On the Worst-Case Side-Channel Security of ECC Point Randomization in Embedded Devices

Side-channel analysis and fault injection attacks are two typical threats to cryptographic implementations, especially in modern embedded devices. Thus there is an insistent demand for dual side-channel and fault injection protections. As it is known, masking scheme is a kind of provable countermeasures against side-channel attacks. Recently, inner product masking (IPM) was proposed as a promising higher-order masking scheme against side-channel analysis, but not for fault injection attacks. In this paper, we devise a new masking scheme named IPM-FD. It is built on IPM, which enables fault detection. This novel masking scheme has three properties: the security orders in the word-level probing model, bit-level probing model, and the number of detected faults. IPM-FD is proven secure both in the word-level and in the bit-level probing models, and allows for end-to-end fault detection against fault injection attacks.Furthermore, we illustrate its security order by linking it to one defining parameters of linear code, and show its implementation cost by applying IPM-FD to AES-128.

Download Full-text

Design Time Engineering of Side Channel Resistant Cipher Implementations

Theory and Practice of Cryptography Solutions for Secure Information Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-4030-6.ch006 ◽

2013 ◽

pp. 133-157 ◽

Cited By ~ 1

Author(s):

Alessandro Barenghi ◽

Luca Breveglieri ◽

Fabrizio De Santis ◽

Filippo Melzani ◽

Andrea Palomba ◽

...

Keyword(s):

Power Consumption ◽

Information Leakage ◽

Smart Phones ◽

Mobile Systems ◽

Side Channel ◽

Security Level ◽

Embedded Devices ◽

Design Time ◽

Secret Keys ◽

Channel Information

Dependable and trustworthy security solutions have emerged as a crucial requirement in the specification of the applications and protocols employed in modern Information Systems (IS). Threats to the security of embedded devices, such as smart phones and PDAs, have been growing since several techniques exploiting side-channel information leakage have proven successful in recovering secret keys even from complex mobile systems. This chapter summarizes the side-channel techniques based on power consumption and elaborates the issue of the design time engineering of a secure system, through the employment of the current hardware design tools. The results of the analysis show how these tools can be effectively used to understand possible vulnerabilities to power consumption side-channel attacks, thus providing a sound conservative margin on the security level. The possible extension of this methodology to the case of fault attacks is also sketched.

Download Full-text

The Uncertainty of Side-channel Analysis: A Way to Leverage from Heuristics

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3446997 ◽

2021 ◽

Vol 17 (3) ◽

pp. 1-27

Author(s):

Unai Rioja ◽

Servio Paguada ◽

Lejla Batina ◽

Igor Armendariz

Keyword(s):

Six Sigma ◽

Security Analysis ◽

Side Channel ◽

Security Analysts ◽

Embedded Devices ◽

Side Channel Analysis ◽

Analysis Process ◽

Channel Analysis ◽

Optimal Values ◽

Six Sigma Methodology

Performing a comprehensive side-channel analysis evaluation of small embedded devices is a process known for its variability and complexity. In real-world experimental setups, the results are largely influenced by a huge amount of parameters, some of which are not easily adjusted without trial and error and are heavily relying on the experience of professional security analysts. In this article, we advocate the usage of an existing statistical methodology called Six Sigma (6 ) for side-channel analysis optimization. This well-known methodology is commonly used in other industrial fields, such as production and quality engineering, to reduce the variability of industrial processes. We propose a customized Six Sigma methodology, which allows even a less-experienced security analysis to select optimal values for the different variables that are critical for the side-channel analysis procedure. Moreover, we show how our methodology helps in improving different phases in the side-channel analysis process.

Download Full-text

Performance Assessment of Linux Kernels with PREEMPT_RT on ARM-Based Embedded Devices

Electronics ◽

10.3390/electronics10111331 ◽

2021 ◽

Vol 10 (11) ◽

pp. 1331

Author(s):

George K. Adam ◽

Nikos Petrellis ◽

Lambros T. Doulos

Keyword(s):

Real Time ◽

Performance Metrics ◽

Evaluation Methodology ◽

Performance Measurements ◽

Periodic Tasks ◽

Embedded Devices ◽

Worst Case ◽

Time Performance ◽

Software Modules ◽

Response Task

This work investigates the real-time performance of Linux kernels and distributions with a PREEMPT_RT real-time patch on ARM-based embedded devices. Experimental measurements, which are mainly based on heuristic methods, provide novel insights into Linux real-time performance on ARM-based embedded devices (e.g., BeagleBoard and RaspberryPi). Evaluations of the Linux real-time performance are based on specific real-time software measurement modules, developed for this purpose, and the use of a standard benchmark tool, cyclictest. Software modules were designed upon the introduction of a new response task model, an innovative aspect of this work. Measurements include the latency of response tasks at user and kernel space, the response on the execution of periodic tasks, the maximum sustained frequency and general latency performance metrics. The results show that in such systems the PREEMPT_RT patch provides more improved real-time performance than the default Linux kernels. The latencies and particularly the worst-case latencies are reduced with real-time support, thus making such devices running Linux with PREEMPT_RT more appropriate for use in time-sensitive embedded control systems and applications. Furthermore, the proposed performance measurements approach and evaluation methodology could be applied and deployed on other Linux-based real-time platforms.

Download Full-text

PRIMER: Profiling Interrupts using Electromagnetic Side-Channel for Embedded Devices

IEEE Transactions on Computers ◽

10.1109/tc.2021.3109457 ◽

2021 ◽

pp. 1-1

Author(s):

Moumita Dey ◽

Baki Berkay Yilmaz ◽

Milos Prvulovic ◽

Alenka Zajic

Keyword(s):

Side Channel ◽

Embedded Devices

Download Full-text

Galois LFSR, Embedded Devices and Side Channel Weaknesses

Progress in Cryptology - INDOCRYPT 2006 - Lecture Notes in Computer Science ◽

10.1007/11941378_31 ◽

2006 ◽

pp. 436-451 ◽

Cited By ~ 6

Author(s):

Antoine Joux ◽

Pascal Delaunay

Keyword(s):

Side Channel ◽

Embedded Devices

Download Full-text

It Started with Templates: The Future of Profiling in Side-Channel Analysis

Security of Ubiquitous Computing Systems ◽

10.1007/978-3-030-10591-4_8 ◽

2021 ◽

pp. 133-145

Author(s):

Lejla Batina ◽

Milena Djukanovic ◽

Annelie Heuser ◽

Stjepan Picek

Keyword(s):

Machine Learning ◽

Supervised Machine Learning ◽

Machine Learning Techniques ◽

Side Channel ◽

Side Channel Attacks ◽

Worst Case ◽

Learning Techniques ◽

The Future ◽

First Results ◽

Channel Analysis

AbstractSide-channel attacks (SCAs) are powerful attacks based on the information obtained from the implementation of cryptographic devices. Profiling side-channel attacks has received a lot of attention in recent years due to the fact that this type of attack defines the worst-case security assumptions. The SCA community realized that the same approach is actually used in other domains in the form of supervised machine learning. Consequently, some researchers started experimenting with different machine learning techniques and evaluating their effectiveness in the SCA context. More recently, we are witnessing an increase in the use of deep learning techniques in the SCA community with strong first results in side-channel analyses, even in the presence of countermeasures. In this chapter, we consider the evolution of profiling attacks, and subsequently we discuss the impacts they have made in the data preprocessing, feature engineering, and classification phases. We also speculate on the future directions and the best-case consequences for the security of small devices.

Download Full-text