Architecture Support for Countermeasures against Side-Channel Analysis and Fault Attack

Kiaei, Pantea

January 2019

The cryptographic algorithms are designed to be mathematically secure; however, side-channel analysis attacks go beyond mathematics by taking measurements of the device’s electrical activity to reveal the secret data of a cipher. These attacks also go hand in hand with fault analysis techniques to disclose the secret key used in cryptographic ciphers with even fewer measurements. This is of practical concern due to the ubiquity of embedded systems that allow physical access to the adversary such as smart cards, ATMs, etc.. Researchers through the years have come up with techniques to block physical attacks to the hardware or make such attacks less likely to succeed. Most of the conducted research consider one or the other of side-channel analysis and fault injection attacks whereas, in a real setting, the adversary can simultaneously take advantage of both to retrieve the secret data with less effort. Furthermore, very little work considers a software implementation of these ciphers although, with the availability of small and affordable or free microarchitectures, and flexibility and simplicity of software implementations, it is at times more practical to have a software implementation of ciphers instead of dedicated hardware chips. In this project, we come up with a modular presentation, suitable for software implementation of ciphers, to allow having simultaneous resistance against side-channel and fault analysis attacks. We also present an extension at the microarchitecture level to make our proposed countermeasures more intact and efficient. / M.S. / Ciphers are algorithms designed by mathematicians. They protect data by encrypting them. In one of the main categories of these ciphers, called symmetric-key ciphers, a secret key is used to both encrypt and decrypt the data. Once the secret key of a cipher is retrieved, anyone can find the decoded data and thereby access the original data. Cryptographers traditionally sought to design ciphers in such a way that no adversary could reveal the secret key by finding holes in the algorithm. However, this has been shown insufficient for a specific implementation of a cryptographic algorithm to be considered as “unbreakable” since the physical properties of the implementation, can help an adversary find the secret key and break the encryption. Analyzing these physical properties can be either active; by making controlled changes in the normal progress of its execution, or passive; by merely measuring the physical properties during normal execution. Designers try to take these analyses into account when implementing a cryptographic function and so, in this project, we aim to present architectural support for a combination of some of the countermeasures.

Side-channel attacks

Fault attacks

Custom-instruction extensions

Bitslicing

Software countermeasures

Design Techniques for Side-channel Resistant Embedded Software

Sinha, Ambuj Sudhir

25 August 2011

Side Channel Attacks (SCA) are a class of passive attacks on cryptosystems that exploit implementation characteristics of the system. Currently, a lot of research is focussed towards developing countermeasures to side channel attacks. In this thesis, we address two challenges that are an inherent part of the efficient implementation of SCA countermeasures. While designing a system, design choices made for enhancing the efficiency or performance of the system can also affect the side channel security of the system. The first challenge is that the effect of different design choices on the side channel resistance of a system is currently not well understood. It is important to understand these effects in order to develop systems that are both secure and efficient. A second problem with incorporating SCA countermeasures is the increased design complexity. It is often difficult and time consuming to integrate an SCA countermeasure in a larger system. In this thesis, we explore that above mentioned problems from the point of view of developing embedded software that is resistant to power based side channel attacks. Our first work is an evaluation of different software AES implementations, from the perspective of side channel resistance, that shows the effect of design choices on the security and performance of the implementation. Next we present work that identifies the problems that arise while designing software for a particular type of SCA resistant architecture - the Virtual Secure Circuit. We provide a solution in terms of a methodology that can be used for developing software for such a system - and also demonstrate that this methodology can be conveniently automated - leading to swifter and easier software development for side channel resistant designs. / Master of Science

Bitslice Cryptography

Side Channel Attacks

Virtual Secure Circuit

Secure Embedded Systems

Side-channel Countermeasures

Constraint Based Program Synthesis for Embedded Software

Eldib, Hassan Shoukry

30 July 2015

In the world that we live in today, we greatly rely on software in nearly every aspect of our lives. In many critical applications, such as in transportation and medical systems, catastrophic consequences could occur in case of buggy software. As the computational power and storage capacity of computer hardware keep increasing, so are the size and complexity of the software. This makes testing and verification increasingly challenging in practice, and consequentially creates a chance for software with critical bugs to find their way into the consumer market. In this dissertation, I present a set of innovative new methods for automatically verifying, as well as synthesizing, critical software and hardware in embedded computing applications. Based on a set of rigorous formal analysis techniques, my methods can guarantee that the resulting software are efficient and secure as well as provably correct. / Ph. D.

