Semi-Automatic Locating of Cryptographic Operations in Side-Channel Traces

Locating a cryptographic operation in a side-channel trace, i.e. finding out where it is in the time domain, without having a template, can be a tedious task even for unprotected implementations. The sheer amount of data can be overwhelming. In a simple call to OpenSSL for AES-128 ECB encryption of a single data block, only 0.00028% of the trace relate to the actual AES-128 encryption. The rest is overhead. We introduce the (to our best knowledge) first method to locate a cryptographic operation in a side-channel trace in a largely automated fashion. The method exploits meta information about the cryptographic operation and requires an estimate of its implementation’s execution time.The method lends itself to parallelization and our implementation in a tool greatly benefits from GPU acceleration. The tool can be used offline for trace segmentation and for generating a template which can then be used online in real-time waveformmatching based triggering systems for trace acquisition or fault injection. We evaluate it in six scenarios involving hardware and software implementations of different cryptographic operations executed on diverse platforms. Two of these scenarios cover realistic protocol level use-cases and demonstrate the real-world applicability of our tool in scenarios where classical leakage-detection techniques would not work. The results highlight the usefulness of the tool because it reliably and efficiently automates the task and therefore frees up time of the analyst.The method does not work on traces of implementations protected by effective time randomization countermeasures, e.g. random delays and unstable clock frequency, but is not affected by masking, shuffling and similar countermeasures.

Download Full-text

Leakage Detection with the x2-Test

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2018.i1.209-237 ◽

2018 ◽

pp. 209-237 ◽

Cited By ~ 6

Author(s):

Amir Moradi ◽

Bastian Richter ◽

Tobias Schneider ◽

François-Xavier Standaert

Keyword(s):

Black Box ◽

Higher Order ◽

T Test ◽

Statistical Moments ◽

Side Channel ◽

Leakage Detection ◽

Key Recovery ◽

Detection Techniques ◽

The Moment ◽

Key Recovery Attacks

We describe how Pearson’s χ2-test can be used as a natural complement to Welch’s t-test for black box leakage detection. In particular, we show that by using these two tests in combination, we can mitigate some of the limitations due to the moment-based nature of existing detection techniques based on Welch’s t-test (e.g., for the evaluation of higher-order masked implementations with insufficient noise). We also show that Pearson’s χ2-test is naturally suited to analyze threshold implementations with information lying in multiple statistical moments, and can be easily extended to a distinguisher for key recovery attacks. As a result, we believe the proposed test and methodology are interesting complementary ingredients of the side-channel evaluation toolbox, for black box leakage detection and non-profiled attacks, and as a preliminary before more demanding advanced analyses.

Download Full-text

Side-Channel Leakage Detection Based on Constant Parameter Channel Model

2020 IEEE 38th International Conference on Computer Design (ICCD) ◽

10.1109/iccd50377.2020.00098 ◽

2020 ◽

Author(s):

Wei Yang ◽

Hailong Zhang ◽

Yansong Gao ◽

Anmin Fu ◽

Songjie Wei

Keyword(s):

Channel Model ◽

Side Channel ◽

Constant Parameter ◽

Leakage Detection

Download Full-text

Introduction to Side Channel Attacks and Investigation of Power Analysis and Fault Injection Attack Techniques

Security and Organization within IoT and Smart Cities ◽

10.1201/9781003018636-8 ◽

2020 ◽

pp. 133-156

Author(s):

Shaminder Kaur ◽

Balwinder Singh ◽

Harsimranjit Kaur

Keyword(s):

Power Analysis ◽

Fault Injection ◽

Side Channel ◽

Side Channel Attacks ◽

Fault Injection Attack

Download Full-text

A Survey: Data Leakage Detection Techniques

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v8i4.pp2247-2253 ◽

2018 ◽

Vol 8 (4) ◽

pp. 2247

Author(s):

K. S. Wagh

Keyword(s):

