Reactive side-channel countermeasures: Applicability and quantitative security evaluation

Abstract The security of cryptographic implementations running on embedded systems is threatened by side-channel attacks. Such attacks retrieve a secret key from a computing device observing the information leaking on unintended channels such as the energy consumed during a computation. The vast majority of the countermeasures proposed against such attacks aims at preventing the attacker from exploiting fruitfully the information leaking on the side-channel either altering it or hiding it within a higher noise envelope. Whilst all these countermeasures provide a quantitative security margin against an attacker, they do not provide an indication of having been successfully overcome, thus forsaking the possibility of taking a reactive action upon an eventual security breach. In an effort to propose a reactive countermeasure, we describe our proposal suggesting the introduction of redundant computations employing fixed fake keys (a.k.a. chaff s) to pollute the leaked information with plausible albeit deceitful one. We provide an in depth analysis of the proposed approach, highlighting the constraints to its effective applicability, and the boundary conditions which allow its employment for the securization of a system. We detail the attacker model considered, and the reactive security margin provided by the proposed scheme, highlighting the extent of the realizability of a reactive countermeasure, given the nature of the side-channel information. To provide experimental backing to our analysis, effectiveness and efficiency results on the Advanced Encryption Standard (AES) cipher implementation as well as lightweight block ciphers implementations running on an ARM Cortex-M4 processor are shown.

[1]  Giovanni Agosta,et al.  Compiler-based side channel vulnerability analysis and optimized countermeasures application , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[3]  Giovanni Agosta,et al.  A code morphing methodology to automate power analysis countermeasures , 2012, DAC Design Automation Conference 2012.

[4]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[5]  Thomas Ristenpart,et al.  Honey Encryption: Security Beyond the Brute-Force Bound , 2014, IACR Cryptol. ePrint Arch..

[6]  Catherine H. Gebotys,et al.  A Sliding Window Phase-Only Correlation Method for Side-Channel Alignment in a Smartphone , 2015, TECS.

[7]  Thomas Ristenpart,et al.  Honey Encryption: Encryption beyond the Brute-Force Barrier , 2014, IEEE Security & Privacy.

[8]  Giovanni Agosta,et al.  A multiple equivalent execution trace approach to secure cryptographic embedded software , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Sangjin Lee,et al.  Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA , 2002, FSE.

[10]  Jason Smith,et al.  The SIMON and SPECK lightweight block ciphers , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[11]  Christof Paar,et al.  Black-Box Side-Channel Attacks Highlight the Importance of Countermeasures - An Analysis of the Xilinx Virtex-4 and Virtex-5 Bitstream Encryption Mechanism , 2012, CT-RSA.

[12]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[13]  Giovanni Agosta,et al.  Encasing block ciphers to foil key recovery attempts via side channel , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[14]  Clifford Stoll,et al.  Stalking the wily hacker , 1988, CACM.

[15]  Alessandro Barenghi,et al.  Side-channel security of superscalar CPUs : Evaluating the Impact of Micro-architectural Features , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[16]  Alessandro Barenghi,et al.  A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA , 2013, J. Syst. Softw..

[17]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[18]  Giovanni Agosta,et al.  The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.