Synthesis of Masking Countermeasures against Side Channel Attacks

  • Hassan Eldib
  • Chao Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8559)

Abstract

We propose a new synthesis method for generating countermeasures for cryptographic software code to mitigate power analysis based side channel attacks. Side channel attacks may arise when computers and microchips leak sensitive information about the software code and data that they process, e.g., through power dissipation or electromagnetic radiation. Such information leaks have been exploited in commercial systems in the embedded space. Our new method takes an unprotected C program as input and returns a functionally equivalent but side channel leak free new program as output. The new program is guaranteed to be perfectly masked in that all intermediate computation results are made statistically independent from the secret data. We have implemented our new method in a tool based on the LLVM compiler and the Yices SMT solver. Our experiments on a set of cryptographic software benchmarks show that the new method is both effective and scalable for applications of realistic size.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agosta, G., Barenghi, A., Pelosi, G.: A code morphing methodology to automate power analysis countermeasures. In: ACM/IEEE Design Automation Conference, pp. 77–82 (2012)Google Scholar
  2. 2.
    Akiba, T., Imajo, K., Iwami, H., Iwata, Y., Kataoka, T., Takahashi, N., Moskal, M., Swamy, N.: Calibrating research in program synthesis using 72,000 hours of programmer time. Technical report, Microsoft Research (2013)Google Scholar
  3. 3.
    Alur, R., Bodík, R., Juniwal, G., Martin, M.M.K., Raghothaman, M., Seshia, S.A., Singh, R., Solar-Lezama, A., Torlak, E., Udupa, A.: Syntax-guided synthesis. In: International Conference on Formal Methods in Computer-Aided Design, pp. 1–17 (2013)Google Scholar
  4. 4.
    Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power analysis of Atmel CryptoMemory – recovering keys from secure EEPROMs. In: RSA Conference Cryptographers’ Track, pp. 19–34 (2012)Google Scholar
  5. 5.
    Bayrak, A., Regazzoni, F., Brisk, P., Standaert, F.-X., Ienne, P.: A first step towards automatic application of power analysis countermeasures. In: ACM/IEEE Design Automation Conference, pp. 230–235 (2011)Google Scholar
  6. 6.
    Bayrak, A.G., Regazzoni, F., Novo, D., Ienne, P.: Sleuth: Automated verification of software power analysis countermeasures. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 293–310. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Bayrak, A., Velickovic, N., Ienne, P., Burleson, W.: An architecture-independent instruction shuffler to protect against side-channel attacks. ACM Transactions on Architecture and Code Optimization 8(4), 20 (2012)CrossRefGoogle Scholar
  8. 8.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V., Keer, R.V.: Keccak implementation overview, http://keccak.neokeon.org/Keccak-implementation-3.2.pdf
  9. 9.
    Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Boyar, J., Peralta, R.: A small depth-16 circuit for the AES S-Box. In: International Workshop on Security, pp. 287–298 (2012)Google Scholar
  11. 11.
    Lattner, C., Adve, V.: The LLVM Instruction Set and Compilation Strategy. Tech. report, CS Dept., Univ. of Illinois at Urbana-Champaign (August 2002)Google Scholar
  12. 12.
    Dutertre, B., de Moura, L.: A fast linear-arithmetic solver for DPLL(T). In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 81–94. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Eldib, H., Wang, C.: An SMT based method for optimizing arithmetic computations in embedded software code. In: International Conference on Formal Methods in Computer-Aided Design (2013)Google Scholar
  14. 14.
    Eldib, H., Wang, C., Schaumont, P.: SMT-based verification of software countermeasures against side-channel attacks. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 62–77. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  15. 15.
    Eldib, H., Wang, C., Taha, M., Schaumont, P.: QMS: Evaluating the side-channel resistance of masked software from source code. In: ACM/IEEE Design Automation Conference (2014)Google Scholar
  16. 16.
    Gulwani, S., Jha, S., Tiwari, A., Venkatesan, R.: Synthesis of loop-free programs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 62–73 (2011)Google Scholar
  17. 17.
    Gulwani, S., Srivastava, S., Venkatesan, R.: Program analysis as constraint solving. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 281–292 (2008)Google Scholar
  18. 18.
    Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Kuncak, V., Mayer, M., Piskac, R., Suter, P.: Software synthesis procedures. Commun. ACM 55(2), 103–111 (2012)CrossRefGoogle Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Sards, pp. 1–337. Springer (2007)Google Scholar
  22. 22.
    Moradi, A., Barenghi, A., Kasper, T., Paar, C.: On the vulnerability of FPGA bitstream encryption against power analysis attacks – extracting keys from Xilinx Virtex-II FPGAs. IACR Cryptology (2011)Google Scholar
  23. 23.
    Moss, A., Oswald, E., Page, D., Tunstall, M.: Compiler assisted masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 58–75. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    NIST. Keccak reference implementation code submission to the SHA-3 competition, http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/documents/Keccak_FinalRnd.zip
  25. 25.
    Paar, C., Eisenbarth, T., Kasper, M., Kasper, T., Moradi, A.: Keeloq and side-channel analysis – evolution of an attack. In: International Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 65–69 (2009)Google Scholar
  26. 26.
    Prouff, E., Rivain, M.: Masking against side-channel attacks: A formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  27. 27.
    Solar-Lezama, A.: Program sketching. International Journal on Software Tools for Technology Transfer 15(5-6), 475–495 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Hassan Eldib
    • 1
  • Chao Wang
    • 1
  1. 1.Department of ECEVirginia TechBlacksburgUSA

Personalised recommendations