scholarly journals Code Polymorphism Meets Code Encryption: Confidentiality and Side-Channel Protection of Software Components

2021 ◽  
Author(s):  
Lionel Morel ◽  
Damien Courousse ◽  
Thomas Hiscock
Keyword(s):  
Reverse Engineering ◽  
Cyber Attacks ◽  
Side Channel ◽  
Security Level ◽  
Software Components ◽  
Side Channel Attacks ◽  
Sensitive Data ◽  
Prototype Implementation ◽  
Counter Measures ◽  
Observable Behaviour

Cyber-attacks combine several techniques to compromise device's functionality, recover sensitive data or unveil IP design. Combined counter-measures are needed to address these complex attacks as a whole. We address attacks that rely on reverse engineering to recover application code and side-channel attacks to access sensitive data. We present POLEN, a toolchain and a processor architecture that combines two countermeasures: code encryption and code polymorphism to thwart such complex attacks. Code encryption reduces the useful information in memory dumps, preventing reverse engineering, by encrypting machine instructions before its deployment, and instructions are only decrypted inside the CPU. Code polymorphism regularly changes the observable behaviour of the program, making it unpredictable for an attacker, and reducing the possibility to exploit side-channel leakages. Using many configuration parameters, POLEN gives the developer the ability to adapt the security level to its application. We present our prototype implementation, based on the RISC-V Spike simulator and a modified LLVM toolchain. We demonstrate that POLEN reduces side-channel leakages through leakage assessments metrics. We show that POLEN achieves a good level of security against side-channel attacks while maintaining acceptable overheads on program performance.

scholarly journals Serial RRAM Cell for Secure Bit Concealing

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1842
Author(s):  
Binbin Yang ◽  
Daniel Arumí ◽  
Salvador Manich ◽  
Álvaro Gómez-Pau ◽  
Rosa Rodríguez-Montañés ◽  
...  
Keyword(s):  
Reverse Engineering ◽  
Experimental Results ◽  
Side Channel ◽  
Memory Cells ◽  
Side Channel Attacks ◽  
Sensitive Data ◽  
Basic Cell ◽  
Malicious Adversary ◽  
Non Volatile Memory ◽  
Volatile Memory

Non-volatile memory cells are exposed to adversary attacks since any active countermeasure is useless when the device is powered off. In this context, this work proposes the association of two serial RRAM devices as a basic cell to store sensitive data, which could solve this bothersome problem. This cell has three states: ‘1’, ‘0’, and masked. When the system is powered off or the data is not used, the cell is set to the masked state, where the cell still stores a ‘1’ or a ‘0’ but a malicious adversary is not capable of extracting the stored value using reverse engineering techniques. Before reading, the cell needs to be unmasked and it is masked afterwards until the next reading request. The operation of the cell also provides robustness against side-channel attacks. The presented experimental results confirm the validity of the proposal.

A Power Analysis System for Cryptographic Devices

2013 ◽  
Vol 718-720 ◽  
pp. 2376-2382
Author(s):  
Yan Ting Ren ◽  
Li Ji Wu
Keyword(s):  
Normal Mode ◽  
Power Analysis ◽  
Security Analysis ◽  
General Purpose ◽  
Side Channel ◽  
Security Level ◽  
Side Channel Attacks ◽  
Working Models ◽  
Correlation Power Analysis ◽  
Analysis System

In order to test the security of cryptographic devices against Side Channel Attacks (SCA), an automatic general-purpose power analysis system (TH-PAS-01) is designed and implemented. TH-PAS-01 is scalable and can be applied to many cryptographic devices when specific modules are installed. Using the system TH-PAS-01, correlation power analysis (CPA) are carried out on an AES chip under two working models: normal and shuffling mode. The security level of the countermeasure provided by the target chip is verified by TH-PAS-01. The experimental results show that the correct key of the AES chip is obtained with around 50,000 power traces when the chip was working under normal mode, while the whole key bits are not obtained with 960,000 power traces when the chip works under shuffling mode. The automatic general-purpose system TH-PAS-01 is feasible for security analysis on power analysis for cryptographic devices.

Hardware Primitives-Based Security Protocols for the Internet of Things

2019 ◽  
pp. 117-141 ◽  
Author(s):  
Muhammad Naveed Aman ◽  
Kee Chaing Chua ◽  
Biplab Sikdar
Keyword(s):  
Low Cost ◽  
Security Analysis ◽  
Security Protocols ◽  
Hardware Security ◽  
Side Channel ◽  
Data Provenance ◽  
Side Channel Attacks ◽  
Sensitive Data ◽  
Physically Unclonable Functions ◽  
Iot Devices

IoT is the enabling technology for a variety of new exciting services in a wide range of application areas including environmental monitoring, healthcare systems, energy management, transportation, and home and commercial automation. However, the low-cost and straightforward nature of IoT devices producing vast amounts of sensitive data raises many security concerns. Among the cyber threats, hardware-level threats are especially crucial for IoT systems. In particular, IoT devices are not physically protected and can easily be captured by an adversary to launch physical and side-channel attacks. This chapter introduces security protocols for IoT devices based on hardware security primitives called physically unclonable functions (PUFs). The protocols are discussed for the following major security principles: authentication and confidentiality, data provenance, and anonymity. The security analysis shows that security protocols based on hardware security primitives are not only secure against network-level threats but are also resilient against physical and side-channel attacks.

scholarly journals On the Security of Practical Mail User Agents against Cache Side-Channel Attacks

2020 ◽  
Vol 10 (11) ◽  
pp. 3770
Author(s):  
Hodong Kim ◽  
Hyundo Yoon ◽  
Youngjoo Shin ◽  
Junbeom Hur
Keyword(s):  
Third Party ◽  
Side Channel ◽  
Software Components ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
User Agent ◽  
Root Cause ◽  
Private Key ◽  
The Third ◽  
And Control

Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email.

scholarly journals Extending Glitch-Free Multiparty Protocols to Resist Fault Injection Attacks

2018 ◽  
pp. 394-430 ◽  
Author(s):  
Okan Seker ◽  
Abraham Fernandez-Rubio ◽  
Thomas Eisenbarth ◽  
Rainer Steinwandt
Keyword(s):  
Performance Analysis ◽  
Fault Injection ◽  
Side Channel ◽  
Security Level ◽  
Multiparty Computation ◽  
Side Channel Attacks ◽  
Injection Attacks ◽  
Security Proof ◽  
Multiparty Protocols ◽  
Fault Injection Attacks

Side channel analysis and fault attacks are two powerful methods to analyze and break cryptographic implementations. At CHES 2011, Roche and Prouff applied secure multiparty computation to prevent side-channel attacks. While multiparty computation is known to be fault-resistant as well, the particular scheme used for side-channel protection does not currently offer this feature. This work introduces a new secure multiparty circuit to prevent both fault injection attacks and sidechannel analysis. The new scheme extends the Roche and Prouff scheme to make faults detectable. Arithmetic operations have been redesigned to propagate fault information until a new secrecy-preserving fault detection can be performed. A new recombination operation ensures randomization of the output in the case of a fault, ensuring that nothing can be learned from the faulty output. The security of the new scheme is proved in the ISW probing model, using the reformulated t-SNI security notion. Besides the new scheme and its security proof, we also present an extensive performance analysis, including a proof-of-concept, software-based AES implementation featuring the masking technique to resist both fault and side-channel attacks at the same time. The performance analysis for different security levels are given for the ARM-M0+ MCU with its memory requirements. A comprehensive leakage analysis shows that a careful implementation of the scheme achieves the expected security level.

Sign in / Sign up

Export Citation Format

Share Document