Abstract
In this chapter we detail an architecture of automated framework for evaluating protected software implementations. To provide insights on the usefulness of such methodology, three different software encoding schemes were analyzed as a case study, with respect to fault injection attacks. After obtaining the simulated results, a real attack scenario with the usage of laser fault injection was conducted. Both results were then compared to validate the simulation methodology.
This research was conducted when author “Jakub Breier” was with Temasek Laboratories, NTU.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A. Barenghi, L. Breveglieri, I. Koren, D. Naccache, Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)
J. Breier, D. Jap, C.-N. Chen, Laser profiling for the back-side fault attacks: with a practical laser skip instruction attack on AES, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, CPSS ’15 (ACM, New York, 2015), pp. 99–103
C. Chen, T. Eisenbarth, A. Shahverdi, X. Ye, Balanced encoding to mitigate power analysis: a case study, in CARDIS. Lecture Notes in Computer Science (Springer, Paris, 2014)
F. Courbon, P. Loubet-Moundi, J.J.A. Fournier, A. Tria, Adjusting laser injections for fully controlled faults, in International Workshop on Constructive Side-Channel Analysis and Secure Design (Springer, Cham, 2014), pp. 229–242
H. Groß, T. Plos, On using instruction-set extensions for minimizing the hardware-implementation costs of symmetric-key algorithms on a low-resource microcontroller, in International Workshop on Radio Frequency Identification: Security and Privacy Issues (Springer, Berlin, 2012), pp. 149–164
Z. Hao, P. Chu, T. Zhang, D. Wang, C. Hou, A high-performance framework for instruction-set simulator, in Recent Advances in Computer Science and Information Engineering (Springer, Berlin, 2012), pp. 9–14
P. Hoogvorst, J.-L. Danger, G. Duc, Software implementation of dual-rail representation, in COSADE, Darmstadt (2011)
H. Maghrebi, V. Servant, J. Bringer, There is wisdom in harnessing the strengths of your enemy: customized encoding to thwart side-channel attacks, in International Conference on Fast Software Encryption (Springer, Berlin, 2016), pp. 223–243
P. Rauzy, S. Guilley, Z. Najm, Formally proved security of assembly code against leakage. IACR Cryptol. ePrint Arch. 2013, 554 (2013)
W. Schindler, K. Lemke, C. Paar, A stochastic model for differential side channel cryptanalysis, in International Workshop on Cryptographic Hardware and Embedded Systems (Springer, Berlin, 2005), pp. 30–46
N. Theissing, D. Merli, M. Smola, F. Stumpf, G. Sigl, Comprehensive analysis of software countermeasures against fault attacks, in Design, Automation Test in Europe Conference Exhibition (DATE), 2013 (2013), pp. 404–409
I. Yasui, Y. Shimazu, Microprocessor with Harvard architecture. US Patent 5034887, 23 July 1991
S.Y. Yuan, H.E. Chung, S.S. Liao, A microcontroller instruction set simulator for EMI prediction. IEEE Trans. Electromagn. Compat. 51(3), 692–699 (2009)
B. Yuce, N.F. Ghalaty, P. Schaumont, Improving fault attacks on embedded software using RISC pipeline characterization, in 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (2015), pp. 97–108
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix 1: Assembly Code For Static-DPL XOR Implementation
Table 10.3 in this section contains assembly code used for the code analysis. Note that there are several differences in comparison to the original paper. We precharge all the registers before the code execution; therefore, there is no need to use precharge instructions. The other change is in instructions 7 and 8, where we first load the operation code (can take values 01010101 for and, 10101010 for or, and 01100110 for xor) and then we execute ldd instruction using the destination register, operation code, and value. Look-up tables are stated in Table 10.4.
Appendix 2: Assembly Code for Static-Encoding XOR Implementation
The code stated in Table 10.5 follows the originally proposed algorithm for Static-Encoding XOR. This implementation uses several constants, either for clearing and precharging the registers before loading the data (e.g., ldi r16 11110000) or for changing the data to proper encoding format (e.g., ldi r17 01011010).
Appendix 3: Assembly Code for Device-Specific Encoding XOR Implementation
In this section, we describe the code used for Device-Specific Encoding XOR. After determining the bit leakage weights, and computing the encoding based on Algorithm 1, several look-up tables are constructed.
According to the original paper [8], it is reasonable to split an n-bit variable into two different halves in order to avoid holding large look-up tables in memory. Therefore, we use two registers for processing each value.
In Table 10.6, the pseudocode for the encoding is presented. First, the upper nibble is retrieved for inputs a and b (a h and b h) under the encoding format (f(a h) and f(b h)), using the luthb table, followed by the look-up table lutop used to perform xor operation (LUT(f(a h) << 4||f(b h)) = f(a h ⊕ b h)). Similar procedure is done for the lower nibble, using the lutlb.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Breier, J., Jap, D., Bhasin, S. (2019). Automated Evaluation of Software Encoding Schemes. In: Breier, J., Hou, X., Bhasin, S. (eds) Automated Methods in Cryptographic Fault Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-11333-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-11333-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11332-2
Online ISBN: 978-3-030-11333-9
eBook Packages: EngineeringEngineering (R0)