scholarly journals Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes

10.29007/hhnf ◽  
2018 ◽  
Author(s):  
Inès Ben El Ouahma ◽  
Quentin Meunier ◽  
Karine Heydemann ◽  
Emmanuelle Encrenaz
Keyword(s):  
Source Code ◽  
Side Channel ◽  
Inference Rules ◽  
Side Channel Attacks ◽  
Secret Data ◽  
Source Codes ◽  
Resistance Analysis ◽  
Channel Resistance ◽  
Symbolic Method ◽  
Symbolic Approach

Masking is a popular countermeasure against side-channel attacks, that randomizes secret data with random and uniform variables called masks. At software level, masking is usually added in the source code and its effectiveness needs to be verified. In this paper, we propose a symbolic method to verify side-channel robustness of masked programs. The analysis is performed at the assembly level since compilation and optimizations may alter the added protections. Our proposed method aims to verify that intermediate computations are statistically independent from secret variables using defined distribution inference rules. We verify the first round of a masked AES in 22s and show that some secure algorithms or source codes are not leakage-free in their assembly implementations.

scholarly journals Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Huizhong Li ◽  
Guang Yang ◽  
Jingdian Ming ◽  
Yongbin Zhou ◽  
Chengbin Jin
Keyword(s):  
The Other ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Lightweight Cryptography ◽  
Security Assurance ◽  
Channel Resistance ◽  
Cryptographic Algorithms ◽  
Transparency Order ◽  
Comprehensive Study

AbstractSide-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations. In most cases, non-linear components (e.g. S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs). In order to measure side-channel resistance of S-Boxes, three theoretical metrics are proposed and they are reVisited transparency order (VTO), confusion coefficients variance (CCV), and minimum confusion coefficient (MCC), respectively. However, the practical effectiveness of these metrics remains still unclear. Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples, this paper takes a comprehensive study of the applicability of these metrics. First of all, we empirically investigate the relations among three metrics for targeted S-boxes, and find that CCV is almost linearly correlated with VTO, while MCC is inconsistent with the other two. Furthermore, in order to verify which metric is more effective in which scenarios, we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks, respectively. The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks, VTO and CCV are more reliable while MCC fails. We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs. Finally, we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes. Unfortunately, all of them are invalid in this scenario.

scholarly journals Secure Triple Track Logic Robustness Against Differential Power and Electromagnetic Analyses

2009 ◽  
Vol 4 (1) ◽  
pp. 20-28
Author(s):  
V. Lomné ◽  
A. Dehbaoui ◽  
T. Ordas ◽  
P. Maurine ◽  
L. Torres ◽  
...  
Keyword(s):  
Power Analysis ◽  
Design Guidelines ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Secret Data ◽  
Differential Power Analysis ◽  
Basic Concepts

Side channel attacks (SCA) are known to be efficient techniques to retrieve secret data. In this context, this paper concerns the evaluation of the robustness of secure triple track logic (STTL) against power and electromagnetic analyses on FPGA devices. More precisely, it aims at demonstrating that the basic concepts behind STTL are valid in general and particularly for FPGAs. Also, the paper shows that this new logic may provide interesting design guidelines to get circuits that are resistant to differential power analysis (DPA) attacks which and also more robust against differential electromagnetic attacks (DEMA).

scholarly journals Side-Channel Evaluation Methodology on Software

Cryptography ◽  
2020 ◽  
Vol 4 (4) ◽  
pp. 27
Author(s):  
Sylvain Guilley ◽  
Khaled Karray ◽  
Thomas Perianin ◽  
Ritu-Ranjan Shrivastwa ◽  
Youssef Souissi ◽  
...  
Keyword(s):  
Source Code ◽  
Use Cases ◽  
Constant Time ◽  
Evaluation Methodology ◽  
Side Channel ◽  
Due Diligence ◽  
Side Channel Attacks ◽  
Common Criteria ◽  
End To End

Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA). Many certification schemes, such as Common Criteria and FIPS 140, continue without addressing side-channel flaws. Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial. In this study we used all due diligence to assess the invulnerability of a given implementation from the shoes of an evaluator. In this work we underline that there are two kinds of SCA: horizontal and vertical. In terms of quotation, measurement and exploitation, horizontal SCA is easier. If traces are constant-time, then vertical attacks become convenient, since there is no need for specific alignment (“value based analysis”). We introduce our new methodology: Vary the key to select sensitive samples, where the values depend upon the key, and subsequently vary the mask to uncover unmasked key-dependent leakage, i.e., the flaws. This can be done in the source code (pre-silicon) for the designer or on the actual traces (post-silicon) for the test-lab. We also propose a methodology for quotations regarding SCA unlike standards that focus on only one aspect (like number of traces) and forgets about other aspects (such as equipment; cf. ISO/IEC 20085-1.

Countermeasure for Cryptographic Chips to Resist Side-Channel Attacks

2009 ◽  
Vol 19 (11) ◽  
pp. 2990-2998 ◽  
Author(s):  
Tao ZHANG ◽  
Ming-Yu FAN
Keyword(s):  
Side Channel ◽  
Side Channel Attacks

scholarly journals Online Judging Platform Utilizing Dynamic Plagiarism Detection Facilities

Computers ◽  
2021 ◽  
Vol 10 (4) ◽  
pp. 47
Author(s):  
Fariha Iffath ◽  
A. S. M. Kayes ◽  
Md. Tahsin Rahman ◽  
Jannatul Ferdows ◽  
Mohammad Shamsul Arefin ◽  
...  
Keyword(s):  
Source Code ◽  
Large Data ◽  
Large Data Sets ◽  
Detection Technique ◽  
Data Sets ◽  
Plagiarism Detection ◽  
Source Codes ◽  
Efficient Detection ◽  
Mathematical Problems ◽  
Automatic Scoring

A programming contest generally involves the host presenting a set of logical and mathematical problems to the contestants. The contestants are required to write computer programs that are capable of solving these problems. An online judge system is used to automate the judging procedure of the programs that are submitted by the users. Online judges are systems designed for the reliable evaluation of the source codes submitted by the users. Traditional online judging platforms are not ideally suitable for programming labs, as they do not support partial scoring and efficient detection of plagiarized codes. When considering this fact, in this paper, we present an online judging framework that is capable of automatic scoring of codes by detecting plagiarized contents and the level of accuracy of codes efficiently. Our system performs the detection of plagiarism by detecting fingerprints of programs and using the fingerprints to compare them instead of using the whole file. We used winnowing to select fingerprints among k-gram hash values of a source code, which was generated by the Rabin–Karp Algorithm. The proposed system is compared with the existing online judging platforms to show the superiority in terms of time efficiency, correctness, and feature availability. In addition, we evaluated our system by using large data sets and comparing the run time with MOSS, which is the widely used plagiarism detection technique.

scholarly journals ThermalAttackNet: Are CNNs Making It Easy to Perform Temperature Side-Channel Attack in Mobile Edge Devices?

2021 ◽  
Vol 13 (6) ◽  
pp. 146
Author(s):  
Somdip Dey ◽  
Amit Kumar Singh ◽  
Klaus McDonald-Maier
Keyword(s):  
Information Flow ◽  
Heat Dissipation ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Information Flow Control ◽  
On Chip ◽  
Temperature Side ◽  
Over Time ◽  
Memory Efficient

Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this paper, we study how computer vision-based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi-processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.

Sign in / Sign up

Export Citation Format

Share Document