Success through confidence: Evaluating the effectiveness of a side-channel attack

Side-channel attacks usually apply a divide-and-conquer strategy, separately recovering different parts of the secret. Their efficiency in practice relies on the adversary ability to precisely assess the success or unsucces of each of these recoveries. This makes the study of the attack success rate a central problem in side-channel analysis. In tis paper we tackle this issue in two different settings for the most popular attack, namely the Correlation Power Analysis (CPA). In the first setting, we assume that the targeted subkey is known and we compare the state of the art formulae expressing the success rate as a function of the leakage noise and the algebraic properties of the cryptographic primitive. We also make the link between these formulae and the recent work of Fei et al. at CHES 2012. In the second setting, the subkey is no longer assumed to be known and we introduce the notion of confidence level in an attack result, allowing for the study of different heuristics. Through experiments, we show that the rank evolution of a subkey hypothesis can be exploited to compute a better confidence than considering only the final result

Unlimited Results: Breaking Firmware Encryption of ESP32-V3

Because of the rapid growth of Internet of Things (IoT), embedded systems have become an interesting target for experienced attackers. ESP32~\cite{tech-ref-man} is a low-cost and low-power system on chip (SoC) series created by Espressif Systems. The firmware extraction of such embedded systems is a real threat to the manufacturer as it breaks its intellectual property and raises the risk of creating equivalent systems with less effort and resources. In 2019, LimitedResults~\cite{LimitedResultsPown} published power glitch attacks which resulted in dumping secure boot and flash encryption keys stored in the eFuses of ESP32. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is an updated SoC revision. This new version is hardened against fault injection attacks in hardware and software as announced by Espressif~\cite{ESPpatch}. In this paper, we present for the first time a deep hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key stored in the eFuses. This evaluation includes Fault Injection (FI) and Side-Channel (SC) attacks. First, we use Electromagnetic FI (EMFI) in order to show that ESP32-V3 doesn\u27t resist EMFI. However, by experimental results, we show that this version contains a revised bootloader compared to ESP32-V1, which hardens dumping the eFuse keys by FI. Second, we perform a full SC analysis on the AES accelerator of ESP32-V3. We show that an attacker with a physical access to the device can extract all the keys of the hardware AES-256 after collecting 60K power measurements during the execution of the AES block. Third, we present another SC analysis for the firmware decryption mechanism, by targeting the decryption operation during the power up. Using this knowledge, we demonstrate that the full 256-bit AES firmware encryption key, which is stored in the eFuses, can be recovered by SC analysis using 300K power measurements. Finally, we apply practically the firmware encryption attack on Jade hardware wallet \cite{jade}

How to Estimate the Success Rate of Higher-Order Side-Channel Attacks

The resistance of a cryptographic implementation with regards to side-channel analysis is often quantified by measuring the success rate of a given attack. This approach cannot always be followed in practice, especially when the implementation includes some countermeasures that may render the attack too costly for an evaluation purpose, but not costly enough from a security point of view. An evaluator then faces the issue of estimating the success rate of an attack he cannot mount. The present paper adresses this issue by presenting a methodology to estimate the success rate of higher-order side-channel attacks targeting implementations protected by masking. Specifically, we generalize the approach initially proposed at SAC 2008 in the context of first-order side-channel attacks. The principle is to approximate the distribution of an attack\u27s score vector by a multivariate Gaussian distribution, whose parameters are derived by profiling the leakage. One can then accurately compute the expected attack success rate with respect to the number of leakage measurements. We apply this methodology to higher-order side-channel attacks based on the widely used correlation and likelihood distinguishers. Moreover, we validate our approach with simulations and practical attack experiments against masked AES implemenations running on two different microcontrollers

Biomechanical simulations of the scoliotic deformation process in the pinealectomized chicken: a preliminary study

<p>Abstract</p> <p>Background</p> <p>The basic mechanisms whereby mechanical factors modulate the metabolism of the growing spine remain poorly understood, especially the role of growth adaptation in spinal disorders like in adolescent idiopathic scoliosis (AIS). This paper presents a finite element model (FEM) that was developed to simulate early stages of scoliotic deformities progression using a pinealectomized chicken as animal model.</p> <p>Methods</p> <p>The FEM includes basic growth and growth modulation created by the muscle force imbalance. The experimental data were used to adapt a FEM previously developed to simulate the scoliosis deformation process in human. The simulations of the spine deformation process are compared with the results of an experimental study including a group of pinealectomized chickens.</p> <p>Results</p> <p>The comparison of the simulation results of the spine deformation process (Cobb angle of 37°) is in agreement with experimental scoliotic deformities of two representative cases (Cobb angle of 41° and 30°). For the vertebral wedging, a good agreement is also observed between the calculated (28°) and the observed (25° – 30°) values.</p> <p>Conclusion</p> <p>The proposed biomechanical model presents a novel approach to realistically simulate the scoliotic deformation process in pinealectomized chickens and investigate different parameters influencing the progression of scoliosis.</p

Territoire et gouvernance face au Brexit : la gestion multiscalaire du Brexit comme témoin du new public management

International audienceThe new public management territorial policies, by enhancing the French regions responsibilities without transferring enough means to manage them, weakens the local authorities and makes it hard to produce resilient strategies. In order to manage the Brexit which destabilises the territories and networks, actors have to define a strategy to manage the risk and seize the opportunities, although they are restrained by the (in)efficiency of their administration. This paper tries to highlight this process of strategy construction to manage the Brexit while underlining the restrains from the states territorial policies, by comparing the actions and the discourses of actors from the Normandie and Île-de-France regions. We suggest some explanatory tracks about the management differences between the two regions by a crossed neo-institutionalist approach and blame theory.La politique territoriale du nouveau management public, en renforçant les compétences des régions sans leur transférer une marge de manœuvre suffisante, fragilise les pouvoir locaux et rend complexe l’élaboration de stratégies résilientes. Face au Brexit qui bouleverse les territoires et réseaux, les acteurs doivent élaborer des stratégies pour prévenir les risques et bénéficier des opportunités, mais sont limités par leurs capacités administratives. Cette communication cherche à mettre en évidence ce processus de construction stratégique en réponse au Brexit tout en soulignant les contraintes apportées par les politiques territoriales étatiques par une comparaison entre les actions et discours des acteurs normands et franciliens. Elle propose des pistes explicatives quant aux différences de gestion par une approche néoinstitutionnaliste croisée et la théorie du blâme

Contre-mesures aux attaques par canaux cachés et calcul multi-parti sécurisé

Cryptosystems are present in a lot of everyday life devices, such as smart cards, smartphones, set-topboxes or passports. The security of these devices is threatened by side-channel attacks, where an attacker observes their physical behavior to learn information about the manipulated secrets. The evaluation of the resilience of products against such attacks is mandatory to ensure the robustness of the embedded cryptography. In this thesis, we exhibit a methodology to efficiently evaluate the success rate of side-channel attacks, without the need to actually perform them. In particular, we build upon a paper written by Rivainin 2009, and exhibit explicit formulaes allowing to accurately compute the success rate of high-order side-channel attacks. We compare this theoretical approach against practical experiments. This approach allows for a quick assessment of the probability of success of any attack based on an additive distinguisher. We then tackle the issue of countermeasures against side- channel attacks. To the best of our knowledge, we study for the first time since the seminal paper of Ishai, Sahai and Wagner in 2003 the issue of the amount of randomness in those countermeasures. We improve the state of the art constructions and show several constructions and bounds on the number of random bits needed to securely perform the multiplication of two bits. We provide specific constructions for practical orders of masking, and prove their security and optimality. Finally, we propose a protocolallowing for the private computation of a secure veto among an arbitrary large number of players, while using a constant number of random bits. Our construction also allows for the secure multiplication of any number of elements of a finite field.Les cryptosystèmes sont présents dans de nombreux appareils utilisés dans la vie courante, tels que les cartes à puces, ordiphones, ou passeports. La sécurité de ces appareils est menacée par les attaques par canaux auxiliaires, où un attaquant observe leur comportement physique pour obtenir de l’information sur les secrets manipulés. L’évaluation de la résilience de ces produits contre de telles attaques est obligatoire afin de s’assurer la robustesse de la cryptographie embarquée. Dans cette thèse, nous exhibons une méthodologie pour évaluer efficacement le taux de succès d’attaques par canaux auxiliaires, sans avoirbesoin de les réaliser en pratique. En particulier, nous étendons les résultats obtenus par Rivain en 2009, et nous exhibons des formules permettant de calculer précisément le taux de succès d’attaques d’ordre supérieur. Cette approche permet une estimation rapide de la probabilité de succès de telles attaques. Puis, nous étudions pour la première fois depuis le papier séminal de Ishai, Sahai et Wagner en 2003 le problème de la quantité d’aléa nécessaire dans la réalisation sécurisée d’une multiplication de deux bits. Nous fournissons des constructions explicites pour des ordres pratiques de masquage, et prouvons leur sécurité et optimalité. Finalement, nous proposons un protocole permettant le calcul sécurisé d’un veto parmi un nombre de joueurs arbitrairement grand, tout en maintenant un nombre constant de bits aléatoires. Notre construction permet également la multiplication sécurisée de n’importe quel nombre d’éléments d’un corps fini

