scholarly journals Side-Channel Evaluation Methodology on Software

Cryptography ◽  
2020 ◽  
Vol 4 (4) ◽  
pp. 27
Author(s):  
Sylvain Guilley ◽  
Khaled Karray ◽  
Thomas Perianin ◽  
Ritu-Ranjan Shrivastwa ◽  
Youssef Souissi ◽  
...  
Keyword(s):  
Source Code ◽  
Use Cases ◽  
Constant Time ◽  
Evaluation Methodology ◽  
Side Channel ◽  
Due Diligence ◽  
Side Channel Attacks ◽  
Common Criteria ◽  
End To End

Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA). Many certification schemes, such as Common Criteria and FIPS 140, continue without addressing side-channel flaws. Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial. In this study we used all due diligence to assess the invulnerability of a given implementation from the shoes of an evaluator. In this work we underline that there are two kinds of SCA: horizontal and vertical. In terms of quotation, measurement and exploitation, horizontal SCA is easier. If traces are constant-time, then vertical attacks become convenient, since there is no need for specific alignment (“value based analysis”). We introduce our new methodology: Vary the key to select sensitive samples, where the values depend upon the key, and subsequently vary the mask to uncover unmasked key-dependent leakage, i.e., the flaws. This can be done in the source code (pre-silicon) for the designer or on the actual traces (post-silicon) for the test-lab. We also propose a methodology for quotations regarding SCA unlike standards that focus on only one aspect (like number of traces) and forgets about other aspects (such as equipment; cf. ISO/IEC 20085-1.

scholarly journals Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography

2019 ◽  
pp. 180-212 ◽  
Author(s):  
Bo-Yeon Sim ◽  
Jihoon Kwon ◽  
Kyu Young Choi ◽  
Jihoon Cho ◽  
Aesun Park ◽  
...  
Keyword(s):  
Power Consumption ◽  
Power Analysis ◽  
Cyclic Code ◽  
Linear Equations ◽  
Constant Time ◽  
Side Channel ◽  
Parity Check ◽  
Side Channel Attacks ◽  
Timing Attacks ◽  
Code Based Cryptography

Chou suggested a constant-time implementation for quasi-cyclic moderatedensity parity-check (QC-MDPC) code-based cryptography to mitigate timing attacks at CHES 2016. This countermeasure was later found to become vulnerable to a differential power analysis (DPA) in private syndrome computation, as described by Rossi et al. at CHES 2017. The proposed DPA, however, still could not completely recover accurate secret indices, requiring further solving linear equations to obtain entire secret information. In this paper, we propose a multiple-trace attack which enables to completely recover accurate secret indices. We further propose a singletrace attack which can even work when using ephemeral keys or applying Rossi et al.’s DPA countermeasures. Our experiments show that the BIKE and LEDAcrypt may become vulnerable to our proposed attacks. The experiments are conducted using power consumption traces measured from ChipWhisperer-Lite XMEGA (8-bit processor) and ChipWhisperer UFO STM32F3 (32-bit processor) target boards.

scholarly journals Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes

10.29007/hhnf ◽  
2018 ◽  
Author(s):  
Inès Ben El Ouahma ◽  
Quentin Meunier ◽  
Karine Heydemann ◽  
Emmanuelle Encrenaz
Keyword(s):  
Source Code ◽  
Side Channel ◽  
Inference Rules ◽  
Side Channel Attacks ◽  
Secret Data ◽  
Source Codes ◽  
Resistance Analysis ◽  
Channel Resistance ◽  
Symbolic Method ◽  
Symbolic Approach

Masking is a popular countermeasure against side-channel attacks, that randomizes secret data with random and uniform variables called masks. At software level, masking is usually added in the source code and its effectiveness needs to be verified. In this paper, we propose a symbolic method to verify side-channel robustness of masked programs. The analysis is performed at the assembly level since compilation and optimizations may alter the added protections. Our proposed method aims to verify that intermediate computations are statistically independent from secret variables using defined distribution inference rules. We verify the first round of a masked AES in 22s and show that some secure algorithms or source codes are not leakage-free in their assembly implementations.

Countermeasure for Cryptographic Chips to Resist Side-Channel Attacks

2009 ◽  
Vol 19 (11) ◽  
pp. 2990-2998 ◽  
Author(s):  
Tao ZHANG ◽  
Ming-Yu FAN
Keyword(s):  
Side Channel ◽  
Side Channel Attacks

scholarly journals ThermalAttackNet: Are CNNs Making It Easy to Perform Temperature Side-Channel Attack in Mobile Edge Devices?

2021 ◽  
Vol 13 (6) ◽  
pp. 146
Author(s):  
Somdip Dey ◽  
Amit Kumar Singh ◽  
Klaus McDonald-Maier
Keyword(s):  
Information Flow ◽  
Heat Dissipation ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Information Flow Control ◽  
On Chip ◽  
Temperature Side ◽  
Over Time ◽  
Memory Efficient

Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this paper, we study how computer vision-based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi-processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.

Sign in / Sign up

Export Citation Format

Share Document