A White-Box Masking Scheme Resisting Computational and Algebraic Attacks

White-box cryptography attempts to protect cryptographic secrets in pure software implementations. Due to their high utility, white-box cryptosystems (WBC) are deployed by the industry even though the security of these constructions is not well defined. A major breakthrough in generic cryptanalysis of WBC was Differential Computation Analysis (DCA), which requires minimal knowledge of the underlying white-box protection and also thwarts many obfuscation methods. To avert DCA, classic masking countermeasures originally intended to protect against highly related side-channel attacks have been proposed for use in WBC. However, due to the controlled environment of WBCs, new algebraic attacks against classic masking schemes have quickly been found. These algebraic DCA attacks break all classic masking countermeasures efficiently, as they are independent of the masking order.In this work, we propose a novel generic masking scheme that can resist both DCA and algebraic DCA attacks. The proposed scheme extends the seminal work by Ishai et al. which is probing secure and thus resists DCA, to also resist algebraic attacks. To prove the security of our scheme, we demonstrate the connection between two main security notions in white-box cryptography: probing security and prediction security. Resistance of our masking scheme to DCA is proven for an arbitrary order of protection, using the well-known strong non-interference notion by Barthe et al. Our masking scheme also resists algebraic attacks, which we show concretely for first and second-order algebraic protection. Moreover, we present an extensive performance analysis and quantify the overhead of our scheme, for a proof-of-concept protection of an AES implementation.

Download Full-text

Semi-Automatic Locating of Cryptographic Operations in Side-Channel Traces

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2022.i1.345-366 ◽

2021 ◽

pp. 345-366

Author(s):

Jens Trautmann ◽

Arthur Beckers ◽

Lennert Wouters ◽

Stefan Wildermann ◽

Ingrid Verbauwhede ◽

...

Keyword(s):

Fault Injection ◽

Side Channel ◽

Leakage Detection ◽

Clock Frequency ◽

Detection Techniques ◽

Effective Time ◽

Meta Information ◽

Software Implementations ◽

Single Data ◽

The Time Domain

Locating a cryptographic operation in a side-channel trace, i.e. finding out where it is in the time domain, without having a template, can be a tedious task even for unprotected implementations. The sheer amount of data can be overwhelming. In a simple call to OpenSSL for AES-128 ECB encryption of a single data block, only 0.00028% of the trace relate to the actual AES-128 encryption. The rest is overhead. We introduce the (to our best knowledge) first method to locate a cryptographic operation in a side-channel trace in a largely automated fashion. The method exploits meta information about the cryptographic operation and requires an estimate of its implementation’s execution time.The method lends itself to parallelization and our implementation in a tool greatly benefits from GPU acceleration. The tool can be used offline for trace segmentation and for generating a template which can then be used online in real-time waveformmatching based triggering systems for trace acquisition or fault injection. We evaluate it in six scenarios involving hardware and software implementations of different cryptographic operations executed on diverse platforms. Two of these scenarios cover realistic protocol level use-cases and demonstrate the real-world applicability of our tool in scenarios where classical leakage-detection techniques would not work. The results highlight the usefulness of the tool because it reliably and efficiently automates the task and therefore frees up time of the analyst.The method does not work on traces of implementations protected by effective time randomization countermeasures, e.g. random delays and unstable clock frequency, but is not affected by masking, shuffling and similar countermeasures.

Download Full-text

Deep Learning and NLP based Side Channel Attack for Text Inference in Smartphones

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.b3432.129219 ◽

2019 ◽

Vol 9 (2) ◽

pp. 1132-1137

Keyword(s):

Small Volume ◽

Detection Method ◽

Critical Role ◽

Mobile Security ◽

Training Data ◽

Embedded Sensors ◽

Side Channel ◽

Proof Of Concept ◽

Side Channel Attack ◽

The Past

Over the past years, smartphones have witnessed an alarming rise in embedded sensors which enhance their support for applications. However, they can be regarded as loopholes as seemingly innocuous information can be obtained without any user permissions in Android thus invading the user’s privacy. Our work establishes a side channel attack by illegitimately inferring the information being typed by the user on a smartphone using the readings from ‘zero-permission’ sensors like accelerometer and gyroscope. This serves as a proof of concept to prevent such attacks on mobile devices in the future. While previous research has been conducted in this space, our narrative involves a predictive model using Recurrent Neural Networks that can predict the letters being typed in the keyboard solely based on the motion sensor readings, thus inferring the text. Our research was able to identify 37.5% of the unseen words typed by the user using a very small volume of training data. Our tap detection method has shown 92% accuracy which plays a critical role in the text inference. This research lays the foundation to further progress in this area, thus helping to strengthen the mobile security

Download Full-text

Return of the Hidden Number Problem.

