Figure 5 - uploaded by Chao Wang
Content may be subject to copyright.
Source publication
Many commercial systems in the embedded space have shown weakness against power analysis based side-channel attacks in recent years. Designing countermeasures to defend against such attacks is both labor intensive and error prone. Furthermore, there is a lack of formal methods for quantifying the actual strength of a countermeasure implementation....
Context in source publication
Context 1
... check if QMS reflects the masking strength of a software, we conducted a set of side-channel attacks on implementations of countermeasures for MAC-Keccak, AES, and a few other crypto- graphic algorithms. We ran all software code on a 32-bit Microb- laze processor [24] built on a Xilinx Spartan-3e FPGA ( Figure 5). To measure the power consumption of the processor core, we used a Tektronix DPO 3034 oscilloscope and a CT-2 current probe to sample the power consumption of the FPGA. ...
Similar publications
Many commercial systems in the embedded space have shown weakness against power analysis-based side-channel attacks in recent years. Random masking is a commonly used technique for removing the statistical dependency between the sensitive data and the side-channel information. However, the process of designing masking countermeasures is both labor...
Classifying unstructured text data written in natural languages is a cumbersome task, and this is even worse in cases of vast datasets with multiple languages. In this paper, the author explored the utilization of Long Short-Term Neural Network (LSTM) in designing a classification model that can learn text patterns and classify English and Tagalog-...
Citations
... Consequently, finding a SAT solution for Constraint 1 is highly expensive, especially when both secrets and blinding masks are present. Though an "optimal solution" is not yet clear, inspired by relevant research in perfect masking analysis [24][25][26], we expect to fix two different secrets , ′ and then iterate the quantifiers of all involved masks 1 , . . . , to count the ranges under , ′ . ...
Cache side-channel attacks exhibit severe threats to software security and privacy, especially for cryptosystems. In this paper, we propose CaType, a novel refinement type-based tool for detecting cache side channels in crypto software. Compared to previous works, CaType provides the following advantages: (1) For the first time CaType analyzes cache side channels using refinement type over x86 assembly code. It reveals several significant and effective enhancements with refined types, including bit-level granularity tracking, distinguishing different effects of variables, precise type inferences, and high scalability. (2) CaType is the first static analyzer for crypto libraries in consideration of blinding-based defenses. (3) From the perspective of implementation, CaType uses cache layouts of potential vulnerable control-flow branches rather than cache states to suppress false positives. We evaluate CaType in identifying side channel vulnerabilities in real-world crypto software, including RSA, ElGamal, and (EC)DSA from OpenSSL and Libgcrypt. CaType captures all known defects, detects previously-unknown vulnerabilities, and reveals several false positives of previous tools. In terms of performance, CaType is 16X faster than CacheD and 131X faster than CacheS when analyzing the same libraries. These evaluation results confirm the capability of CaType in identifying side channel defects with great precision, efficiency, and scalability.
... The first-order leakage on the non-constant time masked AES could as well be detected using metrics such as Quantitative Masking Strength (QMS [14]), Normalized Inter-Class Variance (NICV [3,25]), or Information Leakage Amount (ILA [31]). However, those statistical tools do not help in understanding the rootcause for the leakage -which is crucial for developers to fix their cryptographic implementations. ...
Masking schemes are classical countermeasures against Side-Channel Attacks on cryptographic implementations. This paper investigates the effectiveness of masking when the code does not run in constant time. We prove that in this case, a first-order Correlation Power Analysis can break an otherwise perfect masking scheme. Furthermore, with an in-depth leakage analysis on traces generated at a pre-silicon stage, we pinpoint the leaking instructions and recover a complex leakage model.
... Notion of masking strength or quantitative masking strength (QMS) [82,83,159,162] quantifies the bias of intermediate values with respect to secret input values and random values. This empirical security notion tells an adversary how many power measurement traces are needed to extract the secret data. ...