Credit Card ◽

Information Leakage ◽

Leakage Detection ◽

Sensitive Data ◽

Detection Techniques ◽

Personal Credit ◽

Customer Information ◽

Other Information ◽

Effective System ◽

Credit Card Data

Data is an important property of various organizations and it is intellectual property of organization. Every organization includes sensitive data as customer information, financial data, data of patient, personal credit card data and other information based on the kinds of management, institute or industry. For the areas like this, leakage of information is the crucial problem that the organization has to face, that poses high cost if information leakage is done. All the more definitely, information leakage is characterize as the intentional exposure of individual or any sort of information to unapproved outsiders. When the important information is goes to unapproved hands or moves towards unauthorized destination. This will prompts the direct and indirect loss of particular industry in terms of cost and time. The information leakage is outcomes in vulnerability or its modification. So information can be protected by the outsider leakages. To solve this issue there must be an efficient and effective system to avoid and protect authorized information. From not so long many methods have been implemented to solve same type of problems that are analyzed here in this survey. This paper analyzes little latest techniques and proposed novel Sampling algorithm based data leakage detection techniques.

Download Full-text

Real-Time Detection for Cache Side Channel Attack using Performance Counter Monitor

Applied Sciences ◽

10.3390/app10030984 ◽

2020 ◽

Vol 10 (3) ◽

pp. 984 ◽

Cited By ~ 2

Author(s):

Jonghyeon Cho ◽

Taehun Kim ◽

Soojin Kim ◽

Miok Im ◽

Taehyun Kim ◽

...

Keyword(s):

Machine Learning ◽

Real Time ◽

Detection Method ◽

Machine Learning Algorithms ◽

Side Channel ◽

Side Channel Attacks ◽

Detection Techniques ◽

Performance Counter ◽

Secret Information ◽

Real Time Detection

Cache side channel attacks extract secret information by monitoring the cache behavior of a victim. Normally, this attack targets an L3 cache, which is shared between a spy and a victim. Hence, a spy can obtain secret information without alerting the victim. To resist this attack, many detection techniques have been proposed. However, these approaches have limitations as they do not operate in real time. This article proposes a real-time detection method against cache side channel attacks. The proposed technique performs the detection of cache side channel attacks immediately after observing a variation of the CPU counters. For this, Intel PCM (Performance Counter Monitor) and machine learning algorithms are used to measure the value of the CPU counters. Throughout the experiment, several PCM counters recorded changes during the attack. From these observations, a detecting program was implemented by using these counters. The experimental results show that the proposed detection technique displays good performance for real-time detection in various environments.

Download Full-text

A Countermeasure against DPA on SIMON with an Area-Efficient Structure

Electronics ◽

10.3390/electronics8020240 ◽

2019 ◽

Vol 8 (2) ◽

pp. 240 ◽

Cited By ~ 1

Author(s):

Yuanyuan Zhang ◽

Ning Wu ◽

Fang Zhou ◽

Jinbao Zhang ◽

Muhammad Yahya

Keyword(s):

Circuit Design ◽

Power Analysis ◽

Fault Injection ◽

Low Cost ◽

T Test ◽

Side Channel ◽

Cryptographic Algorithms ◽

Randomization Scheme ◽

The Cost ◽

Area Efficient

Differential power analysis (DPA) is an effective side channel attack method, which poses a critical threat to cryptographic algorithms, especially lightweight ciphers such as SIMON. In this paper, we propose an area-efficient countermeasure against DPA on SIMON based on the power randomization. Firstly, we review and analyze the architecture of SIMON algorithm. Secondly, we prove the threat of DPA attack to SIMON by launching actual DPA attack on SIMON 32/64 circuit. Thirdly, a low-cost power randomization scheme is proposed by combining fault injection with double rate technology, and the corresponding circuit design is implemented. To the best of our knowledge, this is the first scheme that applies the combination of fault injection and double rate technology to the DPA-resistance. Finally, the t-test is used to evaluate the security mechanism of the proposed designs with leakage quantification. Our experimental results show that the proposed design implements DPA-resistance of SIMON algorithm at certain overhead the cost of 47.7% LUTs utilization and 39.6% registers consumption. As compared to threshold implementation and bool mask, the proposed scheme has greater advantages in resource consumption.

Download Full-text

Comparison Of Error Detection Techniques Using Software-based Fault Injection

10.1109/wiem.1994.654400 ◽

2005 ◽

Author(s):

D. Wilson ◽

G. Sullivan ◽

G. Masson ◽

J. Bright

Keyword(s):

Error Detection ◽

Fault Injection ◽

Detection Techniques

Download Full-text

Optical Fault Injection Attacks against Cipher Chip

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1044-1045.1498 ◽

2014 ◽

Vol 1044-1045 ◽

pp. 1498-1502 ◽

Cited By ~ 1

Author(s):

Hong Sheng Wang ◽

Dao Gang Ji ◽

Yang Zhang ◽

Kai Yan Chen ◽

Kai Song

Keyword(s):

Fault Injection ◽

Side Channel ◽

Side Channel Attack ◽

Side Channel Attacks ◽

Secret Information ◽

Injection Attacks ◽

Cryptographic Algorithms ◽

Fault Injection Attacks

Cipher chips, such as microprocessors, are playing the important role in most cryptosystems, and implementing many public cryptographic algorithms. However, Side channel attacks pose serious threats to Cipher chips. Optical Side channel attack is a new kind of method against cipher chips. Two methods are presented in this paper, which shows how to implement optical fault injection attacks against RSA and AES algorithms running on AT89C52 microchip, and demonstrates how to exploit secret information under attack.

Download Full-text

Detecting Faults in Inner-Product Masking Scheme - IPM-FD: IPM with Fault Detection

10.29007/fv2n ◽

2019 ◽

Author(s):

Wei Cheng ◽

Claude Carlet ◽

Kouassi Goli ◽

Jean-Luc Danger ◽

Sylvain Guilley

Keyword(s):

Fault Detection ◽

Fault Injection ◽

Inner Product ◽

Side Channel ◽

Embedded Devices ◽

Side Channel Analysis ◽

Injection Attacks ◽

Word Level ◽

Channel Analysis ◽

Fault Injection Attacks

Side-channel analysis and fault injection attacks are two typical threats to cryptographic implementations, especially in modern embedded devices. Thus there is an insistent demand for dual side-channel and fault injection protections. As it is known, masking scheme is a kind of provable countermeasures against side-channel attacks. Recently, inner product masking (IPM) was proposed as a promising higher-order masking scheme against side-channel analysis, but not for fault injection attacks. In this paper, we devise a new masking scheme named IPM-FD. It is built on IPM, which enables fault detection. This novel masking scheme has three properties: the security orders in the word-level probing model, bit-level probing model, and the number of detected faults. IPM-FD is proven secure both in the word-level and in the bit-level probing models, and allows for end-to-end fault detection against fault injection attacks.Furthermore, we illustrate its security order by linking it to one defining parameters of linear code, and show its implementation cost by applying IPM-FD to AES-128.

Download Full-text

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2018.i2.96-122 ◽

2018 ◽

pp. 96-122 ◽

Cited By ~ 6

Author(s):

Jakub Breier ◽

Xiaolu Hou ◽

Yang Liu

Keyword(s):

Fault Injection ◽

Fault Analysis ◽

Data Flow Graph ◽

Assembly Code ◽

The Past ◽

Injection Attacks ◽

Differential Fault Analysis ◽

Software Implementations ◽

Fault Injection Attack ◽

Fault Injection Attacks

Over the past decades, fault injection attacks have been extensively studied due to their capability to efficiently break cryptographic implementations. Fault injection attack models are normally determined by analyzing the cipher structure and finding exploitable spots in non-linear and permutation layers. However, this level of abstraction is often too high to distinguish vulnerable parts of software implementations, due to specific operations and optimizations. On the other hand, manually analyzing the assembly code requires non-negligible amount of time and expertise. In this paper, we propose an automated approach for analyzing cipher implementations in assembly. We represent the whole assembly program as a data flow graph so that the vulnerable spots can be found efficiently. Fault propagation is analyzed in a subgraph constructed from each vulnerable spot, allowing equations for Differential Fault Analysis (DFA) to be automatically generated. We have created a tool that implements our approach: DATAC – DFA Automation Tool for Assembly Code. We have successfully used this tool for attacking PRESENT- 80, being able to find implementation-specific vulnerabilities that can be exploited in order to recover the last round key with 16 faults. Our results show that DATAC is useful in finding attack spots that are not visible from the cipher structure, but can be easily exploited when dealing with real-world implementations.

Download Full-text