Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383899
Xiaodan Xi, Aydin Aysu, M. Orshansky
Side-channel attacks on cryptographic implementations threaten system security via the loss of the secret key. Fresh re-keying techniques aim to mitigate these attacks by regularly updating the key so that the side-channel exposure for each key is minimized. Existing key update schemes generate fresh keys by processing a root key with arithmetic operations which have, unfortunately, been demonstrated to be also vulnerable to side-channel attacks. We propose a novel approach to fresh re-keying that replaces the arithmetic key update function with a strong Physically Unclonable Function (PUF). We show that the security of our scheme hinges on the resilience of the PUF to a power side-channel attack and propose a realization based on a Subthreshold Current Array (SCA) PUF. We show that SCA-PUF is resistant to simple power analysis and that it is resilient to a modeling attack that uses machine learning on the power side-channel. We target an insecure device and secure server encryption scenario for which we provide an efficient and scalable method of PUF enrollment. We finally propose an end-to-end encryption system with the PUF-based fresh re-keying scheme, using a reverse fuzzy extractor construction.
{"title":"Fresh re-keying with strong PUFs: A new approach to side-channel security","authors":"Xiaodan Xi, Aydin Aysu, M. Orshansky","doi":"10.1109/HST.2018.8383899","DOIUrl":"https://doi.org/10.1109/HST.2018.8383899","url":null,"abstract":"Side-channel attacks on cryptographic implementations threaten system security via the loss of the secret key. Fresh re-keying techniques aim to mitigate these attacks by regularly updating the key so that the side-channel exposure for each key is minimized. Existing key update schemes generate fresh keys by processing a root key with arithmetic operations which have, unfortunately, been demonstrated to be also vulnerable to side-channel attacks. We propose a novel approach to fresh re-keying that replaces the arithmetic key update function with a strong Physically Unclonable Function (PUF). We show that the security of our scheme hinges on the resilience of the PUF to a power side-channel attack and propose a realization based on a Subthreshold Current Array (SCA) PUF. We show that SCA-PUF is resistant to simple power analysis and that it is resilient to a modeling attack that uses machine learning on the power side-channel. We target an insecure device and secure server encryption scenario for which we provide an efficient and scalable method of PUF enrollment. We finally propose an end-to-end encryption system with the PUF-based fresh re-keying scheme, using a reverse fuzzy extractor construction.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"32 1","pages":"118-125"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87553011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383919
Goutham Pocklassery, Wenjie Che, F. Saqib, Matthew Areno, J. Plusquellic
Secure boot within an FPGA environment is traditionally implemented using hardwired embedded cryptographic primitives and NVM-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during startup. The power-on process of an FPGA loads an unencrypted bitstream into the programmable logic portion which embeds the self-authenticating PUF architecture. Challenges are applied to the components of the PUF engine both as a means of generating a key and performing self-authentication. Any modifications made to the PUF architecture results in key generation failure, and failure of subsequent stages of the secure boot process. The generated key is used in the second stage of the boot process to decrypt the programmable logic portion of the design as well as components of the software, e.g., Linux operating system and applications, that run on the processor side of the FPGA.
{"title":"Self-authenticating secure boot for FPGAs","authors":"Goutham Pocklassery, Wenjie Che, F. Saqib, Matthew Areno, J. Plusquellic","doi":"10.1109/HST.2018.8383919","DOIUrl":"https://doi.org/10.1109/HST.2018.8383919","url":null,"abstract":"Secure boot within an FPGA environment is traditionally implemented using hardwired embedded cryptographic primitives and NVM-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during startup. The power-on process of an FPGA loads an unencrypted bitstream into the programmable logic portion which embeds the self-authenticating PUF architecture. Challenges are applied to the components of the PUF engine both as a means of generating a key and performing self-authentication. Any modifications made to the PUF architecture results in key generation failure, and failure of subsequent stages of the secure boot process. The generated key is used in the second stage of the boot process to decrypt the programmable logic portion of the design as well as components of the software, e.g., Linux operating system and applications, that run on the processor side of the FPGA.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"65 1","pages":"221-226"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86041654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383921
Hongxiang Gu, M. Potkonjak
Physical Unclonable Functions (PUFs) are known for their unclonability and light-weight design. Recent advancement in technology has significantly compromised the security of PUFs. Machine learning-based attacks have been proven to be able to construct numerical models that predict various types of PUFs with high accuracy with a small set of challenge-response pairs (CRPs). To address the problem, we present a reconfigurable interconnected PUF network (IPN) design that significantly strengthens the security and unclonability of strong PUFs. While the IPN structure itself provides high resilience against modeling attacks, the reconfiguration mechanism remaps the input-output mapping before an attacker could collect sufficient CRPs. Experimental results show that all tested state-of-the-art machine learning attack methods have prediction accuracy of around 50% on a single bit output of a reconfigurable IPN.