Program Synthesis

Formal Verification

Embedded Software

Security

Cryptography

Side-Channel Attacks and Countermeasures

The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures

Connolly, Lena Y., Wall, D.S.

16 June 2020

Yes / Year in and year out the increasing adaptivity of offenders has maintained ransomware's position as a major cybersecurity threat. The cybersecurity industry has responded with a similar degree of adaptiveness, but has focussed more upon technical (science) than ‘non-technical’ (social science) factors. This article explores empirically how organisations and investigators have reacted to the shift in the ransomware landscape from scareware and locker attacks to the almost exclusive use of crypto-ransomware. We outline how, for various reasons, victims and investigators struggle to respond effectively to this form of threat. By drawing upon in-depth interviews with victims and law enforcement officers involved in twenty-six crypto-ransomware attacks between 2014 and 2018 and using an inductive content analysis method, we develop a data-driven taxonomy of crypto-ransomware countermeasures. The findings of the research indicate that responses to crypto-ransomware are made more complex by the nuanced relationship between the technical (malware which encrypts) and the human (social engineering which still instigates most infections) aspects of an attack. As a consequence, there is no simple technological ‘silver bullet’ that will wipe out the crypto-ransomware threat. Rather, a multi-layered approach is needed which consists of socio-technical measures, zealous front-line managers and active support from senior management. / This work was supported by the Engineering and Physical Sciences Research Council and is part of the EMPHASIS (EconoMical, PsycHologicAl and Societal Impact of RanSomware) project [EP/P011721/1].

Crypto-ransomware

Malware

Social engineering

Security countermeasures

Management support

Organisational settings

Cybercrime

Use of simulators for side-channel analysis: Leakage detection and analysis of cryptographic systems in early stages of development

Veshchikov, Nikita

23 August 2017

Cryptography is the foundation of modern IT security,it provides algorithms and protocols that can be usedfor secure communications. Cryptographic algorithmsensure properties such as confidentiality and data integrity.Confidentiality can be ensured using encryption algorithms.Encryption algorithms require a secret information called a key.These algorithms are implemented in cryptographic devices.There exist many types of attacks against such cryptosystems,the main goal of these attacks is the extraction of the secret key.Side-channel attacks are among the strongest types of attacksagainst cryptosystems. Side-channel attacks focus on the attacked device, they measure its physicalproperties in order to extract the secret key. Thus, these attacks targetweaknesses in an implementation of an algorithm rather than the abstract algorithm itself.Power analysis is a type of side-channel attacks that can be used to extract a secretkey from a cryptosystem through the analysis of its power consumption whilethe target device executes an encryption algorithm. We can say that the secret information is leaking from the device through itspower consumption. One of the biggest challenges in the domain of side-channel analysisis the evaluation of a device from the perspective of side-channel attacksor in other words the detection of information leakage.A device can be subject to several sources of information leakageand it is actually relatively easy to find just one side-channel attack that works(by exploiting just one source of leakage),however it is very difficult to find all sources of information leakage or to show that there is no information leakage in the givenimplementation of an encryption algorithm. Evaluators use various statistical tests during the analysis of a cryptographic device to checkthat it does not leak the secret key. However, in order to performsuch tests the evaluation lab needs the device to acquire the measurementsand analyse them. Unfortunately, the development process of cryptographicsystems is rather long and has to go through several stages. Thus, an information leakagethat can lead to a side-channel attackcan be discovered by an evaluation lab at the very last stage using the finalproduct. In such case, the whole process has to be restarted in order to fix the issue,this can lead to significant time and budget overheads. The rationale is that developers of cryptographic systems would like to be able to detect issues related to side-channel analysis during the development of the system,preferably on the early stages of its development. However, it is far from beinga trivial task because the end product is not yet available andthe nature of side-channel attacks is such that it exploits the properties ofthe final version of the cryptographic device that is actually available to the end user. The goal of this work is to show how simulators can be used for the detection of issues related to side-channel analysis during the development of cryptosystems.This work lists the advantages of simulators compared to physical experimentsand suggests a classification of simulators for side-channel analysis.This work presents existing simulators that were created for side-channel analysis,more specifically we show that there is a lack of available simulation toolsand that therefore simulators are rarely used in the domain. We present threenew open-source simulators called Silk, Ascold and Savrasca.These simulators are working at different levels of abstraction,they can be used by developers to perform side-channel analysisof the device during different stages of development of a cryptosystem.We show how Silk can be used during the preliminary analysisand development of cryptographic algorithms using simulations based on high level of abstraction source code. We used it to compare S-boxesas well as to compare shuffling countermeasures against side-channel analysis.Then, we present the tool called Ascold that can be used to find side-channel leakagein implementations with masking countermeasure using the analysis of assembly code of the encryption.Finally, we demonstrate how our simulator called Savrasca can be used to find side-channelleakage using simulations based on compiled executable binaries. We use Savrascato analyse masked implementation of a well-known contest on side-channel analysis (the 4th edition of DPA Contest),as a result we demonstrate that the analysed implementation contains a previouslyundiscovered information leakage. Through this work we alsocompared results of our simulated experiments with real experiments comingfrom implementations on microcontrollers and showed that issues found using our simulatorsare also present in the final product. Overall, this work emphasises that simulatorsare very useful for the detection of side-channel leakages in early stages of developmentof cryptographic systems. / Option Informatique du Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Informatique mathématique

