Giovanni Agosta scite author profile

We introduce a general framework to automate the application of countermeasures against Differential Power Attacks aimed at software implementations of cryptographic primitives. The approach enables the generation of multiple versions of the code, to prevent an attacker from recognizing the exact point in time where the observed operation is executed and how such operation is performed. The strategy increases the effort needed to retrieve the secret key through hindering the formulation of a correct hypothetical consumption to be correlated with the power measurements. The experimental evaluation shows how a DPA attack against OpenSSL AES implementation on an industrial grade ARM-based SoC is hindered with limited performance overhead.

show abstract

The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks

Agosta

Barenghi

Pelosi

et al. 2015

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

We propose an efficient and effective methods to secure software implementations of cryptographic primitives on low-end embedded systems, against passive side channel attacks relying on the observation of power consumption or electro-magnetic emissions. The proposed approach exploits a modified LLVM compiler toolchain to automatically generate a secure binary characterized by a randomized execution flow. We improve the current state-of-the-art in dynamic executable code countermeasures removing the requirement of a writable code segment, and reducing the countermeasure overhead. Also, we provide a new method to refresh the random values employed in the share splitting approaches to lookup table protection. Finally, we devise an automated approach to protect spill actions onto the main memory, which are inserted by the compiler backend register allocator when there is a lack of available registers, thus, removing the need for manual assembly inspection. We report a validation of the performances of our approach on all the current ISO-standard block ciphers, employing an ARM Cortex-M4 based microcontroller as the validation platform.

show abstract

Compiler-based side channel vulnerability analysis and optimized countermeasures application

Agosta

Barenghi

Maggi

et al. 2013

View full text Add to dashboard Cite

Modern embedded systems manage sensitive data increasingly often through cryptographic primitives. In this context, side-channel attacks, such as power analysis, represent a concrete threat, regardless of the mathematical strength of a cipher. Evaluating the resistance against power analysis of cryptographic implementations and preventing it, are tasks usually ascribed to the expertise of the system designer. This paper introduces a new security-oriented data-flow analysis assessing the vulnerability level of a cipher with bit-level accuracy. A general and extensible compiler-based tool was implemented to assess the instruction resistance against power-based side-channels. The tool automatically instantiates the essential masking countermeasures, yielding a ×2.5 performance speedup w.r.t. protecting the entire code.

show abstract

rev.ng: a unified binary analysis framework to recover CFGs and function boundaries

Federico

Payer

Agosta

2017

View full text Add to dashboard Cite

Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy programs. Most forms of binary analysis rely on the availability of two key pieces of information: the program's control-flow graph and function boundaries. However, current tools struggle to provide accurate and precise results, in particular when dealing with handwritten assembly functions and non-trivial control-flow transfer instructions, such as tail calls. In addition, most of the existing solutions are ad-hoc, rely on handcoded heuristics, and are tied to a specific architecture. In this paper we highlight the challenges faced by an architecture agnostic static binary analysis framework to provide accurate information about a program's CFG and function boundaries without employing debugging information or symbols. We propose a set of analyses to address predicate instructions, noreturn functions, tail calls, and context-dependent CFG. REV.NG, our binary analysis framework based on QEMU and LLVM, handles all the 17 architectures supported by QEMU and produces a compilable LLVM IR. We implement our described analyses on top of LLVM IR. In an extensive evaluation, we test our tool on binaries compiled for MIPS, ARM, and x86-64 using GCC and clang and compare them to the industry's state of the art tool, IDA Pro, and two well-known academic tools, BAP/ByteWeight and angr. In all cases, the quality of the CFG and function boundaries produced by REV.NG is comparable to or improves over the alternatives.

show abstract

Design of a parallel AES for graphics hardware using the CUDA framework

Biagio

Barenghi

Agosta

et al. 2009

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Giovanni Agosta

A code morphing methodology to automate power analysis countermeasures

The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks

Compiler-based side channel vulnerability analysis and optimized countermeasures application

rev.ng: a unified binary analysis framework to recover CFGs and function boundaries

Design of a parallel AES for graphics hardware using the CUDA framework

Contact Info

Product

Resources

About