Share-slicing: Friend or Foe?

Masking is a well loved and widely deployed countermeasure against side channel attacks, in particular in software. Under certain assumptions (w.r.t. independence and noise level), masking provably prevents attacks up to a certain security order and leads to a predictable increase in the number of required leakages for successful attacks beyond this order. The noise level in typical processors where software masking is used may not be very high, thus low masking orders are not sufficient for real world security. Higher order masking however comes at a great cost, and therefore a number techniques have been published over the years that make such implementations more efficient via parallelisation in the form of bit or share slicing. We take two highly regarded schemes (ISW and Barthe et al.), and some corresponding open source implementations that make use of share slicing, and discuss their true security on an ARM Cortex-M0 and an ARM Cortex-M3 processor (both from the LPC series). We show that micro-architectural features of the M0 and M3 undermine the independence assumptions made in masking proofs and thus their theoretical guarantees do not translate into practice (even worse it seems unpredictable at which order leaks can be expected). Our results demonstrate how difficult it is to link theoretical security proofs to practical real-world security guarantees.

Download Full-text

Side-Channel Countermeasures’ Dissection and the Limits of Closed Source Security Evaluations

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i2.1-25 ◽

2020 ◽

pp. 1-25 ◽

Cited By ~ 1

Author(s):

Olivier Bronchain ◽

François-Xavier Standaert

Keyword(s):

Machine Learning ◽

Open Source ◽

Side Channel ◽

Learning Tools ◽

Side Channel Attacks ◽

Data Dependencies ◽

Security Evaluations ◽

Systèmes D’Information ◽

Closed Source ◽

Leakage Assessment

We take advantage of a recently published open source implementation of the AES protected with a mix of countermeasures against side-channel attacks to discuss both the challenges in protecting COTS devices against such attacks and the limitations of closed source security evaluations. The target implementation has been proposed by the French ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) to stimulate research on the design and evaluation of side-channel secure implementations. It combines additive and multiplicative secret sharings into an affine masking scheme that is additionally mixed with a shuffled execution. Its preliminary leakage assessment did not detect data dependencies with up to 100,000 measurements. We first exhibit the gap between such a preliminary leakage assessment and advanced attacks by demonstrating how a countermeasures’ dissection exploiting a mix of dimensionality reduction, multivariate information extraction and key enumeration can recover the full key with less than 2,000 measurements. We then discuss the relevance of open source evaluations to analyze such implementations efficiently, by pointing out that certain steps of the attack are hard to automate without implementation knowledge (even with machine learning tools), while performing them manually is straightforward. Our findings are not due to design flaws but from the general difficulty to prevent side-channel attacks in COTS devices with limited noise. We anticipate that high security on such devices requires significantly more shares.

Download Full-text

Side Channel Assessment Platforms and Tools for Ubiquitous Systems

Security of Ubiquitous Computing Systems ◽

10.1007/978-3-030-10591-4_9 ◽

2021 ◽

pp. 147-163

Author(s):

Apostolos P. Fournaris ◽

Athanassios Moschos ◽

Nicolas Sklavos

Keyword(s):

Open Source ◽

Control Mechanism ◽

Side Channel ◽

Slow Process ◽

Considerable Time ◽

Side Channel Attacks ◽

Ubiquitous Systems ◽

Need To Evaluate ◽

Implementation Under Test

AbstractSide Channel Attacks are nowadays considered a serious risk for many security products and ubiquitous devices. Strong security solution providers need to evaluate their implementations against such attacks before publishing them on the market, thus performing a thorough assessment. However, this procedure is not straightforward and even with the appropriate equipment, it may require considerable time to provide results due to the slow process of collecting measurements (traces) and the inflexible way of controlling the tested implementation. In this chapter, we explore and overview the trace collection landscape for generic devices under test (including ubiquitous systems) highlighting and overviewing the latest trace collection toolsets and their shortcomings, but also proposing a trace collection approach that can be applied on the most recent, open source toolsets. We showcase our proposed approach on the FlexLeco project architecture, which we have developed in our lab, and manage to practically describe how an evaluator using the proposed methodology can collect traces easily and quickly without the need to completely redesign a control mechanism for the implementation under test.

Download Full-text

Securing Interruptible Enclaved Execution on Small Microprocessors

ACM Transactions on Programming Languages and Systems ◽

10.1145/3470534 ◽

2021 ◽

Vol 43 (3) ◽

pp. 1-77

Author(s):

Matteo Busi ◽

Job Noorman ◽

Jo Van Bulck ◽

Letterio Galletta ◽

Pierpaolo Degano ◽

...

