Skip to main content
Springer Nature Link
Log in

Software Camouflage

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8352))

Included in the following conference series:

  • 877 Accesses

Abstract

Obfuscation is a software technique aimed at protecting high-value programs against reverse-engineering. In embedded devices, it is harder for an attacker to gain access to the program machine code; of course, the program can still be very valuable, as for instance when it consists in a secret algorithm. In this paper, we investigate how obscurity techniques can be used to protect a secret customization of substitution boxes in symmetric ciphers, when the sole information available by the attacker is a side-channel. The approach relies on a combination of a universal evaluation algorithm for vectorial Boolean functions with indistinguishable opcodes that are randomly shuffled. The promoted solution is based on the noting that different logic opcodes, such as AND/OR or AND/XOR, happen to be very close one from each other from a side-channel leakage point of view. Moreover, our solution is very amenable to masking owing to the fact the substitution boxes are computed (combinationally).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This is colloquially known as hardware “camo”; there are many such examples of technologies, such as this patent [12] by IBM and the tens of patents cited by this patent.

  2. 2.

    We notice that the paper [13] also tackles a similar issue, but requires to process simultaneously a decoil value, like in dual-rail with precharge logics [14]. In our software camouflage technique, the opcodes are balanced natively per se, without any deus ex machina support.

  3. 3.

    MODELSIM is a commercial tool, sold by Mentor Graphics, capable of simulating a behavioral event-based HDL codes (e.g. VHDL or Verilog codes).

  4. 4.

    Notice that the storage of the sbox result is one option when computed in ANF, whereas it is inherent (i.e. unavoidable) to the computation with a Look-up-Table.

  5. 5.

    The work by Kim et al. [24] has shown that for some specific problems, e.g. when the sbox has a given structure (which is the case of the AES), minor improvements can be got by computing on half-words, e.g. on nibble instead of bytes. But this result does not negate the noting by Rivain and Prouff that computing masking schemes on larger bitwidths is faster than computing at the bit level.

References

  1. Novak, R.: Side-channel attack on substitution blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003)

    Google Scholar 

  2. Novak, R.: Sign-based differential power analysis. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 203–216. Springer, Heidelberg (2004)

    Google Scholar 

  3. Novak, R.: Side-Channel Based Reverse Engineering of Secret Algorithms. In: Zajc, B. (ed.) Proceedings of the Twelfth International Electrotechnical and Computer Science Conference (ERK 2003), pp. 445–448. Ljubljana, Slovenia, Slovenska sekcija IEEE (2003)

    Google Scholar 

  4. Clavier, Ch.: An improved SCARE cryptanalysis against a secret A3/A8 GSM algorithm. In: McDaniel, P., Gupta, S.K. (eds.) ICISS 2007. LNCS, vol. 4812, pp. 143–155. Springer, Heidelberg (2007)

    Google Scholar 

  5. Daudigny, R., Ledig, H., Muller, F., Valette, F.: SCARE of the DES. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 393–406. Springer, Heidelberg (2005)

    Google Scholar 

  6. Fournigault, M., Liardet, P.-Y., Teglia, Y., Trémeau, A., Robert-Inacio, F.: Reverse engineering of embedded software using syntactic pattern recognition. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 527–536. Springer, Heidelberg (2006)

    Google Scholar 

  7. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)

    Google Scholar 

  8. Amiel, F., Feix, B., Villegas, K.: Power analysis for secret recovering and reverse engineering of public key algorithms. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 110–125. Springer, Heidelberg (2007)

    Google Scholar 

  9. Réal, D., Dubois, V., Guilloux, A.-M., Valette, F., Drissi, M.: SCARE of an unknown hardware feistel implementation. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 218–227. Springer, Heidelberg (2008)

    Google Scholar 

  10. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. http://www.springer.com/ Springer, Heidelberg (2006). ISBN 0-387-30857-1

  11. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)

    Google Scholar 

  12. Hsu, L.L., Joshi, R.V., Kruger, D.W.: Techniques for impeding reverse engineering (2011) IBM. Patent US 7994042 B2

    Google Scholar 

  13. Brier, E., Fortier, Q., Korkikian, R., Magld, K.W., Naccache, D., de Almeida, G.O., Pommellet, A., Ragab, A.H., Vuillemin, J.: Defensive Leakage Camouflage. In: [33], pp. 277–295

    Google Scholar 

  14. Guilley, S., Sauvage, L., Flament, F., Hoogvorst, P., Pacalet, R.: Evaluation of power-constant dual-rail logics counter-measures against DPA with design-time security metrics. IEEE Trans. Comput. 9, 1250–1263 (2010). doi:10.1109/TC.2010.104

    Article  MathSciNet  Google Scholar 

  15. Kessner, D.: Free VHDL 6502 core (2000) http://www.free-ip.com/ is no longer available, but http://web.archive.org/web/20040603222048/ http://www.free-ip.com/6502/index.html is

  16. Schindler, W., Lemke, K., Paar, Ch.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)

    Google Scholar 

  17. Marion, D., Wurcker, A.: Read, Write Signals Reconstruction Using Side Channel Analysis for Reverse Engineering, : COSADE, 2013. Short talk, TELECOM-ParisTech, Paris, France (2013)

