ARMISTICE: Microarchitectural Leakage Modeling for Masked Software Formal Verification

Grandmaison, Arnaud de; Heydemann, Karine; Meunier, Quentin

doi:10.1109/tcad.2022.3197507

Cited by 6 publications

(1 citation statement)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As Gigerl et al point out, due to occurring glitches probing the output of the combinatorial forwarding logic, i.e., the output of the multiplexer in Figure 3, could give adversaries access to its inputs and thus to multiple values within the pipeline. Furthermore, Grandmaison et al [dGHM22] report that such a forwarding mechanism also exists for ARM processors.…”

Section: Pipeline Forwarding Effect (Pfe)mentioning

confidence: 99%

Prolead_sw

Zeitschner,

Müller,

Moradi

2023

TCHES

View full text Add to dashboard Cite

A decisive contribution to the all-embracing protection of cryptographic software, especially on embedded devices, is the protection against Side-Channel Analysis (SCA) attacks. Masking countermeasures can usually be integrated into the software during the design phase. In theory, this should provide reliable protection against such physical attacks. However, the correct application of masking is a non-trivial task that often causes even experts to make mistakes. In addition to human-caused errors, micro-architectural Central Processing Unit (CPU) effects can lead even a seemingly theoretically correct implementation to fail to satisfy the desired level of security in practice. This originates from different components of< the underlying CPU which complicates the tracing of leakage back to a particular source and hence avoids making general and device-independent statements about its security.PROLEAD has recently been presented at CHES 2022 and has originally been developed as a simulation-based tool to evaluate masked hardware designs. In this work, we adapt PROLEAD for the evaluation of masked software, and enable the transfer of the already known benefits of PROLEAD into the software world. These include (1) evaluation of larger designs compared to the state of the art, e.g. a full Advanced Encryption Standard (AES) masked implementation, and (2) formal verification under our new generic leakage model for CPUs. Concretely, we formalize leakages, observed across different CPU architectures, into a generic abstraction model that includes all these leakages and is therefore independent of a specific CPU design. Our resulting tool PROLEAD_SW allows to provide a formal statement on the security based on the derived generic model. As a concrete result, using PROLEAD_SW we evaluated the security of several publicly available masked software implementations in our new generic leakage model and reveal multiple vulnerabilities.

show abstract

Section: Pipeline Forwarding Effect (Pfe)mentioning

confidence: 99%

Prolead_sw

Zeitschner,

Müller,

Moradi

2023

TCHES

View full text Add to dashboard Cite

show abstract

Microarchitectural Side-Channel Threats, Weaknesses and Mitigations: A Systematic Mapping Study

2023

View full text Add to dashboard Cite

Over the course of recent years, microarchitectural side-channel attacks emerged as one of the most novel and thought-provoking attacks to exfiltrate information from computing hardware. These attacks leverage the unintended artefacts produced as side-effects to certain architectural design choices and proved difficult to be effectively mitigated without incurring significant performance penalties. In this work, we undertake a systematic mapping study of the academic literature related to the aforementioned attacks. We, in particular, pose four research questions and study 104 primary works to answer those questions. We inquire about the origins of artefacts leading up to exploitable settings of microarchitectural side-channel attacks; the effectiveness of the proposed countermeasures; and the lessons to be learned that would help build secure systems for the future. Furthermore, we propose a classification scheme that would also serve in the future for systematic mapping efforts in this scope.

show abstract