Countermeasures to side-channel attacks and secure multi-party computation

Les cryptosystèmes sont présents dans de nombreux appareils utilisés dans la vie courante, tels que les cartes à puces, ordiphones, ou passeports. La sécurité de ces appareils est menacée par les attaques par canaux auxiliaires, où un attaquant observe leur comportement physique pour obtenir de l’information sur les secrets manipulés. L’évaluation de la résilience de ces produits contre de telles attaques est obligatoire afin de s’assurer la robustesse de la cryptographie embarquée. Dans cette thèse, nous exhibons une méthodologie pour évaluer efficacement le taux de succès d’attaques par canaux auxiliaires, sans avoirbesoin de les réaliser en pratique. En particulier, nous étendons les résultats obtenus par Rivain en 2009, et nous exhibons des formules permettant de calculer précisément le taux de succès d’attaques d’ordre supérieur. Cette approche permet une estimation rapide de la probabilité de succès de telles attaques. Puis, nous étudions pour la première fois depuis le papier séminal de Ishai, Sahai et Wagner en 2003 le problème de la quantité d’aléa nécessaire dans la réalisation sécurisée d’une multiplication de deux bits. Nous fournissons des constructions explicites pour des ordres pratiques de masquage, et prouvons leur sécurité et optimalité. Finalement, nous proposons un protocole permettant le calcul sécurisé d’un veto parmi un nombre de joueurs arbitrairement grand, tout en maintenant un nombre constant de bits aléatoires. Notre construction permet également la multiplication sécurisée de n’importe quel nombre d’éléments d’un corps fini.Cryptosystems are present in a lot of everyday life devices, such as smart cards, smartphones, set-topboxes or passports. The security of these devices is threatened by side-channel attacks, where an attacker observes their physical behavior to learn information about the manipulated secrets. The evaluation of the resilience of products against such attacks is mandatory to ensure the robustness of the embedded cryptography. In this thesis, we exhibit a methodology to efficiently evaluate the success rate of side-channel attacks, without the need to actually perform them. In particular, we build upon a paper written by Rivainin 2009, and exhibit explicit formulaes allowing to accurately compute the success rate of high-order side-channel attacks. We compare this theoretical approach against practical experiments. This approach allows for a quick assessment of the probability of success of any attack based on an additive distinguisher. We then tackle the issue of countermeasures against side- channel attacks. To the best of our knowledge, we study for the first time since the seminal paper of Ishai, Sahai and Wagner in 2003 the issue of the amount of randomness in those countermeasures. We improve the state of the art constructions and show several constructions and bounds on the number of random bits needed to securely perform the multiplication of two bits. We provide specific constructions for practical orders of masking, and prove their security and optimality. Finally, we propose a protocolallowing for the private computation of a secure veto among an arbitrary large number of players, while using a constant number of random bits. Our construction also allows for the secure multiplication of any number of elements of a finite field

Territoire et gouvernance face au Brexit : la gestion multiscalaire du Brexit comme témoin du new public management

International audienceThe new public management territorial policies, by enhancing the French regions responsibilities without transferring enough means to manage them, weakens the local authorities and makes it hard to produce resilient strategies. In order to manage the Brexit which destabilises the territories and networks, actors have to define a strategy to manage the risk and seize the opportunities, although they are restrained by the (in)efficiency of their administration. This paper tries to highlight this process of strategy construction to manage the Brexit while underlining the restrains from the states territorial policies, by comparing the actions and the discourses of actors from the Normandie and Île-de-France regions. We suggest some explanatory tracks about the management differences between the two regions by a crossed neo-institutionalist approach and blame theory.La politique territoriale du nouveau management public, en renforçant les compétences des régions sans leur transférer une marge de manœuvre suffisante, fragilise les pouvoir locaux et rend complexe l’élaboration de stratégies résilientes. Face au Brexit qui bouleverse les territoires et réseaux, les acteurs doivent élaborer des stratégies pour prévenir les risques et bénéficier des opportunités, mais sont limités par leurs capacités administratives. Cette communication cherche à mettre en évidence ce processus de construction stratégique en réponse au Brexit tout en soulignant les contraintes apportées par les politiques territoriales étatiques par une comparaison entre les actions et discours des acteurs normands et franciliens. Elle propose des pistes explicatives quant aux différences de gestion par une approche néoinstitutionnaliste croisée et la théorie du blâme