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i1.146-168 ◽

2018 ◽

pp. 146-168 ◽

Cited By ~ 1

Author(s):

Keegan Ryan

Keyword(s):

Side Channel ◽

Proof Of Concept ◽

Private Key ◽

Side Channels ◽

Signature Generation ◽

Number Problem ◽

Minimum Number ◽

Hidden Number Problem ◽

State Changes ◽

Full Proof

Side channels have long been recognized as a threat to the security of cryptographic applications. Implementations can unintentionally leak secret information through many channels, such as microarchitectural state changes in processors, changes in power consumption, or electromagnetic radiation. As a result of these threats, many implementations have been hardened to defend against these attacks. Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures. The target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread. Finally, estimates are provided for the minimum number of signatures needed to perform the attack, and countermeasures are suggested to protect against this attack.

Download Full-text

Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.202-234 ◽

2021 ◽

pp. 202-234

Author(s):

Olivier Bronchain ◽

François-Xavier Standaert

Keyword(s):

Positive Impact ◽

Side Channel ◽

Lightweight Cryptography ◽

Key Recovery ◽

Information Theoretic ◽

Maximum Security ◽

Software Implementations ◽

Software Platforms ◽

Security Evaluations ◽

Security Guarantees

We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde, in ARM Cortex-M0 and M3 devices. Rather than looking for possibly reduced security orders (as frequently considered in the literature), we directly target these implementations by assuming their maximum security order and aim at reducing their noise level thanks to multivariate, horizontal and analytical attacks. Our investigations point out that the Cortex-M0 device has so limited physical noise that masking is close to ineffective. The Cortex-M3 shows a better trend but still requires a large number of shares to provide strong security guarantees. Practically, we first exhibit a full 128-bit key recovery in less than 10 traces for a 6-share masked AES implementation running on the Cortex-M0 requiring 232 enumeration power. A similar attack performed against the Cortex-M3 with 5 shares require 1,000 measurements with 244 enumeration power. We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of the CHES 2020 CTF. We complement these experiments with a careful information theoretic analysis, which allows interpreting our results. We also discuss our conclusions under the umbrella of “backwards security evaluations” recently put forwards by Azouaoui et al. We finally extrapolate the evolution of the proposed attack complexities in the presence of additional countermeasures using the local random probing model proposed at CHES 2020.

Download Full-text

A Secure White Box Implementation of AES Against First Order DCA

10.5753/sbseg.2019.13986 ◽

2019 ◽

Author(s):

Ana Clara Serpa ◽

Giuliano Sider ◽

Hayato Fujii ◽

Félix Rodrigues ◽

Ricardo Dahab ◽

...

Keyword(s):

Experimental Results ◽

Side Channel ◽

Performance Difference ◽

First Order ◽

Cryptographic Algorithm ◽

Cryptographic Algorithms ◽

Execution Environment ◽

Computation Analysis ◽

Complete Access ◽

Secure Implementation

The white box threat model considers an attacker with complete access to the implementation and execution environment of a cryptographic algorithm. Aiming towards secure implementation of cryptographic algorithms in this context, several implementations of the AES cipher were proposed in the literature. However, they were proven vulnerable to implementation speciﬁc attacks, as well as to reﬁned side-channel and more robust attacks that do not rely on implementation knowledge of the cipher, such as DCA (differential computation analysis). In this paper we present a white box implementation of the AES cipher with recently proposed DCA countermeasures [Lee et al. 2018]. We provide a comparison of the performance difference these countermeasures incur in practice and report some preliminary experimental results on the security of our implementation.

Download Full-text

Key Bit-Dependent Side-Channel Attacks on Protected Binary Scalar Multiplication †

Applied Sciences ◽

10.3390/app8112168 ◽

2018 ◽

Vol 8 (11) ◽

pp. 2168 ◽

Cited By ~ 2

Author(s):

Bo-Yeon Sim ◽

Junki Kang ◽

Dong-Guk Han

Keyword(s):

Success Rate ◽

Electromagnetic Emission ◽

Scalar Multiplication ◽

Statistical Characteristics ◽

Side Channel ◽

Secret Key ◽

Side Channel Analysis ◽

Software Implementations ◽

Channel Analysis ◽

Single Trace

Binary scalar multiplication, which is the main operation of elliptic curve cryptography, is vulnerable to side-channel analysis. It is especially vulnerable to side-channel analysis using power consumption and electromagnetic emission patterns. Thus, various countermeasures have been reported. However, they focused on eliminating patterns of conditional branches, statistical characteristics according to intermediate values, or data inter-relationships. Even though secret scalar bits are directly loaded during the check phase, countermeasures for this phase have not been considered. Therefore, in this paper, we show that there is side-channel leakage associated with secret scalar bit values. We experimented with hardware and software implementations, and experiments were focused on the Montgomery–López–Dahab ladder algorithm protected by scalar randomization in hardware implementations. We show that we could extract secret key bits with a 100% success rate using a single trace. Moreover, our attack did not require sophisticated preprocessing and could defeat existing countermeasures using a single trace. We focused on the key bit identification functions of mbedTLS and OpenSSL in software implementations. The success rate was over 94%, so brute-force attacks could still be able to recover the whole secret scalar bits. We propose a countermeasure and demonstrate experimentally that it can be effectively applied.

