Desenvolvimento de um Sistema de Ataques Side-Channel

Nowadays consumers expect their IoT devices and data to be adequately protected against any vulnerability. As such, the implementation of protection layers should no longer be taken into account once the device is fully developed. The most common method of ensuring the security of the devices is based on the encryption of the communication sent and received by the device. Regardless of the complexity of the algorithm and the theoretical protection against brute force attacks, the attackers have evolved their strategies. Despite the developers’ best efforts to secure and encrypt the device’s communications, there will always be some leakage of information somewhere in the device. Similarly, the attackers have now started to exploit and analyze these leaks in order to successfully break into the so-called secure devices. By its very nature, these leaks of information will always exist, and consequently, the developers should find countermeasures to either confuse the attacker with worthless information or somehow decorrelating the leaked information from the truth. In this context, the work presented in this report presents the development of methods to verify the difficulty of decryption of the different AES 128-bit modes through power analysis, and an application developed to simplify this task for future use. Lastly, the results of the attacks performed on different targets are presented. These include a Raspberry Pi 4 and an Arduino Nano which were not successful due to the overpowering existing noise, and the ChipWhisperer Lite ARM target with 5 different AES 128-bit modes which were successfully attacked, even with countermeasures implemented.Atualmente, os consumidores esperam que os seus dispositivos IoT e respetivos dados sejam adequadamente protegidos contra qualquer vulnerabilidade. Como tal, a implementação de camadas de proteção deverá deixar de ser tido em conta uma vez que o dispositivo esteja completamente desenvolvido. O método mais comum para garantir a segurança dos dispositivos é baseado na encriptação das comunicações do dispositivo. Independentemente da complexidade do algoritmo usado e a proteção teórica contra-ataques por força bruta, os atacantes evoluíram as suas estratégias. Apesar dos melhores esforços dos criadores para proteger e codificar as comunicações do dispositivo, há sempre alguma fuga de informação algures no dispositivo (informação side-channel) em forma de vibrações, flutuações na alimentação do sistema, radiação eletromagnética, etc. Os atacantes já começaram a explorar e analisar estas fugas de modo a invadir com sucesso os dispositivos e devido à sua própria natureza, estas fugas de informação existirão sempre. Consequentemente, os criadores dos sistemas devem desenvolver e implementar contramedidas para confundir o atacante com informação inútil ou de alguma forma descorrelacionar a informação libertada da verdade. Neste contexto, o trabalho apresentado neste relatório apresenta o desenvolvimento de métodos para verificar a dificuldade de descodificação dos diferentes modos AES de 128 bits através da análise da alimentação e uma aplicação desenvolvida para simplificar esta tarefa para utilização futura. Finalmente, são apresentados os resultados dos ataques realizados aos diferentes alvos. Estes incluem um Raspberry Pi 4 e um Arduino Nano os quais não foram bem sucedidos devido ao ruído excessivo existente, e o alvo ARM do ChipWhisperer Lite com 5 diferentes modos AES 128-bit que foram atacados com sucesso, mesmo com contramedidas implementadas

CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem\u27s operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under multiple measurement types and leakage models. The results show that different hardware configurations do impact the amount of information leaked by a device, but none of the tested configurations are able to prevent exploitation

KLEIN: A New Family of Lightweight Block Ciphers

Resource-efficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resource-constrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has advantage in the software performance on legacy sensor platforms, while in the same time its hardware implementation can also be compact

Compound Effects of Clock and Voltage Based Power Side-Channel Countermeasures

The power side-channel attack, which allows an attacker to derive secret information from power traces, continues to be a major vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the highly effective countermeasures incurring large overhead in area and power. In addition, many countermeasures are quite invasive to the design process, requiring modification of the design and therefore additional validation and testing to ensure its accuracy. Less invasive countermeasures that do not require directly modifying the system do exist but often offer less protection. This thesis analyzes two non-invasive countermeasures and examines ways to maximize the protection offered by them while incurring the least amount of overhead. These two countermeasures are called clock phase noise (CPN) and voltage noise (VN), and are placed on the same FPGA as an AES encryption module that we are trying to protect. We test these designs against a highly effective algorithm called correlation power analysis (CPA) and a preprocessing technique called the sliding window attack (SW). We found that the combined effects of the two countermeasures was greater than the impact of either countermeasure when used independently, and published a paper in the 2019 IEEE 30th International Conference on Application-specific Systems, Architectures and Processors (ASAP) on our findings. We found that our best combined countermeasure protected about 76% of the maximum amount of traces that a well-known but invasive competitor, wave dynamic differential logic (WDDL), could with only about 41% of the area and 78% of the power. However, the sliding window attack significantly reduced the amount of protection our combined countermeasure could offer to only 11% of that offered by WDDL. Since then, we updated our methodology and made some adjustments to VN and CPN. Our CPN countermeasure greatly improved, and therefore so did our combined countermeasure, which on average protected up to about 90% of the maximum amount of traces that WDDL could with only about 43% of the area and about 60% of the power. This is remarkable because these results are after the sliding window attack, meaning that our post-proposal countermeasures protect almost as well as WDDL while requiring only about half of the resources

Asynchronous Advanced Encryption Standard Hardware with Random Noise Injection for Improved Side-Channel Attack Resistance

This work presents the design, hardware implementation, and performance analysis of novel asynchronous AES (advanced encryption standard) Key Expander and Round Function, which offer increased side-channel attack (SCA) resistance. These designs are based on a delay-insensitive (DI) logic paradigm known as null convention logic (NCL), which supports useful properties for resisting SCAs including dual-rail encoding, clock-free operation, and monotonic transitions. Potential benefits include reduced and more uniform switching activities and reduced signal-to-noise (SNR) ratio. A novel method to further augment NCL AES hardware with random voltage scaling technique is also presented for additional security. Thereby, the proposed components leak significantly less side-channel information than conventional clocked approaches. To quantitatively verify such improvements, functional verification and WASSO (weighted average simultaneous switching output) analysis have been carried out on both conventional synchronous approach and the proposed NCL based approach using Mentor Graphics ModelSim and Xilinx simulation tools. Hardware implementation has been carried out on both designs exploiting a specified side-channel attack standard evaluation FPGA board, called SASEBO-GII, and the corresponding power waveforms for both designs have been collected. Along with the results of software simulations, we have analyzed the collected waveforms to validate the claims related to benefits of the proposed cryptohardware design approach