Cryptanalysis on FPGA Based Hardware

1
Cryptanalysis on FPGA Based Hardware
Malcolm Alda SumantriBachelors of Engineering
(Software) Bachelors of Commerce (Finance)
SupervisorsMatt BarrieCraig Jin
The University of Sydney
2
Introduction

• Welcome to the Digital Age where everything can
  be replicated!
• Cryptography is used
• To protect our privacy
• For example our real identity, our e-mails to
  family and friends, our digital photos, our work.
• To protect corporate secrets
• For example future corporate strategies,
  intellectual property, pricing information, human
  resources information.
• By governments
• For example sending messages to spies, task
  forces, between agencies to protect civilians and
  against terrorism.
• How secure are our currently deployed
  cryptosystems?

3
Motivation

• Information security is a resource game.
• More funds means more access to information.
• The US National Security Agencys annual budget
  is classified but is said to be over US 13
  billion.
• Assessing the strength of our cryptosystems
  therefore involves determining the cost to break
  them.
• Rapid development in Field Programmable Gate
  Array Technology (FPGA) technology that makes it
  cheaper to develop high-performance custom
  hardware systems. FPGA technology has proven to
  be effective for cryptographic use.
• A recent optimization in cryptanalysis.
• Rainbow Tables

4
Background

• Symmetric Cipher
• Cryptanalysis Code breaking, reveal the
  plaintext without the key.
• Exhaustive Key Search Try every key possible,
  requires large computational power.
• Table Lookup Store keys and ciphertexts in a
  massive tables to perform a lookup when trying to
  attack, requires a large amount of memory
  (infeasible).
• Time-memory trade-off Give up memory to achieve
  a faster attack time.
• FPGAs
• Reconfigurable logic (upload the bitstream to the
  hardware).
• Cheaper than Application Specific Integrated
  Circuits (ASICs) for small volumes.

5
Time-Memory Trade-OffRainbow Tables

• How does it work?
• Assume a chosen-plaintext attack scenario.
• The attacker can choose which plaintext to
  access.
• This attacker will use this to attack the
  cryptosystem.
• This is practical in the real-world (UNIX
  password hashing, include ltstdio.hgt, \n)
• Two Phases
• Precomputation Phase
• Online Attack Phase (Cryptanalytic Attack)
• Precomputation Phase Generate a rainbow table.
• A rainbow table is a two-column table
  (start-point, end-point)
• These points are possible keys.
• This table is generated by a specific algorithm.
• Online Attack Phase Use the rainbow table.
• We are given a ciphertext to break.
• Now we perform a search on the rainbow table by
  using another algorithm
• This method is probabilistic, but faster than
  exhaustive key search.

6
Methodology

• Design and implement an FPGA based cryptanalytic
  system that uses the rainbow tables method of
  cryptanalysis.
• Use the Data Encryption Standard (DES) as the
  test symmetric cipher.
• DES uses a 56-bit key.
• DES is the most widely studied cipher.
• DES is still used today (UNIX password hashing).
• Determine the cost to break DES.
• Extrapolate the cost to break other ciphers.

7
Design I Data Encryption Standard

• In designing a cryptanalytic system, the
  performance of the cipher module will determine
  the performance.
• Security of DES derives from 16 rounds of
  permutations, substitutions and xoring.
• Each round is implemented as a 3-stage pipeline.
  A total of 48-stages for the 16 rounds of DES.
• Pipelining improves performance
• Attain higher clock frequencies.
• Achieve parallelization 48 encryptions per
  clock cycle.

8
Design II The Rainbow Table
Precomputation System
1. High Level System Design
2. Hardware Design
3. Hardware output behavior (Timing Diagram)
9
Design III The Rainbow Table
Online Attack System
1. High Level System Design
2. Hardware Design
3. Mechanism
10
Experiment and Results

• Experiment
• Cryptanalytic attack on 40-bit DES since the
  resources to break DES is out-of-reach for the
  budget in this thesis.
• Use Sensory NetworksTM NodalCoreTM C-1000 PCI
  Card.
• Xilinx Virtex-II Pro VP-40 FPGA
• Flexible chipset architecture to embed our
  hardware engines.
• PCI interface allows for high-speed
  communications.

• Results
• 40-bit DES Rainbow Table can be generated in less
  than 4 hours. Table parameters allows for 85
  cryptanalytic success probability.
• Fastest known implementation in the literature
  based on results.
• Online attack of 40-bit DES in 30.8 seconds.

11
Data Analysis

• Performance-Cost Analysis
• Determine the FPGA chip that provides the highest
  performance for the lowest cost.
• Synthesized the hardware designs for various
  Xilinx FPGAs.
• Spartan 3 S-1500 provides the highest
  performance-cost relative to other Xilinx FPGA
  chips.
• Extrapolate the design of a machine to break DES
  (56-bit key length)
• Result DES can be broken with 85 success
  probability in 72 minutes for an approximate cost
  of US 1,210.

Performance-Cost of Precomputation Hardware System
12
Conclusion

• FPGAs provides a low cost and effective solution
  to cryptanalysis.
• Rainbow table attacks provide a faster attack
  time compared to brute-force, but brute-force
  uses less resources, that is, memory resources.
• For large key sizes, the rainbow table attack
  becomes infeasible as memory costs is prohibitive.