Software Protection Against Fault and Side Channel Attacks

Patrick, Conor Persson

09 August 2017

Embedded systems are increasingly ubiquitous. Many of them have security requirements such as smart cards, mobile phones, and internet connected appliances. It can be a challenge to fulfill security requirements due to the constrained nature of embedded devices. This security challenge is worsened by the possibility of implementation attacks. Despite well formulated cryptosystems being used, the underlying hardware can often undermine any security proven on paper. If a secret key is at play, an adversary has a chance of revealing it by simply looking at the power variation. Additionally, an adversary can tamper with an embedded system's environment to get it to skip a security check or generate side channel information. Any adversary with physical access to an embedded system can conduct such implementation attacks. It is the focus of this work to explore different countermeasures against both side channel and fault attacks. A new countermeasure call Intra-instruction Redundancy, based on bit-slicing, or N-bit SIMD processing, is proposed. Another challenge with implementing countermeasures against implementation attacks, is that they need to be able to be combined. Most proposed side channel countermeasures do not prevent fault injection and vice versa. Combining them is non-trivial as demonstrated with a combined implementation attack. / Master of Science

Fault attacks

side channel analysis

countermeasure

Efficient Side-channel Resistant MPC-based Software Implementation of the AES

Fernandez Rubio, Abraham

27 April 2017

Current cryptographic algorithms pose high standards of security yet they are susceptible to side-channel analysis (SCA). When it comes to implementation, the hardness of cryptography dangles on the weak link of side-channel information leakage. The widely adopted AES encryption algorithm, and others, can be easily broken when they are implemented without any resistance to SCA. This work applies state of the art techniques, namely Secret Sharing and Secure Multiparty Computation (SMC), on AES-128 encryption as a countermeasure to those attacks. This embedded C implementation explores multiple time-memory trade-offs for the design of its fundamental components, SMC and field arithmetic, to meet a variety of execution and storage demands. The performance and leakage assessment of this implementation for an ARM based micro-controller demonstrate the capabilities of masking schemes and prove their feasibility on embedded software.

side-channel analysis

multiparty computation

AES

polynomial masking

Hardware Trojan Detection Using Multiple-Parameter Side-Channel Analysis

Du, Dongdong

23 July 2010

No description available.

Electrical Engineering

Engineering

Hardware Trojan

Side-Channel Analysis

Multiple-Parameter.

Partition based Approaches for the Isolation and Detection of Embedded Trojans in ICs

Banga, Mainak

29 September 2008

This thesis aims towards devising a non-destructive testing methodology for ICs fabricated by a third party manufacturer to ensure the integrity of the chip. With the growing trend of outsourcing, the sanity of the final product has emerged to be a prime concern for the end user. This is especially so if the components are to be used in mission-critical applications such as space-exploration, medical diagnosis and treatment, defense equipment such as missiles etc., where a single failure can lead to a disaster. Thus, any extraneous parts (Trojans) that might have been implanted by the third party manufacturer with a malicious intent during the fabrication process must be diagnosed before the component is put to use. The inherent stealthy nature of Trojans makes it difficult to detect them at normal IC outputs. More so, with the restriction that one cannot visually inspect the internals of an IC after it has been manufactured. This obviates the use of side-channel signal(s) that acts like a signature of the IC as a means to assess its internal behavior under operational conditions. In this work, we have selected power as the side-channel signal to characterize the internal behavior of the ICs. We have used two circuit partitioning based approaches for isolating and enhancing the behavioral difference between parts of a genuine IC and one with a sequence detector Trojan in it. Experimental results reveal that these approaches are effective in exposing anomalous behavior between the targeted ICs. This is reflected as difference in power-profiles of the genuine and maligned ICs that is magnified above the process variation ensuring that the discrepancies are observable. / Master of Science