Keyword(s):

Programming Languages ◽

Virtual Memory ◽

Side Channel ◽

Side Channel Attacks ◽

Concrete Case ◽

Full Abstraction ◽

The Past ◽

Architectural Features ◽

The Cost ◽

Isolation Mechanisms

Computer systems often provide hardware support for isolation mechanisms such as privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken, the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features brings a risk of introducing new software-based side-channel attacks. This article studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. Our solution is heavily based on techniques from research on programming languages. More specifically, we propose to use the programming language concept of full abstraction as a general formal criterion for the security of a processor extension. We instantiate the proposed criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility. This is a very relevant instantiation, as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor and evaluate the cost of our design in terms of performance and hardware size.

Download Full-text

Electron Microscopy in Molecular Biology

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100060027 ◽

1967 ◽

Vol 25 ◽

pp. 2-3

Author(s):

Cecil E. Hall

Keyword(s):

Electron Microscopy ◽

Molecular Biology ◽

Noise Level ◽

Molecular Structures ◽

Material Structure ◽

The Arts ◽

Shadow Casting ◽

Electron Image ◽

High Degree ◽

Very High

The visualization of organic macromolecules such as proteins, nucleic acids, viruses and virus components has reached its high degree of effectiveness owing to refinements and reliability of instruments and to the invention of methods for enhancing the structure of these materials within the electron image. The latter techniques have been most important because what can be seen depends upon the molecular and atomic character of the object as modified which is rarely evident in the pristine material. Structure may thus be displayed by the arts of positive and negative staining, shadow casting, replication and other techniques. Enhancement of contrast, which delineates bounds of isolated macromolecules has been effected progressively over the years as illustrated in Figs. 1, 2, 3 and 4 by these methods. We now look to the future wondering what other visions are waiting to be seen. The instrument designers will need to exact from the arts of fabrication the performance that theory has prescribed as well as methods for phase and interference contrast with explorations of the potentialities of very high and very low voltages. Chemistry must play an increasingly important part in future progress by providing specific stain molecules of high visibility, substrates of vanishing “noise” level and means for preservation of molecular structures that usually exist in a solvated condition.

Download Full-text

New Countermeasures Against Side-Channel Attacks for Cryptography on Elliptic Curves

Telecommunications and Radio Engineering ◽

10.1615/telecomradeng.v65.i10.40 ◽

2006 ◽

Vol 65 (10) ◽

pp. 913-922

Author(s):

Ya. N. Imamverdiev

Keyword(s):

Elliptic Curves ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

Countermeasure for Cryptographic Chips to Resist Side-Channel Attacks

Journal of Software ◽

10.3724/sp.j.1001.2008.02990 ◽

2009 ◽

Vol 19 (11) ◽

pp. 2990-2998 ◽

Cited By ~ 1

Author(s):

Tao ZHANG ◽

Ming-Yu FAN

Keyword(s):

Side Channel ◽

Side Channel Attacks

Download Full-text

S-DAC: A Novel Dynamic Substitution boxes using hybrid chaotic system and Deoxyribonuceic Acid(DNA) coding for counterfeiting Side-Channel Attacks

Personal and Ubiquitous Computing ◽

10.1007/s00779-021-01579-4 ◽

2021 ◽

Author(s):

Aruna S ◽

Usha G

Keyword(s):

Chaotic System ◽

Side Channel ◽

Side Channel Attacks ◽

Dna Coding ◽

Substitution Boxes

Download Full-text

GPU Side-Channel Attacks are Everywhere: A Survey

2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia) ◽

10.1109/icce-asia49877.2020.9276805 ◽

2020 ◽

Author(s):

Taehun Kim ◽

Youngjoo Shin

Keyword(s):

Side Channel ◽

Side Channel Attacks

Download Full-text

A Real‐World Study of User Characteristics, Safety and Efficacy of Open‐Source Closed‐Loop Systems and Medtronic 670G

Diabetes Obesity and Metabolism ◽

10.1111/dom.14439 ◽

2021 ◽

Author(s):

Roshell Jeyaventhan ◽

Geraldine Gallen ◽

Pratik Choudhary ◽

Sufyan Hussain

Keyword(s):

Open Source ◽

Real World ◽

Closed Loop ◽

User Characteristics ◽

Safety And Efficacy ◽

Closed Loop Systems

Download Full-text

ThermalAttackNet: Are CNNs Making It Easy to Perform Temperature Side-Channel Attack in Mobile Edge Devices?

Future Internet ◽

10.3390/fi13060146 ◽

2021 ◽

Vol 13 (6) ◽

pp. 146

Author(s):

Somdip Dey ◽

Amit Kumar Singh ◽

Klaus McDonald-Maier

Keyword(s):

Information Flow ◽

Heat Dissipation ◽

Side Channel ◽

Side Channel Attack ◽

Side Channel Attacks ◽

Information Flow Control ◽

On Chip ◽

Temperature Side ◽

Over Time ◽

Memory Efficient

Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this paper, we study how computer vision-based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi-processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.

Download Full-text