Moving Target Defense Mechanism for Side-Channel Attacks

In this paper, we present a side-channel resilient moving target defense mechanism against power-/electromagnetic-based side-channel attacks. Recent countermeasures use fresh rekeying after every encryption/decryption process; this causes major overhead in synchronizing the communicating parties. In contrast to previous work, our mechanism integrates fresh rekeying and masking techniques at an interval, where these techniques are driven by the maximum number of side-channel leakage traces required toward a successful embedded attack. Hence, the mechanism tracks the effect of attacks on the number of traces, and consequently applies rekeying at suitable intervals to reduce the computational/communication overhead, while increasing the attack cost. The mechanism scalability was evaluated against an advanced attack model based on machine learning methods that reduces significantly the number of traces required for a successful attack under masking implementation.

[1]  Zhizhang Chen,et al.  ChipWhisperer: An Open-Source Platform for Hardware Embedded Security Research , 2014, COSADE.

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Kevin Fu,et al.  Recent Results in Computer Security for Medical Devices , 2011, MobiHealth.

[4]  Annelie Heuser,et al.  Intelligent Machine Homicide - Breaking Cryptographic Devices Using Support Vector Machines , 2012, COSADE.

[5]  Jian Shen,et al.  An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment , 2017, J. Netw. Comput. Appl..

[6]  Patrick Schaumont,et al.  QMS: Evaluating the side-channel resistance of masked software from source code , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[7]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[8]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[9]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[10]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[11]  Stefan Dziembowski,et al.  Towards Sound Fresh Re-keying with Hard (Physical) Learning Problems , 2016, CRYPTO.

[12]  Kostas E. Psannis,et al.  Secure integration of IoT and Cloud Computing , 2018, Future Gener. Comput. Syst..

[13]  Olivier Markowitch,et al.  A machine learning approach against a masked AES , 2014, Journal of Cryptographic Engineering.

[14]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[16]  Yiwei Thomas Hou,et al.  Proximity-Based Security Techniques for Mobile Users in Wireless Networks , 2013, IEEE Transactions on Information Forensics and Security.

[17]  Qiaoyan Yu,et al.  Hardware security assurance in emerging IoT applications , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[18]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[19]  Wayne P. Burleson,et al.  Hybrid side-channel/machine-learning attacks on PUFs: A new threat? , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[20]  Markus G. Kuhn,et al.  Efficient, Portable Template Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[22]  Abdul Hanan Abdullah,et al.  Side channel attacks on smart home systems: A short overview , 2017, IECON 2017 - 43rd Annual Conference of the IEEE Industrial Electronics Society.

[23]  Stefan Mangard,et al.  Enhancing Side-Channel Analysis of Binary-Field Multiplication with Bit Reliability , 2016, CT-RSA.

[24]  Moti Yung,et al.  A Block Cipher based PRNG Secure Against Side-Channel Key Recovery , 2007, IACR Cryptol. ePrint Arch..

[25]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[26]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[27]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[28]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[29]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.