Side-Channel Countermeasures' Dissection and the Limits of Closed Source Security Evaluations

We take advantage of a recently published open source implementation of the AES protected with a mix of countermeasures against side-channel attacks to discuss both the challenges in protecting COTS devices against such attacks and the limitations of closed source security evaluations. The target implementation has been proposed by the French ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) to stimulate research on the design and evaluation of side-channel secure implementations. It combines additive and multiplicative secret sharings into an affine masking scheme that is additionally mixed with a shuffled execution. Its preliminary leakage assessment did not detect data dependencies with up to 100,000 measurements. We first exhibit the gap between such a preliminary leakage assessment and advanced attacks by exhibiting how a countermeasures’ dissection exploiting a mix of dimensionality reduction, multivariate information extraction and key enumeration can recover the full key with less than 2,000 measurements. We then discuss the relevance of open source evaluations to analyze such implementations efficiently, by exhibiting that certain steps of the attack are hard to automate without implementation knowledge (even with machine learning tools), while performing them manually is trivial. Our findings are not due to design flaws but from the general difficulty to prevent side-channel attacks in COTS devices with limited noise. We anticipate that high security on such devices requires significantly more shares.

[1]  Yuanyuan Zhou,et al.  Deep learning mitigates but does not annihilate the need of aligned traces and a generalized ResNet model for side-channel attacks , 2019, Journal of Cryptographic Engineering.

[2]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[3]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[4]  Benjamin Grégoire,et al.  Vectorizing Higher-Order Masking , 2018, IACR Cryptol. ePrint Arch..

[5]  Daniel Dinu,et al.  EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[6]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[7]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[8]  Jean-Jacques Quisquater,et al.  On the Need of Physical Security for Small Embedded Devices: A Case Study with COMP128-1 Implementations in SIM Cards , 2013, Financial Cryptography.

[9]  Sylvain Guilley,et al.  Multivariate High-Order Attacks of Shuffled Tables Recomputation , 2017, Journal of Cryptology.

[10]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.

[11]  Christopher M. Bishop,et al.  Pattern recognition and machine learning, 5th Edition , 2007, Information science and statistics.

[12]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[13]  François-Xavier Standaert,et al.  Soft Analytical Side-Channel Attacks , 2014, ASIACRYPT.

[14]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[15]  Amir Moradi,et al.  Glitch-Resistant Masking Revisited - or Why Proofs in the Robust Probing Model are Needed , 2019, IACR Cryptol. ePrint Arch..

[16]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[17]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[18]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[19]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[20]  François-Xavier Standaert,et al.  ASCA, SASCA and DPA with Enumeration: Which One Beats the Other and When? , 2015, ASIACRYPT.

[21]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[22]  Olivier Markowitch,et al.  A Machine Learning Approach Against a Masked AES , 2013, CARDIS.

[23]  François-Xavier Standaert,et al.  Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device , 2015, EUROCRYPT.

[24]  Axel Legay,et al.  On the Performance of Convolutional Neural Networks for Side-Channel Analysis , 2018, SPACE.

[25]  Romain Poussier,et al.  Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis) , 2015, COSADE.

[26]  Annelie Heuser,et al.  Intelligent Machine Homicide - Breaking Cryptographic Devices Using Support Vector Machines , 2012, COSADE.

[27]  Emmanuel Prouff,et al.  Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing , 2017, CHES.

[28]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[29]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[30]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[31]  Romain Poussier,et al.  Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach , 2016, CHES.

[32]  Michael Tunstall,et al.  Masking Tables - An Underestimated Security Risk , 2013, FSE.

[33]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[34]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[35]  Elisabeth Oswald,et al.  A Systematic Study of the Impact of Graphical Models on Inference-based Attacks on AES , 2018, IACR Cryptol. ePrint Arch..

[36]  Benjamin Timon,et al.  Non-Profiled Deep Learning-Based Side-Channel Attacks , 2019, IACR Cryptol. ePrint Arch..

[37]  Florian Mendel,et al.  Towards Fresh and Hybrid Re-Keying Schemes with Beyond Birthday Security , 2015, CARDIS.

[38]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[39]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[40]  Joos Vandewalle,et al.  Machine learning in side-channel analysis: a first study , 2011, Journal of Cryptographic Engineering.

[41]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[42]  Elie Bursztein,et al.  A Hacker Guide To Deep Learning Based Side Channel Attacks , 2019 .

[43]  Benjamin Grégoire,et al.  Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model , 2017, EUROCRYPT.

[44]  François-Xavier Standaert,et al.  Very High Order Masking: Efficient Implementation and Security Evaluation , 2017, IACR Cryptol. ePrint Arch..