Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits

Similar documents
Fault Sensitivity Analysis

External Encodings Do not Prevent Transient Fault Analysis

Syntax-Guided Program Synthesis. Rajeev Alur. University of Pennsylvania

Syntax-Guided Program Synthesis. Rajeev Alur

Fault Sensitivity Analysis

On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting

Fault Injection Attacks and Countermeasures

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

COSADE Conference Series

Syntax-Guided Synthesis. Rajeev Alur. University of Pennsylvania

Fault Attacks on Cryptosystems: Novel Threat Models, Countermeasures and Evaluation Metrics

Multi-Stage Fault Attacks

Fault Sensitivity Analysis

WhoamI. Attacking WBC Implementations No con Name 2017

Secure Design Methodology and The Tree of Trust

Power Analysis Attacks

SIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI

A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis

A physical level perspective

Sho Endo1, Naofumi Homma1, Yu-ichi Hayashi1, Junko Takahashi2, Hitoshi Fuji2 and Takafumi Aoki1

HOST Differential Power Attacks ECE 525

THE MULTIPLE WAYS TO AUTOMATE THE APPLICATION OF SOFTWARE COUNTERMEASURES AGAINST PHYSICAL ATTACKS: PITFALLS AND GUIDELINES

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES

Correlation-Enhanced Power Analysis Collision Attack

HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence

White-Box Cryptography State of the Art. Paul Gorissen

Blind Differential Cryptanalysis for Enhanced Power Attacks

«Safe (hardware) design methodologies against fault attacks»

Implementation Tradeoffs for Symmetric Cryptography

Side-Channel Cryptanalysis. Joseph Bonneau Security Group

Once upon a time... A first-order chosen-plaintext DPA attack on the third round of DES

EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread

Securing Multiprocessor Systemon-Chip

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Introduction to Software Countermeasures For Embedded Cryptography

Hardware Security. Debdeep Mukhopadhyay

@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.

PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE

Secure Set Intersection with Untrusted Hardware Tokens

Breaking the Bitstream Decryption of FPGAs

Clock Glitch Fault Injection Attacks on an FPGA AES Implementation

Prototype IC with WDDL and Differential Routing DPA Resistance Assessment

A Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse

Fault injection attacks on cryptographic devices and countermeasures Part 1

Security against Timing Analysis Attack

Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

Software Protection Against Fault and Side Channel Attacks

Cache Timing Attacks in Cryptography

A Key Management Scheme for DPA-Protected Authenticated Encryption

Side-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES

Network Security Technology Project

Masking as a Side-Channel Countermeasure in Hardware

MICROCIRCUIT SECURITY

Fault Attacks on Embedded Software: Threats, Design, and Mitigation

Security of Embedded Systems

The embedded security challenge: Protecting bits at rest

Hardware Design and Simulation for Verification

SIDE CHANNEL RISK EVALUATION AND MEASUREMENT (SCREAM)

JUST ONE FAULT Persistent Fault Analysis on Block Ciphers

Hardware/Software Codesign

High Level Synthesis of Cryptographic Hardware. Jeremy Trimble ECE 646

Keynote: White-Box Cryptography

Remote E-Voting System

Non-Profiled Deep Learning-Based Side-Channel Attacks

Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO

FDTC 2010 Fault Diagnosis and Tolerance in Cryptography. PACA on AES Passive and Active Combined Attacks

The Design and Evaluation Methodology of Dependable VLSI for Tamper Resistance

Profiled Model Based Power Simulator for Side Channel Evaluation

This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.

VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher

Design and Implementation of on-board satellite encryption with SEU error detection & correction code on FPGA

Second-Order Power Analysis Attacks against Precomputation based Masking Countermeasure

Hardware-Software Codesign. 1. Introduction

Differential Computation Analysis Hiding your White-Box Designs is Not Enough. Joppe W. Bos

CSE 127: Computer Security Cryptography. Kirill Levchenko

Differential Computation Analysis Hiding your White-Box Designs is Not Enough

Trojan-tolerant Hardware & Supply Chain Security in Practice

Fault Sensitivity Analysis Meets Zero-Value Attack

A PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS

1-7 Attacks on Cryptosystems

Digital Systems Testing

A Fault Attack Against the FOX Cipher Family

Embedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015

A Differential Fault Attack against Early Rounds of (Triple-)DES

A Power Attack Method Based on Clustering Ruo-nan ZHANG, Qi-ming ZHANG and Ji-hua CHEN

Fault-based Cryptanalysis on Block Ciphers

Differential Fault Analysis on the AES Key Schedule

Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES

Study on data encryption technology in network information security. Jianliang Meng, Tao Wu a

A Developer's Guide to Security on Cortex-M based MCUs

Botan s Implementation of the McEliece PKC

Differential Computation Analysis Hiding your White-Box Designs is Not Enough

CRYPTOGRAPHIC devices are widely used in applications

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

PowerRanger: Assessing Circuit Vulnerability to Power Attacks Using SAT-Based Static Analysis

On Analyzing Program Behavior Under Fault Injection Attacks

Flash Memory Bumping Attacks

Transcription:

Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016

Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011 0010 1110 Encryption Algorithm Secret Key 010011100 1001 1011 0110 0010 1110 Plaintext is encrypted using the Secret Key stored on chip. System will become useless if the adversary knows the Secret Key.

Side-Channel Attack Plaintext Chip Ciphertext 0110 1001 1011 0010 1110 Encryption Algorithm Secret Key 010011100 1001 1011 0110 0010 1110 Adversary analyzes the power consumption to identify the secret key { Power Consumption Analysis Identify the Secret Key

Prof. Patrick Schaumont s Lab ECE Dept., Virginia Tech

Side Channels What can we observe? EM Emissions Power Consumption Faulty Outputs 1001 0000 0110 0100 1110 0110 1001 1011 0010 1110 Input Cryptographic Algorithm Output 1001 1011 0110 0010 1110 Timing Sound Heat Design Details

Fault Sensitivity Attack [Ghalaty et al 2014, 2015] The goal of fault injection is to induce sufficiently many faulty outputs to reveal the secret key.

Fault Sensitivity Attack [Ghalaty et al 2014, 2015] Exploiting dependence between secret key and the circuit s fault sensitivity Fault Injection Collecting Traces Statistical Analysis

Our Vision Security by Compilation Unprotected HW / SW code Protected HW / SW code PIs: Chao Wang, Patrick Schaumont

Motivating Example PPRM1 AES S-box implementation [Morioka & Satoh, in CHES 2002] 1. The only non-linear function in AES 2. Vulnerable to FSA attack

Motivating Example PPRM1 AES S-box implementation [Morioka & Satoh, in CHES 2002] 1. The only non-linear function in AES 2. Vulnerable to FSA attack

Motivating Example

Signal Delay for AND Gates T A T B T C -- arrival time for signal A -- arrival time for signal B -- arrival time for signal C T AND -- delay of AND gate Assume T A < T B When signal A = 0, T C = T A + T AND (small) When signal A = 1, T C = T B + T AND (large) Timing Dependency! Analyzing the (TC) may help decide the value of (A)

Signal Delay for AND Gates When signal A = 0, T C = T A + T AND (small) When signal A = 1, T C = T B + T AND (large) If A = 0 TC = TA + TAND If A = 1 TC = TB + TAND TA TB TA TB A 1 0 A 1 0 B 1 0 B 1 0 C 1 0 C 1 0

Countermeasure FSA Attack can be prevented by eliminating the timing dependency Between signal path delay and sensitive input

Countermeasure Synthesis Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Advantage 21 gates Original circuit [Morioka & Satoh, CHES 2002] Smaller Circuit Synthesized countermeasure 13 gates 41 gates Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Advantage 6 unit delay Original circuit [Morioka & Satoh, CHES 2002] Shorter Critical Path Synthesized countermeasure 3 unit delay 6 unit delay Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Advantage Cooler Technology Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Advantage Cooler Technology Original circuit [Morioka & Satoh, CHES 2002] Synthesized countermeasure Buffered circuit [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Our Contribution The first countermeasure synthesis method to defend against FSA attacks of crypto circuits

Inductive Synthesis Verification: (1) Checking the functional equivalence (2) Checking the FSA resistance

Inductive Synthesis Verification: (1) Checking the functional equivalence (2) Checking the FSA resistance.

Template Circuit FSA resistance by construction

Template Circuit FSA resistance by construction

Template Circuit SyGuS specification to generate instantiation (candidate circuit)

Scalability Problem Our solution: Partitioned Synthesis (1) Divide the circuit into smaller regions (2) Synthesize countermeasures for each region (3) Compose them together Compositionality: (1) The delay of a path is the summation of delays of all segments (2) If each region is FSA resistant, the entire circuit is FSA resistant

Partitioned Synthesis

Experiments Implemented in a software tool Circuit-to-SyGuS translator + SyGuS solvers (www.sygus.org) Evaluated on 10 crypto circuits

Compared to Buffer Insertion Methods Existing countermeasures (buffer insertion) [Ghalaty et al, DATE 2014] [Endo et al, IEEE TVLSI, 2014]

Compared to Classic EDA Algorithms Logic synthesis and optimization algorithms Two-Level Minimization Multi-Level Minimization

Compared to Classic EDA Algorithms

Compared to Classic EDA Algorithms

Conclusions New countermeasure synthesis method for FSA attacks of crypto circuits Guarantee to eliminate sensitive timing dependency Efficient (Fewer gates, Shorter critical paths, etc.) Future work Synthesizing countermeasures for other side-channel attacks

Security by Compilation Unprotected HW/SW code Protected HW/SW code [TACAS14] [CAV14] [DAC14] [CAV16]

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback