Şifreleme işlemi için standartlaşmış şifreleme algoritmaları kullanılmaktadır. Şifreleme algoritmalarının hepsi bir matematiksel arka plana sahiptir. Günümüzde temel olarak şifreleme algoritması gücünü klasik kriptolojide olduğu gibi algoritmanın gizliliğinden almaz, dayandığı matematiksel arka plandan alır. Örneğin; RSA, gücünü tamsayıların asal çarpanlarına ayırma probleminin zorluğundan alır. Kriptografik sistemlerin dayanıklılığının analizi kriptanalizin çalışma alanıdır. Bununla birlikte yan kanal saldırıları diye tabir edilen algoritmanın gerçeklendiği sistemden sızan ısı, işlem zamanı bilgisi, sistemden çekilen güç, elektromanyetik yayılım gibi verileri kullanan bir yöntem de mevcuttur.Yan kanal saldırıları ilk olarak 1996'da zamanlama analizi konusunda yayınlanan makale ile tehdit olarak kabul edilmeye başlanmıştır. Bu ataklarda sistemin çalışmasına müdahale edilmez. Sistem normal çalışma modunda iken sistemin dışarıya sızdırdığı etkiler (ısı değişimi, işlem zamanı bilgisi, güç tüketimi vs. ) gizli anahtar hakkında bilgi edinilmesini sağlıyorsa bu bilgilere yan kanal bilgileri denir. Temel olarak yan kanal atakları ikiye ayrılır. Basit ataklarda tek bir ölçüm kullanılarak gizli anahtarın tamamı ya da bir parçası elde edilir. Basit ataklarda ölçüm ile yapılan işlem arasında ilişki aranır. Farksal ataklarda ise birden çok ölçüm kullanılarak sistemin sebep olduğu gürültü elimine edilip gizli anahtarla ilgili bilgi edinilir. Bu tür ataklarda ise alınan ölçümler ile işlenen veri arasındaki ilişkiye odaklanılır. Bu tez çalışmasında Raspberry Pi üzerinde gerçeklenen RSA şifreleme algoritmasına Basit Elektromanyetik Analizi (SEMA) ve Farksal Elektromanyetik Analizi (DEMA) saldırıları gerçekleştirilmiştir. Bu atakların gerçekleştirilebilmesi için masaüstü bilgisayar, sayısal osiloskop, Raspberry Pi ve yakın alan alıcısından oluşan ölçüm düzeneği kurulmuştur. Raspberry Pi, üzerinde bir işletim sistemi koşturması ve küçük bir bilgisayar özelliğine sahip olması nedeniyle gürültü seviyesi yüksek bir platformdur. Bu nedenle alınan ölçümlerin analiz edilmesi zorlaşmıştır. Analiz işleminin sonunda RSA algoritması herhangi bir yazılımsal önlem almadan gerçeklenir ve / veya Raspberry Pi üzerinde bir güvenlik önlemi alınmaz ise Raspberry Pi platformunun yan kanal analizi ataklarına açık olduğu görülmüştür.

The RSA encryption algorithm is one of the public key cryptosystems commonly used for secure data transfer. This algorithm was first described by Ron Rivest, Adi Shamir and Len Adleman in 1978. The name of the algorithm consists of the first letters of the surnames of these persons. The RSA encryption algorithm is used for encrypting the data, decrypting the encrypted data and for signing the data.In Today's world, embedded systems are an indispensable part of every device. With the development of the technology, the usage areas of embedded systems have increased. Embedded systems become interconnected on the network with Internet of Things. It is important that embedded systems are secure against attacks, such as side channel analysis, as well as being secure enough against cyber-attacks against the network. With the ever-evolving technology, the vast majority of our knowledge is electronic. We can assume that our smart phones are like a little computer. Raspberry Pi is an ideal embedded system since it is a mini computer as well as being small. The popularity of the Raspberry Pi is increasing day by day with IoT technology.The development of technology not only increases the accessibility of information but also the importance of information security. One of the first preferred methods for security of information is encryption. Standard encryption algorithms are used for encryption. All encryption algorithms have a strong mathematical background. Basically, the encryption algorithm takes the power from the mathematical background that it does not get from the secrecy of the algorithm. For example; RSA is based on the difficulty of integrating integer multipliers. The analysis of the resistant of cryptographic systems is the working area of cryptanalysis. However, there is also a method that uses data such as heat leaked from the system, the processing time information, power consumption of the system, electromagnetic emission. These are side channel informations leaked unintentionally from the platform that algorithm implemented. This method called side channel attacks which is a kind of cryptanalysis.Side channel attacks were first introduced as a threat in 1996 with an article on timing analysis. This attacks will not interfere with the operation of the system. This information is called side channel information if the system is able to obtain information about the leaked effects (heat exchange, process time information, power consumption, etc.) while the system is in normal operating mode. Along with this approach, it has been revealed that besides mathematical testing of cryptographic algorithms, it should be tested against possible weaknesses based on realization.Basically, side channel attacks are divided into two. In simple attacks, all or part of the secret key is obtained using a single measurement. In simple attacks, the relationship between the measurement and the process is sought. In case of differential attacks, the noise caused by the system is eliminated by using multiple measurements and information about the secret key is obtained by filtering and correlation analysis. In such cases, the focus is on the relationship between the measurements taken and the data processed. In this study, the security of the RSA algorithm implemented on Raspberry Pi against electromagnetic side channel attack has been evaluated. On the Raspberry Pi platform, fast exponential and always square and multiply algorithms are implemented for the RSA encryption algorithm.Complementary metal oxide semiconductors (CMOS) are frequently used in the implementation of electronic circuits. The total power consumption of the circuits is divided into dynamic and static power consumption. Dynamic power consumption is more dominant in CMOS inverters. The power consumption at time when the transistor output is unchanged gives static power consumption while the power consumption at the time when the output of the transistor changes is dynamic power consumption. It is known that the change in the output value of the CMOS gate causes the instantaneous current change. In addition to the instantaneous current change, electromagnetic propagation also occurs. The electromagnetic radiation varies according to the processed data or the processing carried out. Electromagnetic radiation can be measured in terms of antennas. Electromagnetic radiation obtained by antennas is used as side channel information for electromagnetic analysis attacks.Electromagnetic radiation analysis attacks are divided into simple electromagnetic analysis attacks and differential electromagnetic analysis attacks. In simple electromagnetic analysis attacks, the attacker tries to capture the whole or part of the secret key using a single measurement. Differential electromagnetic analysis attacks are used in cases where the measurement noise is excessive, noise is destroyed using many measurements. The relationship between processed data and power consumption are investigated using statistical methods.A measurement system consisting of a desktop computer, a digital oscilloscope, a Raspberry Pi and a near field high precision EM probe has been set up to perform these attacks. The high-precision EM probe is ideal for receiving low-voltage electromagnetic emissions. This probe is connected to channel of the oscilloscope. One of the general-purpose input output pins of Raspberry Pi is connected to a channel of the oscilloscope. This channel triggers the oscilloscope to start measurement.When the oscilloscope detects the voltage increase at the general-purpose input / output pins, it takes the electromagnetic emission and records it in binary format. Then it is transferred to another computer for signal analysis in MATLAB. An operating system is running on the Raspberry Pi and it has small computer feature, this situation increased the noise level and it made it difficult to analyze the measurements taken. At the end of the analysis process, if the RSA algorithm is not implemented correctly and / or if any countermeasure is not applied on Raspberry Pi, it is seen that Raspberry Pi platform is vulnerable to side channel analysis attacks.In this thesis, Simple Electromagnetic Analysis (SEMA) and Differential Electromagnetic Analysis (DEMA) attacks were performed on the RSA encryption algorithm implemented on Raspberry Pi. Using the SEMA attack, it has been shown that all key bits can be obtained by a single measurement in a countermeasure-free implementation. It is seen that the key can't be obtained using SEMA by implementing the algorithm resistant to SEMA attack. The DEMA attack is implemented by increasing the number of measurements and using the correlation analysis. It is seen that the bit value of the key can be obtained by DEMA attack. This study is proof that the Raspberry Pi platform has no countermeasure against the side channel analysis attacks.