Abstract
Leakage simulators offer the tantalising promise of easy and quick testing of software with respect to the presence of side channel leakage. The quality of their build in leakage models is therefore crucial, this includes the faithful inclusion of micro-architectural leakage. Micro-architectural leakage is a reality even on low- to mid-range commercial processors, such as the ARM Cortex M series. Dealing with it seems initially infeasible in a “grey box” setting: how should we describe it if micro-architectural elements are not publicly known?
We demonstrate, for the first time, that it is feasible, using a recent leakage modelling technique, to reverse engineer significant elements of the micro-architectural leakage of a commercial processor. Our approach first recovers the micro-architectural leakage of each stage in the pipeline, and the leakage of elements that are known to produce glitches. Using the reverse engineered leakage features we build an enhanced version of the popular leakage simulator ELMO.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ELMO* [3] offers an extension to ELMO that captures some more leakage from the memory subsystem. ELMO offers also such an extension (in the follow-up development), yet both are drawn from experimental guesses. Nevertheless, our focus in this paper still lies in pipelined core, where the entire ELMO family sticks with the original ELMO model [1].
- 2.
If it is the other way around, what we learned is a “mirrored specification”, which will be remedied by a mirrored leakage model later.
- 3.
In theory, it is also possible that the interaction is caused by glitches, or physical defaults such as coupling [17]. In our experiments, we find the magnitude of wire transition leakage is usually larger than the other options, which makes it possible to make a distinction.
- 4.
Available in their code repository, not in the paper.
- 5.
One recent white-box tool, Coco [18]), takes a conservative approach: if we have MUX(s, a, b) (where s is the selecting signal), they simply allow any possible leakage by considering \(a\otimes b \otimes s\).
- 6.
The ELMO* [3] extension does not find any additional leakage.
- 7.
Our implementation only uses LSB to compute the bit-sliced S-box; therefore the measured trace has been averaged 50 times before analysis, in order the increase the SNR.
- 8.
MAPS needs the command line argument “-p” to calculate the pipeline registers’ leakage.
References
McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering: ‘grey box’ modelling for instruction leakages. In: 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 199–216. USENIX Association (2017)
Le Corre, Y., Großschädl, J., Dinu, D.: Micro-architectural power simulator for leakage assessment of cryptographic software on ARM Cortex-M3 processors. In: Fan, J., Gierlichs, B. (eds.) COSADE 2018. LNCS, vol. 10815, pp. 82–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_5
Shelton, M.A., Samwel, N., Batina, L., Regazzoni, F., Wagner, M., Yarom, Y.: ROSITA: towards automatic elimination of power-analysis leakage in ciphers. CoRR abs/1912.05183 (2019)
Buhan, I., Batina, L., Yarom, Y., Schaumont, P.: SoK: design tools for side-channel-aware implementations (2021). https://arxiv.org/abs/2104.08593
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_27
McCann, D.: ELMO (2017). https://github.com/bristol-sca/ELMO
Clavier, C.: Side channel analysis for reverse engineering (SCARE) - an improved attack against a secret A3/A8 GSM algorithm. IACR Cryptology ePrint Archive 2004/49 (2004)
Goldack, M.: Side-channel based reverse engineering for microcontrollers (2008)
Wang, X., Narasimhan, S., Krishna, A., Bhunia, S.: SCARE: side-channel analysis based reverse engineering for post-silicon validation. In: 2012 25th International Conference on VLSI Design, pp. 304–309 (2012)
Oswald, D., Strobel, D., Schellenberg, F., Kasper, T., Paar, C.: When reverse-engineering meets side-channel analysis – digital lockpicking in practice. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 571–588. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_29
Gao, S., Oswald, E.: A novel completeness test and its application to side channel attacks and simulators. IACR Cryptology ePrint Archive (2021). https://eprint.iacr.org/2021/756
Gao, S., Marshall, B., Page, D., Oswald, E.: Share-slicing: friend or foe? IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 152–174 (2019)
Marshall, B., Page, D., Webb, J.: MIRACLE: MIcRo-ArChitectural leakage evaluation. IACR Cryptology ePrint Archive (2021). https://eprint.iacr.org/2021/261
ARM Limited: ARM®v7-M Architecture Reference Manual (2005). https://developer.arm.com/documentation/ddi0337/e
ARM Limited: Thumb® 16-bit Instruction Set Quick Reference Card (2008). https://developer.arm.com/documentation/qrc0006/e
Papagiannopoulos, K., Veshchikov, N.: Mind the gap: towards secure 1st-order masking in software. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 282–297. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_17
De Cnudde, T., Ender, M., Moradi, A.: Hardware masking, revisited. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 123–148 (2018)
Gigerl, B., Hadzic, V., Primas, R., Mangard, S., Bloem, R.: COCO: co-design and co-verification of masked software implementations on CPUs. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11–13 August 2021, pp. 1469–1468. USENIX Association (2021)
De Meyer, L., De Mulder, E., Tunstall, M.: On the effect of the (micro) architecture on the development of side-channel resistant software. IACR Cryptology ePrint Archive 2020/1297 (2020)
ARM Limited: AMBA® APB Protocol (2010). https://developer.arm.com/documentation/ihi0024/c/
Barthe, G., Gourjon, M., Grégoire, B., Orlt, M., Paglialonga, C., Porth, L.: Masking in fine-grained leakage models: construction, implementation and verification. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(2), 189–228 (2021)
Acknowledments
We would like to thank Ben Marshall for his invaluable insights, which guided us through various mazes in our leakage modelling efforts. Si Gao and Elisabeth Oswald were funded in part by the ERC via the grant SEAL (Project Reference 725042). This work has been supported in part by EPSRC via grant EP/R012288/1, under the RISE (http://www.ukrise.org) programme.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Gao, S., Oswald, E., Page, D. (2022). Towards Micro-architectural Leakage Simulators: Reverse Engineering Micro-architectural Leakage Features Is Practical. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13277. Springer, Cham. https://doi.org/10.1007/978-3-031-07082-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-07082-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07081-5
Online ISBN: 978-3-031-07082-2
eBook Packages: Computer ScienceComputer Science (R0)