Download Full-text

DOMREP – An Orthogonal Countermeasure for Arbitrary Order Side-Channel and Fault Attack Protection

IEEE Transactions on Information Forensics and Security ◽

10.1109/tifs.2021.3089875 ◽

2021 ◽

pp. 1-1

Author(s):

Michael Gruber ◽

Matthias Probst ◽

Patrick Karl ◽

Thomas Schamberger ◽

Lars Tebelmann ◽

...

Keyword(s):

Arbitrary Order ◽

Side Channel ◽

Fault Attack

Download Full-text

Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2022.i1.28-68 ◽

2021 ◽

pp. 28-68

Author(s):

Shoei Nashimoto ◽

Daisuke Suzuki ◽

Rei Ueno ◽

Naofumi Homma

Keyword(s):

Real World ◽

Fault Injection ◽

Side Channel ◽

Proof Of Concept ◽

Malicious Software ◽

Memory Protection ◽

Channel Information ◽

Execution Environment ◽

Fault Injection Attack ◽

Trusted Execution Environment

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

Download Full-text

Cross-Device Profiled Side-Channel Attack with Unsupervised Domain Adaptation

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.27-56 ◽

2021 ◽

pp. 27-56

Author(s):

Pei Cao ◽

Chi Zhang ◽

Xiangjun Lu ◽

Dawu Gu

Keyword(s):

Domain Adaptation ◽

State Of The Art ◽

Fine Tuning ◽

Cross Entropy ◽

Side Channel ◽

Proof Of Concept ◽

Maximum Mean Discrepancy ◽

Unsupervised Domain Adaptation ◽

Multiple Devices ◽

The Impact

Deep learning (DL)-based techniques have recently proven to be very successful when applied to profiled side-channel attacks (SCA). In a real-world profiled SCA scenario, attackers gain knowledge about the target device by getting access to a similar device prior to the attack. However, most state-of-the-art literature performs only proof-of-concept attacks, where the traces intended for profiling and attacking are acquired consecutively on the same fully-controlled device. This paper reminds that even a small discrepancy between the profiling and attack traces (regarded as domain discrepancy) can cause a successful single-device attack to completely fail. To address the issue of domain discrepancy, we propose a Cross-Device Profiled Attack (CDPA), which introduces an additional fine-tuning phase after establishing a pretrained model. The fine-tuning phase is designed to adjust the pre-trained network, such that it can learn a hidden representation that is not only discriminative but also domain-invariant. In order to obtain domain-invariance, we adopt a maximum mean discrepancy (MMD) loss as a constraint term of the classic cross-entropy loss function. We show that the MMD loss can be easily calculated and embedded in a standard convolutional neural network. We evaluate our strategy on both publicly available datasets and multiple devices (eight Atmel XMEGA 8-bit microcontrollers and three SAKURA-G evaluation boards). The results demonstrate that CDPA can improve the performance of the classic DL-based SCA by orders of magnitude, which significantly eliminates the impact of domain discrepancy caused by different devices.

Download Full-text

Proof of Concept: Pozzolan Bricks for Saline Water Evaporative Cooling in Controlled Environment Agriculture

Applied Engineering in Agriculture ◽

10.13031/aea.13013 ◽

2018 ◽

Vol 34 (6) ◽

pp. 929-937 ◽

Cited By ~ 1

Author(s):

Ryan M Lefers ◽

Philip A Davies ◽

Nina V Fedoroff ◽

Nassar Almadhoun ◽

Mark A Tester ◽

...

Keyword(s):

Fresh Water ◽

Water Footprint ◽

Saline Water ◽

Salt Water ◽

Evaporative Cooling ◽

Controlled Environment ◽

Proof Of Concept ◽

Cooling Systems ◽

Controlled Environment Agriculture ◽

Agriculture Systems

Abstract. Control of indoor temperature and humidity is of critical concern for controlled environment agriculture systems in hot, arid regions. Evaporative cooling is a technology utilized for energy-efficient cooling and humidification of these systems. However, the evaporative cooling process consumes considerable amounts of water, as much as 80-90% of the water footprint for indoor food production in these regions. The use of saline water in place of fresh water in evaporative cooling systems offers a potential solution for greatly improving the sustainability of these systems. However, the use of saline water in industry-standard cellulose pad systems can cause premature clogging of the porous medium, leading to system failure and the need for porous media replacement. A new evaporative cooling technology consisting of crushed pozzolan volcanic rock formed into porous bricks was evaluated for use in controlled environment agriculture systems using saline water. Two brick designs were tested for proof of concept cooling of commercial-scale greenhouses. Temperature-based cooling efficiencies of the bricks were achieved that are comparable to cellulose pads. In addition, the pozzolan-based bricks showed impressive resistance to saline water and harsh environments, requiring no replacement over the duration of the experimental trials. The integration of the pozzolan evaporative cooling systems using sea or brackish water with a water-saving growing technology, such as recirculating aquaponics or hydroponics, shows promise for reducing the fresh water footprint of food raised indoors in hot, dry environments by as much as 80%-90%. Keywords: Controlled environment, Evaporative cooling, Pozzolan, Salt, Water conservation.

Download Full-text