Compositional Synthesis of Leakage Resilient Programs

A promising approach to defend against side channel attacks is to build programs that are leakage resilient, in a formal sense. One such formal notion of leakage resilience is the n-threshold-probing model proposed in the seminal work by Ishai et al.i¾?[16]. In a recent worki¾?[9], Eldib and Wang have proposed a method for automatically synthesizing programs that are leakage resilient according to this model, for the case $$n=1$$. In this paper, we show that the n-threshold-probing model of leakage resilience enjoys a certain compositionality property that can be exploited for synthesis. We use the property to design a synthesis method that efficiently synthesizes leakage-resilient programs in a compositional manner, for the general case of $$n > 1$$. We have implemented a prototype of the synthesis algorithm, and we demonstrate its effectiveness by synthesizing leakage-resilient versions of benchmarks taken from the literature.

[1]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[2]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[3]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[4]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[5]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[6]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[7]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[8]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[9]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[10]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[11]  David A. Basin,et al.  Automatically deriving information-theoretic bounds for adaptive side-channel attacks , 2011, J. Comput. Secur..

[12]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[13]  Benjamin Grégoire,et al.  Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler , 2015, IACR Cryptol. ePrint Arch..

[14]  Yuval Ishai,et al.  Private Circuits II: Keeping Secrets in Tamperable Circuits , 2006, EUROCRYPT.

[15]  Patrick Schaumont,et al.  SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.

[16]  Benjamin Grégoire,et al.  Verified Proofs of Higher-Order Masking , 2015, EUROCRYPT.

[17]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Hirotoshi Yasuoka,et al.  Quantitative Information Flow - Verification Hardness and Possibilities , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[19]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[20]  Ingrid Verbauwhede,et al.  Theory and Practice of a Leakage Resilient Masking Scheme , 2012, ASIACRYPT.

[21]  Chao Wang,et al.  Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[22]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.