Technologie informatique hardware

Informatique appliquée logiciel

Analyse de systèmes informatiques

Technologie de la sécurité

cryptography

cryptanalysis

encryption

side-channel analysis

shuffling countermeasures

masking countermeasures

simulations

automated tools

side-channel attacks

Obstructive sleep apnoea and daytime driver sleepiness

Filtness, Ashleigh J.

January 2011

Driver sleepiness is known to be a major contributor to road traffic incidents (RTIs). An initial literature review identified many studies reporting untreated obstructive sleep apnoea (OSA) sufferers as having impaired driving performance and increased RTI risk. It is consistently reported that treatment with continuous positive air pressure (CPAP) improves driving performance and decreases RTI risk, although most of these studies are conducted less than one year after starting treatment. UK law allows treated OSA patients to continue driving if their doctor states that treatment has been successful. Despite the wealth of publications surrounding OSA and driving, 6 key areas were identified from the literature review as not fully investigated, the: (i) prevalence of undiagnosed OSA in heavy goods vehicle (HGV) drivers in the UK; (ii) impact of sleep restriction on long term CPAP treated OSA compared with healthy controls; (iii) ability of treated OSA participants to identify sleepiness when driving; (iv) impact of one night CPAP withdrawal on driving performance; (v) individual difference in driving performance of long term CPAP treated OSA participants; (vi) choice of countermeasures to driver sleepiness by two groups susceptible to driver sleepiness, OSA and HGV drivers. Key areas (i) and (vi) were assessed using questionnaires. 148 HGV drivers were surveyed to assess OSA symptoms and preference of countermeasures to driver sleepiness. All participants completing the driving simulator study were also surveyed. 9.5% of HGV drivers were found to have symptoms of suspected undiagnosed OSA. Additionally the OSA risk factors were more prevalent for HGV drivers than reported in national statistics reports for the general population. The most effective countermeasures to driver sleepiness (caffeine and a nap) were not the most popular. Being part of a susceptible group (OSA or HGV driver) and prior experience of driver sleepiness did not promote effective choice of countermeasure. Key areas (ii) to (v) were assessed using a driving simulator. Driving simulators present a safe environment to test participants in a scenario where they may experience sleepiness without endangering other road users.

363.1251

Implantations cryptographiques sécurisées et outils d’aide à la validation des contremesures contre les attaques par canaux cachés

Thuillet, Céline

30 March 2012

Depuis plusieurs années, les composants dédiés à la sécurité comme les cartes à puce sont soumises à des attaques dites par canaux cachés. Ces attaques permettent d'exhiber les secrets en analysant des caractéristiques physiques comme la consommation du composant ou encore son temps d'exécution. Dans le cadre de cette thèse, deux contremesures ont été réalisées et appliquées à l'AES (algorithme de chiffrement symétrique). De plus, afin d'aider les développements futurs des contremesures et la validation de celles-ci, un simulateur a été développé. Il permet de réaliser des attaques grâce à un modèle de consommation défini dans les phases amont de développement. Enfin, j'ai pu participer aux groupes de travail qui ont proposé Shabal à la compétition SHA-3, qui vise à définir un nouveau standard pour les fonctions de hachage. Des implantations matérielles ont été réalisées par la suite. / For several years, the security components such as smart cards are subject to side channel attacks. These attacks allow to exhibit secrets by analyzing the physical characteristics such as power consumption or execution time. As part of this thesis, two countermeasures were carried out and applied to the AES (symmetric cipher). In addition, to help future development of countermeasures and their validation, a simulator was developed. It realizes attacks using a power consumption model defined in the early phases of development. Finally, I participated in working groups that have proposed Shabal to SHA-3 competition, which aims to define a new standard for hash functions. Hardware implementations have been made thereafter.

