Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits

Transcription

1 Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016

2 Cryptographic Algorithm: an example Plaintext Chip Ciphertext Encryption Algorithm Secret Key Plaintext is encrypted using the Secret Key stored on chip. System will become useless if the adversary knows the Secret Key.

3 Side-Channel Attack Plaintext Chip Ciphertext Encryption Algorithm Secret Key Adversary analyzes the power consumption to identify the secret key { Power Consumption Analysis Identify the Secret Key

4 Prof. Patrick Schaumont s Lab ECE Dept., Virginia Tech

5 Side Channels What can we observe? EM Emissions Power Consumption Faulty Outputs Input Cryptographic Algorithm Output Timing Sound Heat Design Details

6 Fault Sensitivity Attack [Ghalaty et al 2014, 2015] The goal of fault injection is to induce sufficiently many faulty outputs to reveal the secret key.

7 Fault Sensitivity Attack [Ghalaty et al 2014, 2015] Exploiting dependence between secret key and the circuit s fault sensitivity Fault Injection Collecting Traces Statistical Analysis

8 Our Vision Security by Compilation Unprotected HW / SW code Protected HW / SW code PIs: Chao Wang, Patrick Schaumont

9 Motivating Example PPRM1 AES S-box implementation [Morioka & Satoh, in CHES 2002] 1. The only non-linear function in AES 2. Vulnerable to FSA attack

10 Motivating Example PPRM1 AES S-box implementation [Morioka & Satoh, in CHES 2002] 1. The only non-linear function in AES 2. Vulnerable to FSA attack

11 Motivating Example

12 Signal Delay for AND Gates T A T B T C -- arrival time for signal A -- arrival time for signal B -- arrival time for signal C T AND -- delay of AND gate Assume T A < T B When signal A = 0, T C = T A + T AND (small) When signal A = 1, T C = T B + T AND (large) Timing Dependency! Analyzing the (TC) may help decide the value of (A)

13 Signal Delay for AND Gates When signal A = 0, T C = T A + T AND (small) When signal A = 1, T C = T B + T AND (large) If A = 0 TC = TA + TAND If A = 1 TC = TB + TAND TA TB TA TB A 1 0 A 1 0 B 1 0 B 1 0 C 1 0 C 1 0

14 Countermeasure FSA Attack can be prevented by eliminating the timing dependency Between signal path delay and sensitive input

15 Countermeasure Synthesis Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

16 Advantage 21 gates Original circuit [Morioka & Satoh, CHES 2002] Smaller Circuit Synthesized countermeasure 13 gates 41 gates Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

17 Advantage 6 unit delay Original circuit [Morioka & Satoh, CHES 2002] Shorter Critical Path Synthesized countermeasure 3 unit delay 6 unit delay Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

18 Advantage Cooler Technology Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

19 Advantage Cooler Technology Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

20 Our Contribution The first countermeasure synthesis method to defend against FSA attacks of crypto circuits

21 Inductive Synthesis Verification: (1) Checking the functional equivalence (2) Checking the FSA resistance

22 Inductive Synthesis Verification: (1) Checking the functional equivalence (2) Checking the FSA resistance.

23 Template Circuit FSA resistance by construction

24 Template Circuit FSA resistance by construction

25 Template Circuit SyGuS specification to generate instantiation (candidate circuit)

26 Scalability Problem Our solution: Partitioned Synthesis (1) Divide the circuit into smaller regions (2) Synthesize countermeasures for each region (3) Compose them together Compositionality: (1) The delay of a path is the summation of delays of all segments (2) If each region is FSA resistant, the entire circuit is FSA resistant

27 Partitioned Synthesis

28 Experiments Implemented in a software tool Circuit-to-SyGuS translator + SyGuS solvers ( Evaluated on 10 crypto circuits

29 Compared to Buffer Insertion Methods Existing countermeasures (buffer insertion) [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

30 Compared to Classic EDA Algorithms Logic synthesis and optimization algorithms Two-Level Minimization Multi-Level Minimization

31 Compared to Classic EDA Algorithms

32 Compared to Classic EDA Algorithms

33 Conclusions New countermeasure synthesis method for FSA attacks of crypto circuits Guarantee to eliminate sensitive timing dependency Efficient (Fewer gates, Shorter critical paths, etc.) Future work Synthesizing countermeasures for other side-channel attacks

34 Security by Compilation Unprotected HW/SW code Protected HW/SW code [TACAS14] [CAV14] [DAC14] [CAV16]