    Google Scholar 

  18. Guilley, S., Sauvage, L., Micolod, J., Réal, D., Valette, F.: Defeating any secret cryptography with SCARE attacks. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 273–293. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Prouff, E., Rivain, M.: A generic method for secure SBox implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2008)

    Google Scholar 

  20. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans. Comput. 53, 760–768 (2004)

    Article  Google Scholar 

  21. Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P. (eds.) Chapter of the Monography Boolean Models and Methods in Mathematics, Computer Science, and Engineering. cambridge University Press, Cambridge (2010). http://www.math.univ-paris13.fr/carlet/chap-fcts-Bool-corr.pdf

    Google Scholar 

  23. Bernstein, D.J., Chou, T., Schwabe, P.: McBits: fast constant-time code-based cryptography. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 250–272. Springer, Heidelberg (2013)

    Google Scholar 

  24. Kim, H.S., Hong, S., Lim, J.: A fast and provably secure higher-order masking of AES S-Box. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 95–107. Springer, Heidelberg (2011)

    Google Scholar 

  25. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Paar, C., Koç, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)

    Google Scholar 

  26. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009)

    Google Scholar 

  27. Durvaux, F., Renauld, M., Standaert, F.X., van Oldeneel tot Oldenzeel, L., Veyrat-Charvillon, N.: Efficient removal of random delays from embedded software implementations using hidden markov models. In: [33], pp. 123–140

    Google Scholar 

  28. TELECOM ParisTech SEN research group: DPA Contest (4th edn.) (2013–2014). http://www.DPAcontest.org/v4/

  29. RCIS-AIST, J.: SASEBO (Side-channel Attack Standard Evaluation Board, Akashi Satoh) development board: http://www.risec.aist.go.jp/project/sasebo/ (2013)

  30. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Google Scholar 

  31. Bhasin, S., Danger, J.L., Guilley, S., Najm, Z.: A low-entropy first-degree secure provable masking scheme for resource-constrained devices. In: Proceedings of the Workshop on Embedded Systems Security, WESS ’13. ACM, New York (2013)

    Google Scholar 

  32. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)

    Google Scholar 

  33. Mangard, S. (ed.): CARDIS 2012. LNCS, vol. 7771. Springer, Heidelberg (2013)

    Google Scholar 

Download references

Acknowledgments

Parts of this work have been funded by the MARSHAL+ (Mechanisms Against Reverse-engineering for Secure Hardware and Algorithms) FUI #12 project, co-labellized by competitivity clusters System@tic and SCS.

We also thank the audience from PHISIC ’13 for a positive feedback on this research.

Author information

Authors and Affiliations

  1. TELECOM-ParisTech, COMELEC dpt — UMR CNRS 5141, 39 rue Dareau, 75014, Paris, France

    Sylvain Guilley & Zakaria Najm

  2. Secure-IC S.A.S., 80 avenue des Buttes de Coësmes, 35700, Rennes, France

    Sylvain Guilley & Youssef Souissi

  3. XLIM — UMR CNRS 7252, 123, avenue Albert Thomas, 87060, Limoges Cedex, France

    Damien Marion & Antoine Wurcker

Authors
  1. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Damien Marion
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zakaria Najm
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Youssef Souissi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antoine Wurcker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sylvain Guilley .

Editor information

Editors and Affiliations

  1. Dept. Commun. & Electronique, Télécom ParisTech, Paris, France

    Jean Luc Danger

  2. Concordia Institute for Information Syst Concordia University Research Chair Tier, Concordia University, Montreal, Québec, Canada

    Mourad Debbabi

  3. École des Mines, Nancy, France

    Jean-Yves Marion

  4. RST Department, Rm A105-2, Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  5. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

Algorithms Source Code

Algorithms Source Code

It is shown by Carlet in [22, page 11] that there exists a simple divide-and-conquer butterfly algorithm to compute the ANF from the truth-table (or vice-versa). It is called the “Fast Möbius Transform”. An implementation in python is given in code listing 1.1, for \(n\rightarrow 1\) Boolean functions. As already underlined in Sect. 3.2, the very same code also works for \(n\rightarrow n\) vectorial Boolean functions.

figure a

The application of the code listing 1.1 to \(f=\mathtt{{SubBytes}}\) (array noted S_TT) is given as S_AND in the code listing 1.2. The values in the array S_TT are \(\{f(y), y\in \mathbb {F}_2^8\}\), in this order, whereas the values in the array S_ANF are \(\{a_y, y\in \mathbb {F}_2^8\}\) (recall Eq. (4)). In the same code listing, the function anti_scare_eval applies SubBytes on a byte \(x\), with the formula of Eq. (4). Furthermore, in this code, the \(y\)’s are shuffled (See Sect. 3.3) by a simple XOR with a random byte \(r\).

figure b

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Guilley, S., Marion, D., Najm, Z., Souissi, Y., Wurcker, A. (2014). Software Camouflage. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05302-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05301-1

  • Online ISBN: 978-3-319-05302-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics