Automatic Application of Power Analysis Countermeasures

We introduce a compiler that automatically inserts software countermeasures to protect cryptographic algorithms against power-based side-channel attacks. The compiler first estimates which instruction instances leak the most information through side-channels. This information is obtained either by dynamic analysis, evaluating an information theoretic metric over the power traces acquired during the execution of the input program, or by static analysis. As information leakage implies a loss of security, the compiler then identifies (groups of) instruction instances to protect with a software countermeasure such as random precharging or Boolean masking. As software protection incurs significant overhead in terms of cryptosystem runtime and memory usage, the compiler protects the minimum number of instruction instances to achieve a desired level of security. The compiler is evaluated on two block ciphers, AES and Clefia; our experiments demonstrate that the compiler can automatically identify and protect the most important instruction instances. To date, these software countermeasures have been inserted manually by security experts, who are not necessarily the main cryptosystem developers. Our compiler offers significant productivity gains for cryptosystem developers who wish to protect their implementations from side-channel attacks.

[1]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[2]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[3]  S. R. S. Varadhan,et al.  Special invited paper. Large deviations , 2008, 0804.2330.

[4]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[5]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[6]  Eric Peeters,et al.  On the masking countermeasure and higher-order power analysis attacks , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[7]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[8]  Cristina Cifuentes,et al.  Reverse compilation techniques , 1994 .

[9]  Paolo Ienne,et al.  A first step towards automatic application of power analysis countermeasures , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[10]  Jean-Sébastien Coron,et al.  On Boolean and Arithmetic Masking against Differential Power Analysis , 2000, CHES.

[11]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[12]  Jayadev Misra,et al.  A Constructive Proof of Vizing's Theorem , 1992, Inf. Process. Lett..

[13]  Joseph Sifakis,et al.  A vision for computer science — the system perspective , 2011, Central European Journal of Computer Science.

[14]  Alberto Sangiovanni Vincentelli 1,000 electronic devices per living person: Dream or nightmare? , 2011, 2011 4th IEEE International Workshop on Advances in Sensors and Interfaces (IWASI).

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[17]  Johann Großschädl,et al.  Power Analysis Resistant AES Implementation with Instruction Set Extensions , 2007, CHES.

[18]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[19]  Ingrid Verbauwhede,et al.  A digital design flow for secure integrated circuits , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[20]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[21]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[22]  Frederic T. Chong,et al.  Gate-Level Information-Flow Tracking for Secure Architectures , 2010, IEEE Micro.

[23]  S. Varadhan,et al.  Large deviations , 2019, Graduate Studies in Mathematics.

[24]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[25]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[26]  Stéphane Badel,et al.  A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions , 2009, CHES.

[27]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[28]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[29]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[30]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[31]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[32]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[33]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[34]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[35]  F. Madlener,et al.  Novel hardening techniques against differential power analysis for multiplication in GF(2n) , 2009, 2009 International Conference on Field-Programmable Technology.

[36]  Stefan Mangard,et al.  Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis , 2007, ACNS.

[37]  Elisabeth Oswald,et al.  An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[38]  Michael Tunstall,et al.  Compiler Assisted Masking , 2012, CHES.

[39]  E. Schmidt,et al.  Lex—a lexical analyzer generator , 1990 .

[40]  Manuel Barbosa,et al.  Constructive and Destructive Use of Compilers in Elliptic Curve Cryptography , 2009, Journal of Cryptology.

[41]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[42]  Abdel Alim Kamal,et al.  An area-optimized implementation for AES with hybrid countermeasures against power analysis , 2009, 2009 International Symposium on Signals, Circuits and Systems.

[43]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[44]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.