Generic SCARE: reverse engineering without knowing the algorithm nor the machine

We introduce a novel side-channel-based reverse engineering technique capable of reconstructing a procedure solely from inputs, outputs, and traces of execution. Beyond generic restrictions, we do not assume any prior knowledge of the procedure or the chip it operates on. These restrictions confine our analysis to 8-bit RISC constant-time software implementations. Specifically, we demonstrate the feasibility of reconstructing a symmetric cryptographic cipher, even in scenarios where traces are sampled with information loss and noise, such as when measuring the power consumption of the chip

Inverting the Final exponentiation of Tate pairings on ordinary elliptic curves using faults

The calculation of the Tate pairing on ordinary curves involves two major steps: the Miller Loop (ML) followed by the Final Exponentiation (FE). The first step for achieving a full pairing inversion would be to invert this FE, which in itself is a mathematically difficult problem. To our best knowledge, most fault attack schemes proposed against pairing algorithms have mainly focussed on the ML. They solved, if at all, the inversion of the FE in some special `easy\u27 cases or even showed that the complexity of the FE is an intrinsic countermeasure against a successful full fault attack on the Tate pairing. In this paper, we present a fault attack on the FE whereby the inversion of the final exponentiation becomes feasible using $3$ independent faults

A Template Attack Against VERIFY PIN Algorithms

International audienceThis paper presents the first side channel analysis from electromagnetic emissions on VERIFY PIN algorithms. To enter a PIN code, a user has a limited number of trials. Therefore the main difficulty of the attack is to succeed with very few traces. More precisely, this work implements a template attack and experimentally verifies its success rate. It becomes a new real threat, and it is feasible on a low cost and portable platform. Moreover, this paper shows that some protections for VERIFY PIN algorithms against fault attacks introduce new vulnerabilities with respect to side channel analysis

A Unified Formalism for Physical Attacks

Technical reportThe security of cryptographic algorithms can be considered in two contexts. On the one hand, these algorithms can be proven secure mathematically. On the other hand, physical attacks can weaken the implementation of an algorithm yet proven secure. Under the common name of physical attacks, different attacks are regrouped: side channel attacks and fault injection attacks. This paper presents a common formalism for these attacks and highlights their underlying principles. All physical attacks on symmetric algorithms can be described with a 3-step process. Moreover it is possible to compare different physical attacks, by separating the theoretical attack path and the experimental parts of the attacks

A Systolic Hardware Architectures of Montgomery Modular Multiplication for Public Key Cryptosystems

The arithmetic in a finite field constitutes the core of Public Key Cryptography like RSA, ECC or pairing-based cryptography. This paper discusses an efficient hardware implementation of the Coarsely Integrated Operand Scanning method (CIOS) of Montgomery modular multiplication combined with an effective systolic architecture designed with a Two-dimensional array of Processing Elements. The systolic architecture increases the speed of calculation by combining the concepts of pipelining and the parallel processing into a single concept. We propose the CIOS method for the Montgomery multiplication using a systolic architecture. As far as we know this is the first implementation of such design. The proposed architectures are designed for Field Programmable Gate Array platforms. They targeted to reduce the number of clock cycles of the modular multiplication. The presented implementation results of the CIOS algorithms focuses on different security levels useful in cryptography. This architecture have been designed in order to use the flexible DSP48 on Xilinx FPGAs. Our architecture is scalable and depends only on the number and size of words. For instance, we provide results of implementation for 8, 16, 32 and 64 bit long words in 33, 66, 132 and 264 clock cycles. We highlight the fact that for a given number of word, the number of clock cycles is constant

On the security of pairing implementations

Les couplages sont des algorithmes cryptographiques qui permettent de nouveaux protocoles de cryptographie à clé publique. Après une décennie de recherches sur des implémentations efficaces, ce qui permet maintenant d’exécuter un couplage en un temps raisonnable, nous nous sommes concentrés sur la sécurité de ces mêmes implémentations.Pour cela nous avons évalué la résistance des algorithmes de couplage contre les attaques en faute. Nous avons envoyé des impulsions électromagnétiques sur la puce calculant le couplage à des moments choisis. Cela nous a permis de remonter au secret cryptographique qu’est censé protéger l’algorithme de couplage. Cette étude fut à la fois théorique et pratique avec la mise en œuvre d’attaques en faute. Finalement, des contremesures ont été proposées pour pouvoir protéger l’algorithme dans le futurPairings are cryptographic algorithms allowing new protocols for public-key cryptography. After a decade of research which led to a dramatic improvement of the computation speed of pairings, we focused on the security of pairing implementations.For that purpose, we evaluated the resistance to fault attacks. We have sent electromagnetic pulses in the chip computing a pairing at a precise instant. It allowed us to recover the cryptographic secret which should be protected in the computation. Our study was both theoretical and practical; we did implement actual fault attacks. Finally, we proposed countermeasures in order to protect the algorithm in the futur

Etude de la sécurité des implémentations de couplage

Pairings are cryptographic algorithms allowing new protocols for public-key cryptography. After a decade of research which led to a dramatic improvement of the computation speed of pairings, we focused on the security of pairing implementations.For that purpose, we evaluated the resistance to fault attacks. We have sent electromagnetic pulses in the chip computing a pairing at a precise instant. It allowed us to recover the cryptographic secret which should be protected in the computation. Our study was both theoretical and practical; we did implement actual fault attacks. Finally, we proposed countermeasures in order to protect the algorithm in the futureLes couplages sont des algorithmes cryptographiques qui permettent de nouveaux protocoles de cryptographie à clé publique. Après une décennie de recherches sur des implémentations efficaces, ce qui permet maintenant d’exécuter un couplage en un temps raisonnable, nous nous sommes concentrés sur la sécurité de ces mêmes implémentations.Pour cela nous avons évalué la résistance des algorithmes de couplage contre les attaques en faute. Nous avons envoyé des impulsions électromagnétiques sur la puce calculant le couplage à des moments choisis. Cela nous a permis de remonter au secret cryptographique qu’est censé protéger l’algorithme de couplage. Cette étude fut à la fois théorique et pratique avec la mise en œuvre d’attaques en faute. Finalement, des contremesures ont été proposées pour pouvoir protéger l’algorithme dans le futu

A case against indirect jumps for secure programs

International audienc

Generic SCARE: reverse engineering without knowing the algorithm nor the machine

International audienceWe introduce a novel side-channel-based reverse engineering technique capable of reconstructing a procedure solely from inputs, outputs, and traces of execution.Beyond generic restrictions, we do not assume any prior knowledge of the procedure or the chip it operates on.These restrictions confine our analysis to 8-bit RISC constant-time software implementations.Specifically we demonstrate with simulated traces the theoretical feasibility of reconstructing a symmetric cryptographic cipher, even in scenarios where traces are sampled with information loss and noise,such as when measuring the power consumption of the chip

Under the dome: preventing hardware timing information leakage

International audienceNumerous timing side-channels attacks have been proposed in the recent years, showing that all shared states inside the microarchitecture are potential threats. Previous works have dealt with this problem by considering those "shared states" separately and not by looking at the system as a whole. In this paper, instead of reconsidering the problematic shared resourcesone by one, we lay out generic guidelines to design complete cores immune to microarchitectural timing information leakage. Two implementations are described using the RISC-V ISA with a simple extension. The cores are evaluated with respect to performances, area and security, with a new open-source benchmark assessing timing leakages. We show that with this "generic" approach, designing secure cores even with complex features such as simultaneous multithreading is possible. We discuss about the trade-o█s that need to be done in that respect regarding the microarchitecture design