Synthesis of Masking Countermeasures against Side Channel Attacks

Eldib, Hassan; Wang, Chao

doi:10.1007/978-3-319-08867-9_8

Cited by 55 publications

(68 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Another related line of research is automatically synthesizing countermeasures [1,7,9,16,25,44,54] as opposed to verifying them. While methods in [1,7,9,44] rely on compiler-like pattern matching, the ones in [16,25,54] use inductive program synthesis based on the SMT approach.…”

Section: Related Workmentioning

confidence: 99%

SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks

Zhang

Gao

Song

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Power side-channel attacks, capable of deducing secret using statistical analysis techniques, have become a serious threat to devices in cyber-physical systems and the Internet of things. Random masking is a widely used countermeasure for removing the statistical dependence between secret data and sidechannel leaks. Although there are techniques for verifying whether software code has been perfectly masked, they are limited in accuracy and scalability. To bridge this gap, we propose a refinement-based method for verifying masking countermeasures. Our method is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers. Indeed, it can be viewed as a gradual refinement of a set of semantic type inference rules for reasoning about distribution types. These rules are kept abstract initially to allow fast deduction, and then made concrete when the abstract version is not able to resolve the verification problem. We have implemented our method in a tool and evaluated it on cryptographic benchmarks including AES and MAC-Keccak. The results show that our method significantly outperforms state-of-the-art techniques in terms of both accuracy and scalability.

show abstract

Section: Related Workmentioning

confidence: 99%

SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks

Zhang

Gao

Song

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, it becomes difficult to determine the effectiveness of this protection against other fault models -and, more largely, of any protections on large code -without the help of formal methods. There are different means to prove (security) properties: model checking [12], SAT [15], SMT [16], taint analysis [17], rewriting rules using modular arithmetic [6], use of a proof assistant like Coq [18], etc. Moro et al have proposed countermeasures and proved their tolerance against an instruction skip using model checking with BDD [12].…”

Section: Related Workmentioning

confidence: 99%

“…have proposed a SAT-based tool to determine which instruction of a Boolean program is sensitive to power-analysis, according to a Hamming weight uni-variate leakage model. Eldib et al later proposed a SMT-based technique to automatically build perfectly masked Boolean programs [16]. Both methods target side channel attacks and are limited to specific assembly codes.…”

Section: Related Workmentioning

confidence: 99%

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Goubet

Heydemann

Encrenaz

et al. 2016

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against faultinjection attacks. By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths. Using the tool we developed, we evaluated the robustness of state-of-theart countermeasures against fault injection attacks. Based on insights gathered from this evaluation, we analyze any remaining weaknesses and propose applications of these countermeasures that are more robust.

show abstract

“…Another recent series of papers use type systems and SMT solvers for verifying whether cryptographic implementations are correctly masked [33,9,17]; in particular, Eldib and Wang [16] have developed a method for synthesis of masking countermeasures.…”

Section: Related Workmentioning

confidence: 99%

Synthesis of Fault Attacks on Cryptographic Implementations

Barthe

Dupressoir

Fouque

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Abstract. Fault attacks are active attacks in which an adversary with physical access to a cryptographic device, for instance a smartcard, tampers with the execution of an algorithm to retrieve secret material. Since the seminal Bellcore attack on RSA signatures, there has been extensive work to discover new fault attacks against cryptographic schemes, and to develop countermeasures against such attacks. Originally focused on high-level algorithmic descriptions, these works increasingly focus on concrete implementations. While lowering the abstraction level leads to new fault attacks, it also makes their discovery significantly more challenging. In order to face this trend, it is therefore desirable to develop principled, tool-supported approaches that allow a systematic analysis of the security of cryptographic implementations against fault attacks. We propose, implement, and evaluate a new approach for finding fault attacks against cryptographic implementations. Our approach is based on identifying implementation-independent mathematical properties we call fault conditions. We choose them so that it is possible to recover secret data purely by computing on sufficiently many data points that satisfy a fault condition. Fault conditions capture the essence of a large number of attacks from the literature, including lattice-based attacks on RSA. Moreover, they provide a basis for discovering automatically new attacks: using fault conditions, we specify the problem of finding faulted implementations as a program synthesis problem. Using a specialized form of program synthesis, we discover multiple faulted implementations on RSA and ECDSA that realize the fault conditions, and hence lead to fault attacks. Several of the attacks found by our tool are new, and of independent interest.

show abstract

Synthesis of Masking Countermeasures against Side Channel Attacks

Cited by 55 publications

References 32 publications

SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks

SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Synthesis of Fault Attacks on Cryptographic Implementations

Contact Info

Product

Resources

About