Side-channel attacks extracting sensitive data from implementations have been considered a major threat to the security of cryptographic schemes. This has elevated the need for improved designs by embodying countermeasures, with masking being the most prominent example. To formally verify the security of a masking scheme, numerous attack models have been developed to capture the physical properties of the information leakage as well as the capabilities of the adversary. With regard to these models, extensive research has been performed to realize masking schemes. These research efforts have led to significant progress in the development of security assessment methodologies and further initiated standardization activities. However, since the majority of this work is theoretical, it is challenging for the more practice-oriented hardware security community to fully grasp and contribute to. To bridge the gap, these advancements are reviewed and discussed in this survey, mainly from the perspective of hardware security. In doing so, a clear taxonomy is provided that is helpful for a systematic treatment of the masking-related topics. By giving an extensive overview of the existing methods, this survey (1) provides a research landscape of circuit masking for newcomers to the field, (2) offers guidelines on which attack model and verification tool to choose when designing masking schemes, and (3) identifies interesting new research directions where masking models and assessment tools can be applied. Thus, this survey serves as an essential reference for hardware security practitioners interested in the theory behind masking techniques, the tools useful to verify the security of masked circuits, and their potential applications.
... Static analysis relies on compile-time information to check if masking is implemented correctly [8,9,14,16,61]. They are faster than formal verification, which often relies on model counting [35][36][37]. However, formal verification is more accurate than static analysis. ...
The code generation modules inside modern compilers, which use a limited number of CPU registers to store a large number of program variables, may introduce side-channel leaks even in software equipped with state-of-the-art countermeasures. We propose a program analysis and transformation based method to eliminate such leaks. Our method has a type-based technique for detecting leaks, which leverages Datalog-based declarative analysis and domain-specific optimizations to achieve high efficiency and accuracy. It also has a mitigation technique for the compiler's backend, more specifically the register allocation modules, to ensure that leaky intermediate computation results are stored in different CPU registers or memory locations. We have implemented and evaluated our method in LLVM for the x86 instruction set architecture. Our experiments on cryptographic software show that the method is effective in removing the side channel while being efficient, i.e., our mitigated code is more compact and runs faster than code mitigated using state-of-the-art techniques.
... Besides leak detection, there are side-channel leak mitigation techniques that can generate countermeasures automatically, e.g., using compiler-like program transformations [7,13,53,65] or SMT solver based formal verification [15,32,33,68] and program synthesis [16,31,34,62] techniques. However, none of these emerging techniques was designed for, or applicable to, cache timing side channels due to concurrency. ...
The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.
... Beyond timing side channels, there are countermeasure techniques for mitigating leaks through other side channels including power [52,60] and faults [20]. Some of these techniques have been automated in compiler-like tools [8,19,64] whereas others have leveraged the more sophisticated, SMT solver-based, formal verification [37,38,87] and inductive synthesis techniques [36,39,82]. However, none of these compiler or formal methods based techniques was applied to cache-timing side channels. ...
We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret variables (e.g., cryptographic keys, security tokens, or passwords) and returns the transformed program as output. The transformed program is guaranteed to be functionally equivalent to the original program and free of both instruction- and cache-timing side channels. Specifically, we ensure that the number of CPU cycles taken to execute any path is independent of the secret data, and the cache behavior of memory accesses, in terms of hits and misses, is independent of the secret data. We have implemented our method in LLVM and validated its effectiveness on a large set of applications, which are cryptographic libraries with 19,708 lines of C/C++ code in total. Our experiments show the method is both scalable for real applications and effective in eliminating timing side channels.
... In the remainder of this article, we use power side-channel leaks in cryptographic software as examples to illustrate our recent work on formally verifying side-channel resistance Eldib et al. 2014c] as well as synthesizing countermeasures . Then, we discuss how to extend these techniques to handle other types of side channels and software systems. ...
... More specifically, the power dissipation correlates to the number of logical-1 bits of intermediate computation results. We have shown in our work [Eldib et al. 2014c] that the HW model is sufficiently accurate for conducting DPA attacks on embedded systems. Sometimes, however, the Hamming Distance (HD) model needs to be used instead, to relate variations in power dissipation to differences between the register values and their initial states [Brier et al. 2004]. ...
... However, it cannot quantify the amount of leakage in programs that are not perfectly masked. To differentiate the strengths of masking schemes, e.g., o1,o2,o3 in Fig. 2, we have extended the definition of perfect masking to quantify the amount of residual leakage [Eldib et al. 2014c]. That is, we define the quantitative masking strength (QMS) as the minimal value of (1 − ∆ qms ) such that, Intuitively, the numbers are consistent with the amount of power leakage. ...
We explain how formal verification and program synthesis can be used to (1) detect side-channel leaks of software code running on portable devices, (2) prove the absence of side-channel leaks, and (3) transform software to eliminate such leaks. We use power side-channel leaks in cryptographic software as examples, but the underlying techniques are applicable to other types of side channels and software systems as well.
... There have been significant advances in proving functional correctness for an OS kernel (including seL4 [70], CertiKOS [59], ExpressOS [75], and MinVisor [33]) and of internal kernel components (such as Rocksalt [81], Jitk [113], FSCQ [25], and XMHF [111]). Tools such as GLIFT [109], Caisson [73], Sapper [74], SecVerilog [118], and SC-Sniffer [46] use formal methods to ensure strong information security properties of hardware architecture. Advances in software-defined networking enable the synthesis [78] of consistent network configuration updates [96], which can ensure, for example, that firewall invariants are never violated, and thus insecure packet-flows are impossible. ...
... Through proper modeling, formal methods can verify the physical effects of hardware execution, including timing and power consumption. With such models, designers can reason about side-channel leakage (timing and power), and can verify countermeasures such as constant-time design (e.g., SecVerilog [118]) and perfect-masking for power randomization (e.g., SC-Sniffer [46]). Architecture models further help to verify the physical effects of software execution, such as cache timing effects (e.g., CacheAudit [40]). ...
Report on the NSF Workshop on Formal Methods for Security, held 19-20 November 2015.
... There is also a large body of work on verifying and synthesizing countermeasures against other types of side-channel attacks. They include, for example, the verification tools developed by Bayrak et al. [7], the SC Sniffer tool developed by Eldib et al. [16,17,15,18], the compiler assisted masking tool developed by Moss et al. [35], the code morphing method proposed by Agosta et al. [1], and the tool developed by Eldib et al. [14] for synthesizing masking countermeasures for cryptographic software. However, none of these existing tools can handle fault injection based attacks on cryptographic circuits. ...
Fault sensitivity analysis (FSA) is a side-channel attack method that injects faults to cryptographic circuits through clock glitching and applies statistical analysis to deduce sensitive data such as the cryptographic key. It exploits the correlation between the circuit's signal path delays and sensitive data. A countermeasure , in this case, is an alternative implementation of the circuit where signal path delays are made independent of the sensitive data. However, manually developing such countermeasure is tedious and error prone. In this paper, we propose a method for synthesizing the countermeasure automatically to defend against FSA attacks. Our method uses a syntax-guided inductive synthesis procedure combined with a lightweight static analysis. Given a circuit and a set of sensitive signals as input, it returns a functionally-equivalent and FSA-resistant circuit as output, where all path delays are made independent of the sensitive signals. We have implemented our method and evaluated it on a set of cryptographic circuits. Our experiments show that the method is both scalable and effective in eliminating FSA vulnerabilities.
... Concerning the first approach, we have made FlowTracker available since March of 2014. From the iteration with external users we got several benchmarks, ranging from trivial programs, such as the one in Figure 16, to complex code, such as the X25519 curve-based key agreement used in LibSSH [8] or the benchmarks of Eldib et al. [16]. FlowTracker correctly reported time-based leaks in all the examples where they were expected to be found, and did not trigger any warning in the cases where warnings were not expected. ...
... FlowTracker correctly reported time-based leaks in all the examples where they were expected to be found, and did not trigger any warning in the cases where warnings were not expected. Some of these results, such as those obtained on the QMS benchmarks [16] have not been reported before. ...
Information flow analyses traditionally use the Program Dependence Graph (PDG) as a supporting data-structure. This graph relies on Ferrante et al.'s notion of control dependences to represent implicit flows of information. A limitation of this approach is that it may create O(|I| × |E|) implicit flow edges in the PDG, where I are the instructions in a program, and E are the edges in its control flow graph. This paper shows that it is possible to compute information flow analyses using a different notion of implicit dependence, which yields a number of edges linear on the number of definitions plus uses of variables. Our algorithm computes these dependences in a single traversal of the program's dominance tree. This efficiency is possible due to a key property of programs in Static Single Assignment form: the definition of a variable dominates all its uses. Our algorithm correctly implements Hunt and Sands system of security types. Contrary to their original formulation, which required O(I 2) space and time for structured programs, we require only O(I). We have used our ideas to build FlowTracker, a tool that uncovers side-channel vulnerabilities in cryptographic algorithms. FlowTracker handles programs with over one-million assembly instructions in less than 200 seconds, and creates 24% less implicit flow edges than Ferrante et al.'s technique. FlowTracker has detected an issue in a constant-time implementation of Ellip-tic Curve Cryptography; it has found several time-variant constructions in OpenSSL, one issue in TrueCrypt and it has validated the isochronous behavior of the NaCl library.