{"title":"Securing interconnected PUF network with reconfigurability","authors":"Hongxiang Gu, M. Potkonjak","doi":"10.1109/HST.2018.8383921","DOIUrl":"https://doi.org/10.1109/HST.2018.8383921","url":null,"abstract":"Physical Unclonable Functions (PUFs) are known for their unclonability and light-weight design. Recent advancement in technology has significantly compromised the security of PUFs. Machine learning-based attacks have been proven to be able to construct numerical models that predict various types of PUFs with high accuracy with a small set of challenge-response pairs (CRPs). To address the problem, we present a reconfigurable interconnected PUF network (IPN) design that significantly strengthens the security and unclonability of strong PUFs. While the IPN structure itself provides high resilience against modeling attacks, the reconfiguration mechanism remaps the input-output mapping before an attacker could collect sufficient CRPs. Experimental results show that all tested state-of-the-art machine learning attack methods have prediction accuracy of around 50% on a single bit output of a reconfigurable IPN.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"231-234"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89182325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383915
Adam Duncan, Lei Jiang, M. Swany
This paper introduces a new methodology to generate additional hardware security in commercial off-the-shelf (COTS) system-on-a-chip (SoC) integrated circuits (ICs) that have already been fabricated and packaged. On-chip analog hardware blocks such as analog to digital converters (ADCs), digital to analog converters (DACs) and comparators residing within an SoC are repurposed and connected to one another to generate unique physically unclonable function (PUF) responses. The PUF responses are digitized and processed on-chip to create keys for use in encryption and device authentication activities. Key generation and processing algorithms are presented that minimize the effects of voltage and temperature fluctuations to maximize the repeatability of a key within a device. Experimental results utilizing multiple on-chip analog blocks inside a common COTS microcontroller show reliable key generation with minimal overhead.
{"title":"Repurposing SoC analog circuitry for additional COTS hardware security","authors":"Adam Duncan, Lei Jiang, M. Swany","doi":"10.1109/HST.2018.8383915","DOIUrl":"https://doi.org/10.1109/HST.2018.8383915","url":null,"abstract":"This paper introduces a new methodology to generate additional hardware security in commercial off-the-shelf (COTS) system-on-a-chip (SoC) integrated circuits (ICs) that have already been fabricated and packaged. On-chip analog hardware blocks such as analog to digital converters (ADCs), digital to analog converters (DACs) and comparators residing within an SoC are repurposed and connected to one another to generate unique physically unclonable function (PUF) responses. The PUF responses are digitized and processed on-chip to create keys for use in encryption and device authentication activities. Key generation and processing algorithms are presented that minimize the effects of voltage and temperature fluctuations to maximize the repeatability of a key within a device. Experimental results utilizing multiple on-chip analog blocks inside a common COTS microcontroller show reliable key generation with minimal overhead.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"85 1","pages":"201-204"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84047477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383895
P. Kumari, B. M. S. B. Talukder, S. Sakib, B. Ray, Md. Tauhidur Rahman
Counterfeiting electronic components is a serious problem for the security and reliability of any electronic systems. Use of counterfeit or reused components not only impacts profit but also has a detrimental impact on several critical applications including aerospace, medical, and defense. To worsen the situation the number of counterfeiting components has increased considerably after the introduction of horizontal semiconductor supply chain. In this paper, we will focus on detecting recycled Flash memory, a major target of the counterfeiters because of its presence in the most electronic systems. Failure of the Flash memory in critical applications can have catastrophic effects. Detection of recycled Flash with high confidence i s challenging due to the variability among the different Flash chips caused by process variations. There is very few work on detecting recycled memory chips, and unfortunately, all of them require an extensive database to maintain which is impossible for several electronic systems. In this paper, we propose a new method for detecting fake Flash memory without the need for any prior database. Our method is based on statistical distribution of various Flash timing characteristics such as erase, program and read time on a fresh Flash IC. It has been found that timing characteristics are highly sensitive to memory usage (typically quantified as the program-erase count of a memory block) compared to the process variations. We demonstrate our method by characterizing the block to block timing variation on commercial off the shelf Flash ICs and compared it with the recycled or used one. Our method can identify a recycled IC of minimal usage (∼3.0%) with nearly 100% accuracy without requiring any prior database.
{"title":"Independent detection of recycled flash memory: Challenges and solutions","authors":"P. Kumari, B. M. S. B. Talukder, S. Sakib, B. Ray, Md. Tauhidur Rahman","doi":"10.1109/HST.2018.8383895","DOIUrl":"https://doi.org/10.1109/HST.2018.8383895","url":null,"abstract":"Counterfeiting electronic components is a serious problem for the security and reliability of any electronic systems. Use of counterfeit or reused components not only impacts profit but also has a detrimental impact on several critical applications including aerospace, medical, and defense. To worsen the situation the number of counterfeiting components has increased considerably after the introduction of horizontal semiconductor supply chain. In this paper, we will focus on detecting recycled Flash memory, a major target of the counterfeiters because of its presence in the most electronic systems. Failure of the Flash memory in critical applications can have catastrophic effects. Detection of recycled Flash with high confidence i s challenging due to the variability among the different Flash chips caused by process variations. There is very few work on detecting recycled memory chips, and unfortunately, all of them require an extensive database to maintain which is impossible for several electronic systems. In this paper, we propose a new method for detecting fake Flash memory without the need for any prior database. Our method is based on statistical distribution of various Flash timing characteristics such as erase, program and read time on a fresh Flash IC. It has been found that timing characteristics are highly sensitive to memory usage (typically quantified as the program-erase count of a memory block) compared to the process variations. We demonstrate our method by characterizing the block to block timing variation on commercial off the shelf Flash ICs and compared it with the recycled or used one. Our method can identify a recycled IC of minimal usage (∼3.0%) with nearly 100% accuracy without requiring any prior database.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"34 1","pages":"89-95"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87946198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383888
Robert Specht, Vincent Immler, Florian Unterstein, Johann Heyszl, G. Sigl
Cryptographic implementations typically need to be secured to retain their secrets in the presence of attacks. As a countermeasure to prevent side-channel attacks, threshold implementations are a commonly encountered concept. They resemble a multi-party computation, where the value is split in independent shares and processed separately. In this work, we challenge the underlying security assumption that observing these individually processed values is difficult. We observe leakage by spatially separating the shares on an FPGA using multiple electro-magnetic (EM) probes simultaneously for localized EM analysis. We experimentally verify that the security gain is 238 times less with this method when compared to the power side-channel. In total, we only need 4,300 traces to break a second-order secure implementation. Moreover, such a reduction in protection level is only possible when using multiple probes and applying our attack strategy which is based on state-of-the-art template attacks. This attack can easily be carried out by any attacker at the expense of buying more probes which emphasizes the danger of such attacks.
{"title":"Dividing the threshold: Multi-probe localized EM analysis on threshold implementations","authors":"Robert Specht, Vincent Immler, Florian Unterstein, Johann Heyszl, G. Sigl","doi":"10.1109/HST.2018.8383888","DOIUrl":"https://doi.org/10.1109/HST.2018.8383888","url":null,"abstract":"Cryptographic implementations typically need to be secured to retain their secrets in the presence of attacks. As a countermeasure to prevent side-channel attacks, threshold implementations are a commonly encountered concept. They resemble a multi-party computation, where the value is split in independent shares and processed separately. In this work, we challenge the underlying security assumption that observing these individually processed values is difficult. We observe leakage by spatially separating the shares on an FPGA using multiple electro-magnetic (EM) probes simultaneously for localized EM analysis. We experimentally verify that the security gain is 238 times less with this method when compared to the power side-channel. In total, we only need 4,300 traces to break a second-order secure implementation. Moreover, such a reduction in protection level is only possible when using multiple probes and applying our attack strategy which is based on state-of-the-art template attacks. This attack can easily be carried out by any attacker at the expense of buying more probes which emphasizes the danger of such attacks.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"15 1","pages":"33-40"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78350682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383912
Hongyu Fang, Sai Santosh Dayapule, Fan Yao, M. Doroslovački, Guru Venkataramani
Cache timing channels are a form of information leakage that operate through modulating cache access latencies and ultimately exfiltrate sensitive user information to adversaries. Among the many forms of timing channels, covert channels are particularly dangerous as they involve two insider processes (trojan and spy) colluding with each other to send out sensitive information, and are often difficult to detect or prevent. In this paper, we propose Prefetch-guard, an efficient and low-cost mitigation mechanism against cache-based timing channels. Prefetch-guard leverages hardware prefetchers to obfuscate the effect of timing modulation intentionally created by the trojan and spy. Our detection mechanism identifies the target cache sets that are being exploited for information leakage, and cache blocks are prefetched to fuzz the pattern of cache misses and hits created to construct timing channel between the trojan and the spy. With prefetch-guard, we observe that the cache timing channels suffer a 53% bit error rate which makes it very hard or impossible for the spy to decipher any useful information.
{"title":"Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels","authors":"Hongyu Fang, Sai Santosh Dayapule, Fan Yao, M. Doroslovački, Guru Venkataramani","doi":"10.1109/HST.2018.8383912","DOIUrl":"https://doi.org/10.1109/HST.2018.8383912","url":null,"abstract":"Cache timing channels are a form of information leakage that operate through modulating cache access latencies and ultimately exfiltrate sensitive user information to adversaries. Among the many forms of timing channels, covert channels are particularly dangerous as they involve two insider processes (trojan and spy) colluding with each other to send out sensitive information, and are often difficult to detect or prevent. In this paper, we propose Prefetch-guard, an efficient and low-cost mitigation mechanism against cache-based timing channels. Prefetch-guard leverages hardware prefetchers to obfuscate the effect of timing modulation intentionally created by the trojan and spy. Our detection mechanism identifies the target cache sets that are being exploited for information leakage, and cache blocks are prefetched to fuzz the pattern of cache misses and hits created to construct timing channel between the trojan and the spy. With prefetch-guard, we observe that the cache timing channels suffer a 53% bit error rate which makes it very hard or impossible for the spy to decipher any useful information.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"14 1","pages":"187-190"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78880903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383893
Michael Tempelmeier, F. D. Santis, G. Sigl, J. Kaps
In 2013 the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) was started. It aims at determining a portfolio of ciphers for authenticated encryption that has advantages over AES-GCM in terms of performance, security, and ease of implementation. This competition, for the first time, provides a standardized hardware API, which allows a fair comparison of hardware implementations. However, the community still lacks a common platform to automatically test hardware implementations, confirm implementation claims, and benchmark performance figures on real hardware in terms of runtime, area, power and energy consumption. In this work, we present a common platform using the CAESAR-API in a Xilinx Zynq-7000 System on Chip (SoC) with ARM processors and an AXI interface. This reflects a typical real world usage scenario for hardware-accelerators and thus extends the work for a fair comparison of hardware implementations in three dimensions: first the API is evaluated on a real SoC, which shows, e.g. the performance of the API. Second, it provides a hardware platform to test the proposed implementations of the candidates easily. This can be used by future designers, as we will provide it as open source hardware. Finally, we ran all published hardware implementations of the current 3rd-round candidates during which we identified several implementation weaknesses, e.g. presumably unintended latches in the design, hence emphasizing the importance of testing hardware proposals on real hardware.
{"title":"The CAESAR-API in the real world — Towards a fair evaluation of hardware CAESAR candidates","authors":"Michael Tempelmeier, F. D. Santis, G. Sigl, J. Kaps","doi":"10.1109/HST.2018.8383893","DOIUrl":"https://doi.org/10.1109/HST.2018.8383893","url":null,"abstract":"In 2013 the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) was started. It aims at determining a portfolio of ciphers for authenticated encryption that has advantages over AES-GCM in terms of performance, security, and ease of implementation. This competition, for the first time, provides a standardized hardware API, which allows a fair comparison of hardware implementations. However, the community still lacks a common platform to automatically test hardware implementations, confirm implementation claims, and benchmark performance figures on real hardware in terms of runtime, area, power and energy consumption. In this work, we present a common platform using the CAESAR-API in a Xilinx Zynq-7000 System on Chip (SoC) with ARM processors and an AXI interface. This reflects a typical real world usage scenario for hardware-accelerators and thus extends the work for a fair comparison of hardware implementations in three dimensions: first the API is evaluated on a real SoC, which shows, e.g. the performance of the API. Second, it provides a hardware platform to test the proposed implementations of the candidates easily. This can be used by future designers, as we will provide it as open source hardware. Finally, we ran all published hardware implementations of the current 3rd-round candidates during which we identified several implementation weaknesses, e.g. presumably unintended latches in the design, hence emphasizing the importance of testing hardware proposals on real hardware.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"67 1","pages":"73-80"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91304168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383891
Y. Yao, Mo Yang, C. Patrick, Bilgiday Yuce, P. Schaumont
Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. We propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis. This attack is practically demonstrated on a RISC-V core for two different masked AES software implementations. We achieve full key recovery using 300 traces and 230 traces for a byte-level masked AES and a bit-sliced masked AES implementation respectively. The proposed attack methodology is independent of the cryptographic kernel. It targets the transfer of random masks into the masked cryptographic algorithm. This paper highlights the vulnerability of random number generation in masked implementations.
{"title":"Fault-assisted side-channel analysis of masked implementations","authors":"Y. Yao, Mo Yang, C. Patrick, Bilgiday Yuce, P. Schaumont","doi":"10.1109/HST.2018.8383891","DOIUrl":"https://doi.org/10.1109/HST.2018.8383891","url":null,"abstract":"Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. We propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis. This attack is practically demonstrated on a RISC-V core for two different masked AES software implementations. We achieve full key recovery using 300 traces and 230 traces for a byte-level masked AES and a bit-sliced masked AES implementation respectively. The proposed attack methodology is independent of the cryptographic kernel. It targets the transfer of random masks into the masked cryptographic algorithm. This paper highlights the vulnerability of random number generation in masked implementations.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"51 1","pages":"57-64"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85243462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383911
Richa Agrawal, R. Vemuri
Finite-state controllers are central to the design of numerous small-scale electronic appliances used in home automation, environment/infrastructure monitoring, health care and emerging safety-critical systems such as drones and self-driven cars. It is estimated that there will be 50 billion small-scale IoT devices by 2020. These devices, however, are extremely vulnerable to side-channel attacks, therefore low-cost, low-power defense methods are highly desirable. This paper presents an effective method for secure state encoding of finite-state machine (FSM) based controllers to defend against power analysis attacks. Given a user-defined graded security metric, we derive constrained state encoding for the FSM controllers to mitigate information leakage through the power side-channel, resulting in low-power designs. Experimental results using over 100 FSMs from BenGen and MCNC benchmark suites show a graded increase in encoding length (40–70% for restructured FSMs) depending on the level of security chosen. The mutual information between power side-channel and both Hamming attack models varies between 0 and 2.
{"title":"On state encoding against power analysis attacks for finite state controllers","authors":"Richa Agrawal, R. Vemuri","doi":"10.1109/HST.2018.8383911","DOIUrl":"https://doi.org/10.1109/HST.2018.8383911","url":null,"abstract":"Finite-state controllers are central to the design of numerous small-scale electronic appliances used in home automation, environment/infrastructure monitoring, health care and emerging safety-critical systems such as drones and self-driven cars. It is estimated that there will be 50 billion small-scale IoT devices by 2020. These devices, however, are extremely vulnerable to side-channel attacks, therefore low-cost, low-power defense methods are highly desirable. This paper presents an effective method for secure state encoding of finite-state machine (FSM) based controllers to defend against power analysis attacks. Given a user-defined graded security metric, we derive constrained state encoding for the FSM controllers to mitigate information leakage through the power side-channel, resulting in low-power designs. Experimental results using over 100 FSMs from BenGen and MCNC benchmark suites show a graded increase in encoding length (40–70% for restructured FSMs) depending on the level of security chosen. The mutual information between power side-channel and both Hamming attack models varies between 0 and 2.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"181-186"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78621665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: