Identifying and Eliminating Side-Channel Leaks in Programmable Systems

<italic>Editor’s note:</italic> Side-channels in ICs and systems have been shown to leak sensitive information. This paper shows the various side channels and approaches to mitigating these side channels. <italic>—Ramesh Karri, New York University</italic>

[1]  FRANÇOIS-XAVIER STANDAERT,et al.  An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays , 2006, Proceedings of the IEEE.

[2]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[3]  Vincent Rijmen,et al.  Efficient and First-Order DPA Resistant Implementations of Keccak , 2013, CARDIS.

[4]  François-Xavier Standaert,et al.  Masking vs. multiparty computation: how large is the gap for AES? , 2013, Journal of Cryptographic Engineering.

[5]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[6]  Tanja Lange,et al.  The Security Impact of a New Cryptographic Library , 2012, LATINCRYPT.

[7]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[8]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[9]  Vincent Rijmen,et al.  Does Coupling Affect the Security of Masked Implementations? , 2017, COSADE.

[10]  Pankaj Rohatgi Improved Techniques for Side-Channel Analysis , 2009, Cryptographic Engineering.

[11]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[12]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[13]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[14]  François-Xavier Standaert,et al.  How (not) to Use Welch's T-test in Side-Channel Security Evaluations , 2018, IACR Cryptol. ePrint Arch..

[15]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[16]  William P. Marnane,et al.  All-or-Nothing Transforms as a countermeasure to differential side-channel analysis , 2013, International Journal of Information Security.

[17]  Onur Aciiçmez,et al.  Microarchitectural Attacks and Countermeasures , 2009, Cryptographic Engineering.

[18]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[19]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[20]  Ruby B. Lee,et al.  New models of cache architectures characterizing information leakage from cache side channels , 2014, ACSAC.

[21]  Yao Wang,et al.  A Hardware Design Language for Timing-Sensitive Information-Flow Security , 2015, ASPLOS.

[22]  Chao Wang,et al.  Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[23]  Florian Mendel,et al.  On the Security of Fresh Re-keying to Counteract Side-Channel and Fault Attacks , 2014, IACR Cryptol. ePrint Arch..

[24]  Stefan Mangard,et al.  Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis , 2014, Journal of Cryptographic Engineering.

[25]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[26]  Patrick Schaumont,et al.  Keymill: Side-Channel Resilient Key Generator , 2016, IACR Cryptol. ePrint Arch..

[27]  Stefan Mangard,et al.  Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order , 2016, IACR Cryptol. ePrint Arch..

[28]  Pankaj Rohatgi,et al.  Side-Channel Protections for Cryptographic Instruction Set Extensions , 2016, IACR Cryptol. ePrint Arch..

[29]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[30]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[31]  Jean-Max Dutertre,et al.  A DFA on AES Based on the Entropy of Error Distributions , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[32]  Emmanuel Prouff,et al.  Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols , 2012, Journal of Cryptographic Engineering.

[33]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[34]  Lubos Gaspar,et al.  Combining Leakage-Resilient PRFs and Shuffling - Towards Bounded Security for Small Embedded Devices , 2014, CARDIS.

[35]  Pankaj Rohatgi,et al.  Efficient Side­channel Testing for Public Key Algorithms: Rsa Case Study 2. Introduction , 2011 .

[36]  Chester Rebeiro,et al.  DRECON: DPA Resistant Encryption by Construction , 2014, AFRICACRYPT.

[37]  François-Xavier Standaert,et al.  Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks , 2011, CARDIS.

[38]  Jean-Pierre Seifert,et al.  Simple Photonic Emission Analysis of AES - Photonic Side Channel Analysis for the Rest of Us , 2012, CHES.

[39]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[40]  V. Neelima,et al.  A More Efficient AES Threshold Implementation , 2016 .

[41]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[42]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[43]  Stefan Mangard,et al.  A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[44]  Thomas Eisenbarth,et al.  Simpler, Faster, and More Robust T-Test Based Leakage Detection , 2016, COSADE.

[45]  Pierre-Alain Fouque,et al.  Leakage-Resilient Symmetric Encryption via Re-keying , 2013, CHES.

[46]  Todd M. Austin,et al.  Ozone: Efficient Execution with Zero Timing Leakage for Modern Microarchitectures , 2017, HOST.

[47]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[48]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[49]  Claude Carlet,et al.  Achieving side-channel high-order correlation immunity with leakage squeezing , 2013, Journal of Cryptographic Engineering.

[50]  Peter Schwabe,et al.  High-Speed Signatures from Standard Lattices , 2014, LATINCRYPT.

[51]  Akashi Satoh,et al.  Chosen-message SPA attacks against FPGA-based RSA hardware implementations , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[52]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[53]  Nahid Farhady Ghalaty,et al.  Differential Fault Intensity Analysis , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[54]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[55]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[56]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault , 2011, WISTP.

[57]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[58]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[59]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[60]  Sorin Lerner,et al.  On Subnormal Floating Point and Abnormal Timing , 2015, 2015 IEEE Symposium on Security and Privacy.

[61]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[62]  Michael Tunstall,et al.  Compiler Assisted Masking , 2012, CHES.

[63]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[64]  Debdeep Mukhopadhyay,et al.  An Improved Fault Based Attack of the Advanced Encryption Standard , 2009, AFRICACRYPT.

[65]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[66]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[67]  Stefan Mangard,et al.  One for All - All for One: Unifying Standard DPA Attacks , 2009, IACR Cryptol. ePrint Arch..

[68]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[69]  David Novo,et al.  Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[70]  Aria Shahverdi,et al.  Lightweight Side Channel Resistance: Threshold Implementations of Simon , 2017, IEEE Transactions on Computers.

[71]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[72]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[73]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[74]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[75]  Michael Tunstall,et al.  Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications , 2009, ICISC.

[76]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[77]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[78]  Antoine Joux,et al.  Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs , 2012, CHES.

[79]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.