Automated Formal Analysis of Side-Channel Attacks on Probabilistic Systems

The security guarantees of even theoretically-secure systems can be undermined by the presence of side channels in their implementations. We present Sch-imp, a probabilistic imperative language for side channel analysis containing primitives for identifying secret and publicly-observable data, and in which resource consumption is modelled at the function level. We provide a semantics for Sch-imp programs in terms of discrete-time Markov chains. Building on this, we propose automated techniques to detect worst-case attack strategies for correctly deducing a program’s secret information from its outputs and resource consumption, based on verification of partially-observable Markov decision processes. We implement this in a tool and show how it can be used to quantify the severity of worst-case side-channel attacks against a selection of systems, including anonymity networks, covert communication channels and modular arithmetic implementations used for public-key cryptography.

[1]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[2]  Michael Carl Tschantz,et al.  Purpose Restrictions on Information Use , 2013, ESORICS.

[3]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[4]  Gethin Norman,et al.  Verification and control of partially observable probabilistic systems , 2017, Real-Time Systems.

[5]  Mário S. Alvim,et al.  Axioms for Information Leakage , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[6]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[7]  Anne Condon,et al.  On the undecidability of probabilistic planning and related stochastic optimization problems , 2003, Artif. Intell..

[8]  Mudhakar Srivatsa,et al.  A Decision Theoretic Approach to Data Leakage Prevention , 2010, 2010 IEEE Second International Conference on Social Computing.

[9]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[10]  Andrew P. Moore,et al.  Design and Assurance Strategy for the NRL Pump , 1998, Computer.

[11]  V. S. Subrahmanian,et al.  Hybrid Probabilistic Programs: Algorithms and Complexity , 1999, UAI.

[12]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[13]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[14]  Avi Pfeffer,et al.  IBAL: A Probabilistic Rational Programming Language , 2001, IJCAI.

[15]  Tom Chothia,et al.  Probabilistic Point-to-Point Information Leakage , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[16]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[17]  J. Kemeny,et al.  Denumerable Markov chains , 1969 .

[18]  Danfeng Zhang,et al.  Predictive mitigation of timing channels in interactive systems , 2011, CCS '11.

[19]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[20]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[21]  Axel Legay,et al.  Information Leakage of Non-Terminating Processes , 2014, FSTTCS.

[22]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.