QMS: Evaluating the side-channel resistance of masked software from source code

Many commercial systems in the embedded space have shown weakness against power analysis based side-channel attacks in recent years. Designing countermeasures to defend against such attacks is both labor intensive and error prone. Furthermore, there is a lack of formal methods for quantifying the actual strength of a counter-measure implementation. Security design errors may therefore go undetected until the side-channel leakage is physically measured and evaluated. We show a better solution based on static analysis of C source code. We introduce the new notion of Quantitative Masking Strength (QMS) to estimate the amount of information leakage from software through side channels. The QMS can be automatically computed from the source code of a countermeasure implementation. Our experiments, based on side-channel measurement on real devices, show that the QMS accurately quantifies the side-channel resistance of the software implementation.

[1]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[2]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[3]  Joan Boyar,et al.  A Small Depth-16 Circuit for the AES S-Box , 2012, SEC.

[4]  Chao Wang,et al.  An SMT Based Method for Optimizing Arithmetic Computations in Embedded Software Code , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Ingrid Verbauwhede,et al.  Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[6]  Stephan Merz,et al.  Model Checking , 2000 .

[7]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  Chao Wang,et al.  Abstraction Refinement for Large Scale Model Checking (Series on Integrated Circuits and Systems) , 2006 .

[10]  David Novo,et al.  Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[11]  Chao Wang,et al.  Mixed symbolic representations for model checking software programs , 2006, Fourth ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2006. MEMOCODE '06. Proceedings..

[12]  Patrick Schaumont,et al.  SMT-Based Verification of Software Countermeasures against Side-Channel Attacks , 2014, TACAS.

[13]  Chao Wang,et al.  A satisfiability-based approach to abstraction refinement in model checking , 2003, BMC@CAV.

[14]  Christof Paar,et al.  KeeLoq and Side-Channel Analysis-Evolution of an Attack , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[15]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[16]  Patrick Schaumont,et al.  Differential Power Analysis of MAC-Keccak at Any Key-Length , 2013, IWSEC.

[17]  Chao Wang,et al.  Abstraction Refinement for Large Scale Model Checking , 2006, Series on Integrated Circuits and Systems.

[18]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[19]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[20]  Chao Wang,et al.  Refining the SAT decision ordering for bounded model checking , 2004, Proceedings. 41st Design Automation Conference, 2004..

[21]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[22]  Louis Goubin,et al.  A Sound Method for Switching between Boolean and Arithmetic Masking , 2001, CHES.

[23]  Alessandro Barenghi,et al.  On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from xilinx Virtex-II FPGAs , 2011, CCS '11.