Attaques par canaux cachés

Fonctions de hachage

Carte à puce

Asic

Protections

Side channel attacks

Smartcards

ASIC

Countermeasures

Symmetric cipher

Hash functions

Stratégies pour sécuriser les processeurs embarqués contre les attaques par canaux auxiliaires / Strategies for Securing Embedded Processors against Side-Channel Attacks

Barthe, Lyonel

10 July 2012

Les attaques par canaux auxiliaires telles que l'analyse différentielle de la consommation de courant (DPA) et l'analyse différentielle des émissions électromagnétiques (DEMA) constituent une menace sérieuse pour la sécurité des systèmes embarqués. L'objet de cette thèse est d'étudier les vulnérabilités des implantations logicielles des algorithmes cryptographiques face à ces attaques pour concevoir un processeur d'un nouveau type. Pour cela, nous commençons par identifier les différents éléments des processeurs embarqués qui peuvent être exploités pour obtenir des informations secrètes. Puis, nous introduisons des stratégies qui privilégient un équilibre entre performance et sécurité pour protéger de telles architectures au niveau transfert de registres (RTL). Nous présentons également la conception et l'implantation d'un processeur sécurisé, le SecretBlaze-SCR. Enfin, nous évaluons l'efficacité des solutions proposées contre les analyses électromagnétiques globales et locales à partir de résultats expérimentaux issus d'un prototype du SecretBlaze-SCR réalisé sur FPGA. A travers cette étude de cas, nous montrons qu'une combinaison appropriée de contre-mesures permet d'accroître significativement la résistance aux analyses par canaux auxiliaires des processeurs tout en préservant des performances satisfaisantes pour les systèmes embarqués. / Side-channel attacks such as differential power analysis (DPA) and differential electromagnetic analysis (DEMA) pose a serious threat to the security of embedded systems. The aim of this thesis is to study the side-channel vulnerabilities of software cryptographic implementations in order to create a new class of processor. For that purpose, we start by identifying the different elements of embedded processors that can be exploited to reveal the secret information. Then, we introduce several strategies that seek a balance between performance and security to protect such architectures at the register transfer level (RTL). We also present the design and implementation details of a secure processor, the SecretBlaze-SCR. Finally, we evaluate the effectiveness of the proposed solutions against global and local electromagnetic analyses from experimental results obtained with a FPGA-based SecretBlaze-SCR. Through this case study, we show that a suitable combination of countermeasures significantly increases the side-channel resistance of processors while maintaining satisfactory performance for embedded systems.

Attaques par Canaux Auxiliaires

Dpa/dema

Processeurs Embarqués

Contre-mesures

SecretBlaze

Side-Channel Attacks

Dpa/dema

Embedded Processors

Countermeasures

SecretBlaze

General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large versus Small Businesses

Schuessler, Joseph H.

05 1900

This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research can be used by practitioners to both assess their current ISS effectiveness as well as to prescriptively target desired levels of ISS effectiveness.

countermeasures

Information systems security

threats

risk assessment

Computer networks -- Security measures.

Computer security.

A Study On Risk Assessment Of Scour Vulnerable Bridges

Apaydin, Meric

01 September 2010

Many river bridges fail or are seriously damaged due to excessive local scouring around piers and abutments. To protect a bridge from scour-induced failure, it should be designed properly against excessive scouring and its scour criticality should be checked regularly throughout the service life to take prompt action. The Federal Highway Administration of United States (FHWA) developed a program, HYRISK, as a basis for evaluation of existing scour failure risk of a bridge. It provides implementation of a risk-based model, which is used to calculate the annual risk of scour failure of a bridge or series of bridges in monetary values. A case study is carried out for a bridge crossing Fol Creek in Black Sea Region (close to Vakfikebir), for the illustration of this software. Besides, hydraulic analysis and scour depth computations of the bridge are carried out via HEC-RAS program. Also, a study is carried out to recommend scour countermeasures that can be applied to the aforementioned bridge.

TC Hydraulic Engineering 1-978