Side-Channel Analysis

Power profile

State-space

Trojans

Advances in the Side-Channel Analysis of Symmetric Cryptography

Taha, Mostafa Mohamed Ibrahim

10 June 2014

Side-Channel Analysis (SCA) is an implementation attack where an adversary exploits unintentional outputs of a cryptographic module to reveal secret information. Unintentional outputs, also called side-channel outputs, include power consumption, electromagnetic radiation, execution time, photonic emissions, acoustic waves and many more. The real threat of SCA lies in the ability to mount attacks over small parts of the key and to aggregate information over many different traces. The cryptographic community acknowledges that SCA can break any security module if the adequate protection is not implemented. In this dissertation, we propose several advances in side-channel attacks and countermeasures. We focus on symmetric cryptographic primitives, namely: block-ciphers and hashing functions. In the first part, we focus on improving side-channel attacks. First, we propose a new method to profile highly parallel cryptographic modules. Profiling, in the context of SCA, characterizes the power consumption of a fully-controlled module to extract power signatures. Then, the power signatures are used to attack a similar module. Parallel designs show excessive algorithmic-noise in the power trace. Hence, we propose a novel attack that takes design parallelism into consideration, which results in a more powerful attack. Also, we propose the first comprehensive SCA of the new secure hashing function mbox{SHA-3}. Although the main application of mbox{SHA-3} is hashing, there are other keyed applications including Message Authentication Codes (MACs), where protection against SCA is required. We study the SCA properties of all the operations involved in mbox{SHA-3}. We also study the effect of changing the key-length on the difficulty of mounting attacks. Indeed, changing the key-length changes the attack methodology. Hence, we propose complete attacks against five different case studies, and propose a systematic algorithm to choose an attack methodology based on the key-length. In the second part, we propose different techniques for protection against SCA. Indeed, the threat of SCA can be mitigated if the secret key changes before every execution. Although many contributions, in the domain of leakage resilient cryptography, tried to achieve this goal, the proposed solutions were inefficient and required very high implementation cost. Hence, we highlight a generic framework for efficient leakage resiliency through lightweight key-updating. Then, we propose two complete solutions for protecting AES modes of operation. One uses a dedicated circuit for key-updating, while the other uses the underlying AES block cipher itself. The first one requires small area (for the additional circuit) but achieves negligible performance overhead. The second one has no area overhead but requires small performance overhead. Also, we address the problem of executing all the applications of hashing functions, e.g. the unkeyed application of regular hashing and the keyed application of generating MACs, on the same core. We observe that, running unkeyed application on an SCA-protected core will involve a huge loss of performance (3x to 4x). Hence, we propose a novel SCA-protected core for hashing. Our core has no overhead in unkeyed applications, and negligible overhead in keyed ones. Our research provides a better understanding of side-channel analysis and supports the cryptographic community with lightweight and efficient countermeasures. / Ph. D.

Side-Channel Analysis

Practical Leakage Resiliency

AES

SHA-3

A Hardware Evaluation of a NIST Lightweight Cryptography Candidate

Coleman, Flora Anne

04 June 2020

The continued expansion of the Internet of Things (IoT) in recent years has introduced a myriad of concerns about its security. There have been numerous examples of IoT devices being attacked, demonstrating the need for integrated security. The vulnerability of data transfers in the IoT can be addressed using cryptographic protocols. However, IoT devices are resource-constrained which makes it difficult for them to support existing standards. To address the need for new, standardized lightweight cryptographic algorithms, the National Institute of Standards and Technology (NIST) began a Lightweight Cryptography Standardization Process. This work analyzes the Sparkle (Schwaemm and Esch) submission to the process from a hardware based perspective. Two baseline implementations are created, along with one implementation designed to be resistant to side channel analysis and an incremental implementation included for analysis purposes. The implementations use the Hardware API for Lightweight Cryptography to facilitate an impartial evaluation. The results indicate that the side channel resistant implementation resists leaking data while consuming approximately three times the area of the unprotected, incremental implementation and experiencing a 27% decrease in throughput. This work examines how all of these implementations perform, and additionally provides analysis of how they compare to other works of a similar nature. / Master of Science / In today's society, interactions with connected, data-sharing devices have become common. For example, devices like "smart" watches, remote access home security systems, and even connected vending machines have been adopted into many people's day to day routines. The Internet of Things (IoT) is the term used to describe networks of these interconnected devices. As the number of these connected devices continues to grow, there is an increased focus on the security of the IoT. Depending on the type of IoT application, a variety of different types of data can be transmitted. One way in which these data transfers can be protected is through the use of cryptographic protocols. The use of cryptography can provide assurances during data transfers. For example, it can prevent an attacker from reading the contents of a sensitive message. There are several well studied cryptographic protocols in use today. However, many of these protocols were intended for use in more traditional computing platforms. IoT devices are typically much smaller in size than traditional computing platforms. This makes it difficult for them to support these well studied protocols. Therefore, there have been efforts to investigate and standardize new lightweight cryptographic protocols which are well suited for smaller IoT devices. This work analyzes several hardware implementations of an algorithm which was proposed as a submission to the National Institute of Standards and Technology (NIST) Lightweight Cryptography Standardization Process. The analysis focuses on metrics which can be used to evaluate its suitability for IoT devices.

Lightweight Cryptography

Side Channel Analysis

Field programmable gate arrays

ARX

Side Channel Leakage Analysis - Detection, Exploitation and Quantification

Ye, Xin

27 January 2015

Nearly twenty years ago the discovery of side channel attacks has warned the world that security is more than just a mathematical problem. Serious considerations need to be placed on the implementation and its physical media. Nowadays the ever-growing ubiquitous computing calls for in-pace development of security solutions. Although the physical security has attracted increasing public attention, side channel security remains as a problem that is far from being completely solved. An important problem is how much expertise is required by a side channel adversary. The essential interest is to explore whether detailed knowledge about implementation and leakage model are indispensable for a successful side channel attack. If such knowledge is not a prerequisite, attacks can be mounted by even inexperienced adversaries. Hence the threat from physical observables may be underestimated. Another urgent problem is how to secure a cryptographic system in the exposure of unavoidable leakage. Although many countermeasures have been developed, their effectiveness pends empirical verification and the side channel security needs to be evaluated systematically. The research in this dissertation focuses on two topics, leakage-model independent side channel analysis and security evaluation, which are described from three perspectives: leakage detection, exploitation and quantification. To free side channel analysis from the complicated procedure of leakage modeling, an observation to observation comparison approach is proposed. Several attacks presented in this work follow this approach. They exhibit efficient leakage detection and exploitation under various leakage models and implementations. More importantly, this achievement no longer relies on or even requires precise leakage modeling. For the security evaluation, a weak maximum likelihood approach is proposed. It provides a quantification of the loss of full key security due to the presence of side channel leakage. A constructive algorithm is developed following this approach. The algorithm can be used by security lab to measure the leakage resilience. It can also be used by a side channel adversary to determine whether limited side channel information suffices the full key recovery at affordable expense.

