Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Foundations and Practice of Security

FPS 2016: Foundations and Practice of Security pp 345–360Cite as

Towards Side-Channel Secure Firmware Updates

A Minimalist Anomaly Detection Approach

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Abstract

Side-channel attacks represent a serious threat to the security of encrypted firmware updates: if the secret key is leaked, then the firmware is exposed and can be replaced by malicious code or be stolen. In this work, we show how simple anomaly detection measures can effectively increase the security of encrypted firmware updates at minimum cost. Our method is based on the simple observation that firmware payloads have a specific structure (machine code), which can be easily verified at runtime in order to react to side-channel attacks. This enables performing proactive measures to limit the number of measurements that can be taken when a side-channel attack is detected. We tested the viability of our approach through simulations and verified its effectiveness in practice on a TI MSP430 microcontroller using a software implementation of AES. Our approach represents a step forward towards increasing the security of firmware updates against side-channel attacks: it effectively increases the security of firmware updates, has only negligible overhead in terms of code size and runtime, requires no modification to the underlying cryptographic implementations, and can be used in conjunction with countermeasures such as masking and re-keying to further enhance the side-channel resistance of a device.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. CAESAR: Competition for authenticated encryption: security, applicability, and robustness, July 2012. http://competitions.cr.yp.to/caesar.html. This webpage is maintained by D. J. Bernstein

  2. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 64–81. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16763-3_5

    Google Scholar 

  3. Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y.: Verified proofs of higher-order masking. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 457–485. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_18

    Google Scholar 

  4. Belaïd, S., De Santis, F., Heyszl, J., Mangard, S., Medwed, M., Schmidt, J.-M., Standaert, F.-X., Tillich, S.: Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. J. Cryptographic Eng. 4(3), 157–171 (2014)

    Google Scholar 

  5. Bellissimo, A., Burgess, J., Kevin, F., Secure software updates: disappointments and new challenges. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC 2006, Berkeley, CA, USA, p. 7. USENIX Association (2006)

    Google Scholar 

  6. Bernstein, D.J.: Failures of secret-key cryptography. In: Invited Talk at FSE 2013 (20th International Workshop on Fast Software Encryption), Singapore (2013)

    Google Scholar 

  7. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)

    Article  Google Scholar 

  8. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). doi:10.1007/3-540-48059-5_25

    Chapter  Google Scholar 

  9. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)

    Article  Google Scholar 

  10. Golić, J.D., Tymen, C.: Multiplicative masking and power analysis of AES. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_16

    Chapter  Google Scholar 

  11. Guillen, O.M., Brederlow, R., Ledwa, R., Sigl, G.: Risk management in embedded devices using metering applications as example. In: Proceedings of the 9th Workshop on Embedded Systems Security, WESS 2014, pp. 6:1–6:9. ACM, New York (2014)

    Google Scholar 

  12. Texas Instruments Inc.: SLAU367E - MSP430FR59xx Family User’s Guide, August 2014

    Google Scholar 

  13. Texas Instruments Inc., Hall, J.H.: SLAA547A - C Implementation of Cryptographic Algorithms (Rev. A), July 2013

    Google Scholar 

  14. Krieg, A., Grinschgl, J., Steger, C., Weiss, R., Haid, J.: A side channel attack countermeasure using system-on-chip power profile scrambling. In: 2011 IEEE 17th International On-Line Testing Symposium (IOLTS), pp. 222–227. IEEE (2011)

    Google Scholar 

  15. Mangard, S., Oswald, E., Standaert, F.-X.: One for all-all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)

    Article  Google Scholar 

  16. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005). doi:10.1007/11545262_12

    Chapter  Google Scholar 

  17. Medwed, M., Standaert, F.-X., Joux, A.: Towards super-exponential side-channel security with efficient leakage-resilient PRFs. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 193–212. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33027-8_12

    Chapter  Google Scholar 

  18. Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 1–18. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27954-6_1

    Chapter  Google Scholar 

  19. Moradi, A., Poschmann, A.: Lightweight cryptography and DPA countermeasures: a survey. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010. LNCS, vol. 6054, pp. 68–79. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14992-4_7

    Chapter  Google Scholar 

  20. O’Flynn, C., David Chen, Z.: Side channel power analysis of an aes-256 bootloader. In: 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 750–755, May 2015

    Google Scholar 

  21. Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., Chen, H.: Uninvited connections: a study of vulnerable devices on the Internet of Things (IoT). In: 2014 IEEE Joint Intelligence and Security Informatics Conference (JISIC), pp. 232–235, September 2014

    Google Scholar 

  22. Rudell, R.L.: Multiple-valued logic minimization for pla synthesis. Technical report, DTIC Document (1986)

    Google Scholar 

  23. De Santis, F., Rass, S.: On efficient leakage-resilient pseudorandom functions with hard-to-invert leakages. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 127–145. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16295-9_7

    Google Scholar 

  24. Sontrack. Logic Friday (version 1.1.4), November 2012. http://www.sontrak.com/

  25. Tillich, S., Herbst, C.: Attacking state-of-the-art software countermeasures—a case study for AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 228–243. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_15

    Chapter  Google Scholar 

  26. Trichina, E., De Seta, D., Germani, L.: Simplified adaptive multiplicative masking for AES. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 187–197. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_15

    Chapter  Google Scholar 

  27. Veyrat-Charvillon, N., Standaert, F.-X.: Adaptive chosen-message side-channel attacks. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 186–199. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13708-2_12

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their valuable comments and suggestions. This work was partially funded by the German Federal Ministry of Education and Research (BMBF), project SIBASE, grant number 01IS13020A.

Author information

Authors and Affiliations

  1. Technische Universität München EISEC, Munich, Germany

    Oscar M. Guillen, Fabrizio De Santis & Georg Sigl

  2. Fraunhofer Institute AISEC, Munich, Germany

    Georg Sigl

  3. Texas Instruments Deutschland, Freising, Germany

    Ralf Brederlow

Authors
  1. Oscar M. Guillen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabrizio De Santis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ralf Brederlow
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Georg Sigl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oscar M. Guillen .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Guillen, O.M., De Santis, F., Brederlow, R., Sigl, G. (2017). Towards Side-Channel Secure Firmware Updates. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation