880 research outputs found
Power Side Channels in Security ICs: Hardware Countermeasures
Power side-channel attacks are a very effective cryptanalysis technique that
can infer secret keys of security ICs by monitoring the power consumption.
Since the emergence of practical attacks in the late 90s, they have been a
major threat to many cryptographic-equipped devices including smart cards,
encrypted FPGA designs, and mobile phones. Designers and manufacturers of
cryptographic devices have in response developed various countermeasures for
protection. Attacking methods have also evolved to counteract resistant
implementations. This paper reviews foundational power analysis attack
techniques and examines a variety of hardware design mitigations. The aim is to
highlight exposed vulnerabilities in hardware-based countermeasures for future
more secure implementations
SoK: Design Tools for Side-Channel-Aware Implementations
Side-channel attacks that leak sensitive information through a computing
device's interaction with its physical environment have proven to be a severe
threat to devices' security, particularly when adversaries have unfettered
physical access to the device. Traditional approaches for leakage detection
measure the physical properties of the device. Hence, they cannot be used
during the design process and fail to provide root cause analysis. An
alternative approach that is gaining traction is to automate leakage detection
by modeling the device. The demand to understand the scope, benefits, and
limitations of the proposed tools intensifies with the increase in the number
of proposals.
In this SoK, we classify approaches to automated leakage detection based on
the model's source of truth. We classify the existing tools on two main
parameters: whether the model includes measurements from a concrete device and
the abstraction level of the device specification used for constructing the
model. We survey the proposed tools to determine the current knowledge level
across the domain and identify open problems. In particular, we highlight the
absence of evaluation methodologies and metrics that would compare proposals'
effectiveness from across the domain. We believe that our results help
practitioners who want to use automated leakage detection and researchers
interested in advancing the knowledge and improving automated leakage
detection
LeakyOhm: Secret Bits Extraction using Impedance Analysis
The threats of physical side-channel attacks and their countermeasures have
been widely researched. Most physical side-channel attacks rely on the
unavoidable influence of computation or storage on current consumption or
voltage drop on a chip. Such data-dependent influence can be exploited by, for
instance, power or electromagnetic analysis. In this work, we introduce a novel
non-invasive physical side-channel attack, which exploits the data-dependent
changes in the impedance of the chip. Our attack relies on the fact that the
temporarily stored contents in registers alter the physical characteristics of
the circuit, which results in changes in the die's impedance. To sense such
impedance variations, we deploy a well-known RF/microwave method called
scattering parameter analysis, in which we inject sine wave signals with high
frequencies into the system's power distribution network (PDN) and measure the
echo of the signals. We demonstrate that according to the content bits and
physical location of a register, the reflected signal is modulated differently
at various frequency points enabling the simultaneous and independent probing
of individual registers. Such side-channel leakage challenges the -probing
security model assumption used in masking, which is a prominent side-channel
countermeasure. To validate our claims, we mount non-profiled and profiled
impedance analysis attacks on hardware implementations of unprotected and
high-order masked AES. We show that in the case of the profiled attack, only a
single trace is required to recover the secret key. Finally, we discuss how a
specific class of hiding countermeasures might be effective against impedance
leakage
Enhancing the Performance of Practical Profiling Side-Channel Attacks Using Conditional Generative Adversarial Networks
Recently, many profiling side-channel attacks based on Machine Learning and
Deep Learning have been proposed. Most of them focus on reducing the number of
traces required for successful attacks by optimizing the modeling algorithms.
In previous work, relatively sufficient traces need to be used for training a
model. However, in the practical profiling phase, it is difficult or impossible
to collect sufficient traces due to the constraint of various resources. In
this case, the performance of profiling attacks is inefficient even if proper
modeling algorithms are used. In this paper, the main problem we consider is
how to conduct more efficient profiling attacks when sufficient profiling
traces cannot be obtained. To deal with this problem, we first introduce the
Conditional Generative Adversarial Network (CGAN) in the context of
side-channel attacks. We show that CGAN can generate new traces to enlarge the
size of the profiling set, which improves the performance of profiling attacks.
For both unprotected and protected cryptographic algorithms, we find that CGAN
can effectively learn the leakage of traces collected in their implementations.
We also apply it to different modeling algorithms. In our experiments, the
model constructed with the augmented profiling set can reduce the required
attack traces by more than half, which means the generated traces can provide
useful information as the real traces
Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Although cryptographic algorithms may be mathematically secure, it is often
possible to leak secret information from the implementation of the algorithms.
Timing and power side-channel vulnerabilities are some of the most widely
considered threats to cryptographic algorithm implementations. Timing
vulnerabilities may be easier to detect and exploit, and all high-quality
cryptographic code today should be written in constant-time style. However,
this does not prevent power side-channels from existing. With constant time
code, potential attackers can resort to power side-channel attacks to try
leaking secrets. Detecting potential power side-channel vulnerabilities is a
tedious task, as it requires analyzing code at the assembly level and needs
reasoning about which instructions could be leaking information based on their
operands and their values. To help make the process of detecting potential
power side-channel vulnerabilities easier for cryptographers, this work
presents Pascal: Power Analysis Side Channel Attack Locator, a tool that
introduces novel symbolic register analysis techniques for binary analysis of
constant-time cryptographic algorithms, and verifies locations of potential
power side-channel vulnerabilities with high precision. Pascal is evaluated on
a number of implementations of post-quantum cryptographic algorithms, and it is
able to find dozens of previously reported single-trace power side-channel
vulnerabilities in these algorithms, all in an automated manner
A Review and Comparison of AI Enhanced Side Channel Analysis
Side Channel Analysis (SCA) presents a clear threat to privacy and security
in modern computing systems. The vast majority of communications are secured
through cryptographic algorithms. These algorithms are often provably-secure
from a cryptographical perspective, but their implementation on real hardware
introduces vulnerabilities. Adversaries can exploit these vulnerabilities to
conduct SCA and recover confidential information, such as secret keys or
internal states. The threat of SCA has greatly increased as machine learning,
and in particular deep learning, enhanced attacks become more common. In this
work, we will examine the latest state-of-the-art deep learning techniques for
side channel analysis, the theory behind them, and how they are conducted. Our
focus will be on profiling attacks using deep learning techniques, but we will
also examine some new and emerging methodologies enhanced by deep learning
techniques, such as non-profiled attacks, artificial trace generation, and
others. Finally, different deep learning enhanced SCA schemes attempted against
the ANSSI SCA Database (ASCAD) and their relative performance will be evaluated
and compared. This will lead to new research directions to secure cryptographic
implementations against the latest SCA attacks.Comment: This paper has been accepted by ACM Journal on Emerging Technologies
in Computing Systems (JETC
Exploitation of Unintentional Information Leakage from Integrated Circuits
Unintentional electromagnetic emissions are used to recognize or verify the identity of a unique integrated circuit (IC) based on fabrication process-induced variations in a manner analogous to biometric human identification. The effectiveness of the technique is demonstrated through an extensive empirical study, with results presented indicating correct device identification success rates of greater than 99:5%, and average verification equal error rates (EERs) of less than 0:05% for 40 near-identical devices. The proposed approach is suitable for security applications involving commodity commercial ICs, with substantial cost and scalability advantages over existing approaches. A systematic leakage mapping methodology is also proposed to comprehensively assess the information leakage of arbitrary block cipher implementations, and to quantitatively bound an arbitrary implementation\u27s resistance to the general class of differential side channel analysis techniques. The framework is demonstrated using the well-known Hamming Weight and Hamming Distance leakage models, and approach\u27s effectiveness is demonstrated through the empirical assessment of two typical unprotected implementations of the Advanced Encryption Standard. The assessment results are empirically validated against correlation-based differential power and electromagnetic analysis attacks
Recommended from our members
Efficient Stochastic Methods: Profiled Attacks Beyond 8 Bits
Template attacks and stochastic models are among the most powerful side-channel attacks. However, they can be computationally expensive when processing a large number of samples. Various compression techniques have been used very successfully to reduce the data dimensionality prior to applying template attacks, most notably Principal Component Analysis (PCA) and Fisher’s Linear Discriminant Analysis (LDA). These make the attacks more efficient computationally and help the profiling phase to converge faster. We show how these ideas can also be applied to implement stochastic models more efficiently, and we also show that they can be applied and evaluated even for more than eight unknown data bits at once.This is the author accepted manuscript. The final version is available from Springer via http://dx.doi.org/10.1007/978-3-319-16763-3_
Deep Learning based Side Channel Attacks in Practice
A recent line of research has investigated a new profiling technique based on deep learning as an alternative to the well-known template attack.
The advantage of this new profiling approach is twofold: the approximation of the information leakage by a multivariate Gaussian distribution is relaxed (leading to a more generic approach) and the pre-processing phases such as the traces realignment or the selection of the Points of Interest (PoI) are no longer mandatory, in some cases, to succeed the key recovery (leading to a less complex security evaluation roadmap).
The related published works have demonstrated that Deep Learning based Side-Channel Attacks (DL-SCA) are very efficient when targeting cryptographic implementations protected with the common side-channel countermeasures such as masking, jitter and random delays insertion.
In this paper, we assess the efficiency of this new profiling attack under different realistic and practical scenarios.
First, we study the impact of the intrinsic characteristics of the manipulated data-set (\emph{i.e.} distance in time samples between the PoI, the dimensionality of the area of interest and the pre-processing of the data) on the robustness of the attack.
We demonstrate that the deep learning techniques are sensitive to these parameters and we suggest some practical recommendations that can be followed to enhance the profiling and the key recovery phases. Second, we discuss the tolerance of DL-SCA with respect to a deviation from the idealized leakage models and provide a comparison with the well-known stochastic attack. Our results show that DL-SCA are still efficient in such a context.
Then, we target a more complex masking scheme based on Shamir\u27s secret sharing and prove that this new profiling approach is still performing well.
Finally, we conduct a security evaluation of a batch of several combinations of side-channel protections using simulations and real traces captured on the ChipWhisperer board.
The experimental results obtained confirm that DL-SCA are very efficient even when a cryptographic implementation combines several side-channel countermeasures
- …