Side Channel Analysis

Leakage Analysis

Applied Cryptography

Embedded System Security Evaluation

ADVANCED LOW-COST ELECTRO-MAGNETIC AND MACHINE LEARNING SIDE-CHANNEL ATTACKS

Josef A Danial (9520181)

16 December 2020

Side-channel analysis (SCA) is a prominent tool to break mathematically secure cryptographic engines, especially on resource-constrained devices. SCA attacks utilize physical leakage vectors like the power consumption, electromagnetic (EM) radiation, timing, cache hits/misses, that reduce the complexity of determining a secret key drastically, going from 2¹²⁸ for brute force attacks to 2¹² for SCA in the case of AES-128. Additionally, EM SCA attacks can be performed non-invasively without any modifications to the target under attack, unlike power SCA. To develop defenses against EM SCA, designers must evaluate the cryptographic implementations against the most powerful side-channel attacks. In this work, systems and techniques that improve EM side-channel analysis have been explored, making it lower-cost and more accessible to the research community to develop better countermeasures against such attacks. The first chapter of this thesis presents SCNIFFER, a platform to perform efficient end-to-end EM SCA attacks. SCNIFFER introduces leakage localization – an often-overlooked step in EM attacks – into the loop of an attack. Following SCNIFFER, the second chapter presents a practical machine learning (ML) based EM SCA attack on AES-128. This attack addresses issues dealing with low signal-to-noise ratio (SNR) EM measurements, proposing training and pre-processing techniques to perform an efficient profiling attack. In the final chapter, methods for mapping from power to EM measurements, are analyzed, which can enable training a ML model with much lower number of encryption traces. Additionally, SCA evaluation of high-level synthesis (HLS) based cryptographic algorithms is performed, along with the study of futuristic neural encryption techniques.

Computer Engineering

Computer System Security

Hardware Security

Side-channel analysis

Side-channel attacks

Machine Learning

Critical DATAPATH Cells for NCL Asynchronous Circuit Area Reduction

Phillips, Dallas

25 May 2022

No description available.

Electrical Engineering

asynchronous

combinational logic

hybrid circuitry

path conversion

side-channel analysis

null convention logic

Electromagnetic Side-Channel Analysis for Hardware and Software Watermarking

Lakshminarasimhan, Ashwin

01 January 2011

With more and more ICs being used in sectors requiring confidentiality and integrity like payment systems, military, finance and health, there is a lot of concern in the security and privacy of ICs. The widespread adoption of Intellectual Property (IP) based designs for modern systems like system on chips has reduced the time to market and saved a lot of money for many companies. But this has also opened the gates for problems like product piracy, IP theft and fraud. It is estimated that billions of dollars are lost annually to illegal manufacturing of Integrated Circuits. A possible solution to this problem of IP theft is to insert small circuits which are like unique IDs that only the owner or the registered verifier will know and detect in case of any conflict. The circuits that are inserted are called watermarks and are in some cases kept very small so as to be hidden. In such cases, we would need detection schemes that work well even with very small watermarks. In this work, we use Electro-Magnetic (EM) based side-channels for the detection of watermarks. Since the 90s, Side-channel Analyses have attracted significant attention within the cryptographic community as they are able to obtain secret information from smart cards and ICs. The power side-channel analysis is a very powerful method but EM side-channels are very useful as they will not need a resistor in series to the power supply and just needs passive observation of the EM radiations emanated by the IC. This passive monitoring will be a big advantage in the case of automated watermark detection used by a verifier. In this work, we start with EM side-channel analysis on FPGA for smaller designs. We insert watermarks on a Micro-controller, Smartcard and an FPGA and detect these watermarks using EM side-channel information emanated from the Design under Test. We used environments with different levels of noise interference. We compare the watermarking application using EM side-channels and Power side-channels in these different setups. These watermarks are very small and are hard to attack or remove by an attacker through reverse engineering or side-channel information. Due to the robustness against such attacks and the easy access of EM side-channels when compared to power side-channels, the EM side-channel based watermarks will be a very good solution for the IP theft problem. EM side-channel based watermark detection supports automation which companies of IP cores can make use of. We also extended this work to EM Side-channel Trojans as the concepts are similar

Side-Channel Analysis

Electromagnetic side channel

Trojans

Watermarks

Electrical and Computer Engineering