Giovanni Agosta
Alessandro Barenghi
ABSTRACT
A prominent threat to embedded systems security is represented by side-channel attacks: they have proven effective in breaching confidentiality, violating trust guarantees and IP protection schemes. State-of-the-art countermeasures reduce the leaked information to prevent the attacker from retrieving the secret key of the cipher. We propose an alternate defense strategy augmenting the regular information leakage with false targets, quite like chaff countermeasures against radars, hiding the correct secret key among a volley of chaff targets. This in turn feeds the attacker with a large amount of invalid keys, which can be used to trigger an alarm whenever the attack attempts a content forgery using them, thus providing a reactive security measure. We realized a LLVM compiler pass able to automatically apply the proposed countermeasure to software implementations of block ciphers. We provide effectiveness and efficiency results on an AES implementation running on an ARM Cortex-M4 showing performance overheads comparable with state-of-the-art countermeasures.
- G. Agosta, A. Barenghi, M. Maggi, and G. Pelosi. Compiler-based Side Channel Vulnerability Analysis and Optimized Countermeasures Application. In Proc. of 50th DAC, pages 81:1--81:6. ACM, 2013. Google Scholar
Digital Library
- G. Agosta, A. Barenghi, and G. Pelosi. A Code Morphing Methodology to Automate Power Analysis Countermeasures. In Proc. of 49th DAC, pages 77--82, 2012. Google ScholarDigital Library
- G. Agosta, A. Barenghi, G. Pelosi, and M. Scandale. A Multiple Equivalent Execution Trace Approach to Secure Cryptographic Embedded Software. In Proc. of 51st DAC, pages 1--6, 2014. Google ScholarDigital Library
- B. M. Bowen, S. Hershkop, A. D. Keromytis, and S. J. Stolfo. Baiting Inside Attackers Using Decoy Documents. In Proc. of SecureComm '09, pages 51--70, 2009.Google ScholarCross Ref
- J. Coron. Higher order masking of look-up tables. In Proc. EUROCRYPT, pages 441--458, 2014.Google ScholarCross Ref
- T. Eisenbarth et al. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In Proc. of 28th CRYPTO, pages 203--220, 2008. Google ScholarDigital Library
- G. Goodwill, B. Jun, J. Jaffe, and P. Rohatgi. A Testing Methodology for Side-Channel Resistance Validation. In Proc. of NIST Non-Invasive Attack Testing Workshop, 2011.Google Scholar
- J. Heyszl et al. Localized Electromagnetic Analysis of Cryptographic Implementations. In CT-RSA, pages 231--244, 2012. Google ScholarDigital Library
- A. Juels and T. Ristenpart. Honey Encryption: Security Beyond the Brute-Force Bound. In Proc. EUROCRYPT, pages 293--310, 2014.Google ScholarCross Ref
- P. C. Kocher, J. Jaffe, B. Jun, and P. Rohatgi. Introduction to Differential Power Analysis. J. Cryptographic Engineering, 1(1):5--27, 2011.Google ScholarCross Ref
- R. Lumbiarres-Lopez, M. Lopez-Garcia, and E. Canto. Implementation on MicroBlaze of AES Algorithm to Reveal Fake Keys against Side-Channel Attacks. In Proc. of 23rd ISIE, pages 1882--1887, 2014.Google ScholarCross Ref
- S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, 2007. Google Scholar
- A. Moradi, A. Barenghi, T. Kasper, and C. Paar. On the Vulnerability of FPGA Bitstream Encryption against Power Analysis Attacks: Extracting Keys from Xilinx Virtex-II FPGAs. In Proc. of 18th CCS, pages 111--124, 2011. Google ScholarDigital Library
- C. Stoll. Stalking the Wily Hacker. Commun. ACM, 31(5):484--497, 1988. Google ScholarDigital Library
Index Terms
- Information leakage chaff: feeding red herrings to side channel attackers
Recommendations
Attacking State-of-the-Art Software Countermeasures--A Case Study for AES
CHES '08: Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded SystemsIn order to protect software implementations of secret-key cryptographic primitives against side channel attacks, a software developer has only a limited choice of countermeasures. A combination of masking and randomization of operations in time ...
An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks
SERE-C '13: Proceedings of the 2013 IEEE Seventh International Conference on Software Security and Reliability CompanionWe demonstrate that a certain class of side-channel attacks is feasible due to unintentional cache contentions between code segments in cryptographic applications. These inadvertent contentions should be considered as a flaw in the implementation of ...
On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling
ACISP '02: Proceedings of the 7th Australian Conference on Information Security and PrivacyWe show that a randomized addition-subtraction chains countermeasure against side channel attacks is vulnerable to SPA attack, a kind of side channel attack, under distinguishability between addition and doubling. A side channel attackis an attackthat ...
Comments