Runtime Code Polymorphism as a Protection Against Side Channel Attacks

We present a generic framework for runtime code polymorphism, applicable to a broad range of computing platforms including embedded systems with low computing resources (e.g. microcontrollers with few kilo-bytes of memory). Code polymorphism is defined as the ability to change the observable behaviour of a software component without changing its functional properties. In this paper we present the implementation of code polymorphism with runtime code generation, which offers many code transformation possibilities: we describe the use of random register allocation, random instruction selection, instruction shuffling and insertion of noise instructions. We evaluate the effectiveness of our framework against correlation power analysis: as compared to an unprotected implementation of AES where the secret key could be recovered in less than 50 traces in average, in our protected implementation, we increased the number of traces necessary to achieve the same attack by more than 20000\(\times \). With regards to the state of the art, our implementation shows a moderate impact in terms of performance overhead.

[1]  François Durvaux,et al.  Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models , 2012, CARDIS.

[2]  Paolo Ienne,et al.  An architecture-independent instruction shuffler to protect against side-channel attacks , 2012, TACO.

[3]  Damien Couroussé,et al.  Software acceleration of floating-point multiplication using runtime code generation — Student paper , 2013, 2013 4th Annual International Conference on Energy Aware Computing Systems and Applications (ICEAC).

[4]  Sri Parameswaran,et al.  RIJID: Random Code Injection to Mask Power Analysis based Side Channel Attacks , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[5]  장훈,et al.  [서평]「Computer Organization and Design, The Hardware/Software Interface」 , 1997 .

[6]  Stijn Eyerman,et al.  Fine-grained DVFS using on-chip regulators , 2011, TACO.

[7]  Vivek Sarkar,et al.  Linear scan register allocation , 1999, TOPL.

[8]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[9]  Hanspeter Mössenböck,et al.  Design of the Java HotSpot#8482; client compiler for Java 6 , 2008, TACO.

[10]  David Naccache,et al.  Can Code Polymorphism Limit Information Leakage? , 2011, WISTP.

[11]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[12]  David A. Patterson,et al.  Computer Organization and Design - The Hardware / Software Interface (Revised 4th Edition) , 2012, The Morgan Kaufmann Series in Computer Architecture and Design.

[13]  WimmerChristian,et al.  Design of the Java HotSpot client compiler for Java 6 , 2008 .

[14]  Henk L. Muller,et al.  Random Register Renaming to Foil DPA , 2001, CHES.

[15]  Giovanni Agosta,et al.  The MEET Approach: Securing Cryptographic Embedded Software Against Side Channel Attacks , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[16]  Henri-Pierre Charles,et al.  deGoal a Tool to Embed Dynamic Code Generators into Applications , 2014, CC.

[17]  Christof Paar,et al.  An Efficient Method for Eliminating Random Delays in Power Traces of Embedded Software , 2011, ICISC.

[18]  Giovanni Agosta,et al.  A code morphing methodology to automate power analysis countermeasures , 2012, DAC Design Automation Conference 2012.

[19]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[20]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.