Automatic Application of Power Analysis Countermeasures Ali Galip
- Slides: 43
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne Slides by Joshua Potter
2/46 Overview • Motivation ▫ Side Channel Attacks ▫ Power Analysis Attacks • Counter Measures ▫ Random Pre-Charging ▫ Boolean Masking • The Proposed Compiler ▫ Information Leak Analysis, Static vs. Dynamic ▫ Code Identification and Transformation ▫ Local and Global Counter Measures • Results • Discussion
3/46 Power Analysis Attacks • Power analysis attacks rely on the fact that the instantaneous power consumption of most modern CMOS devices is strongly correlated with the data that is being processed at the same instant • The attacker provides different inputs to the cryptosystem running on the device, and measures the real-time power consumption of each input • After the measurements are completed, the attacker statistically analyzes the relationship between the inputs and collected power traces
4/46 Side Channel Attack Countermeasures • Many countermeasures have been proposed to protect against side-channel attacks, typically, a countermeasure is proposed for a specific attack ▫ Unlikely that a universal countermeasure will be found for silicon devices • To date, these countermeasures are inserted manually by experts in side-channel protection; ▫ These experts are often not those who implemented the cryptosystem that is being protected
5/46 Countermeasures • Software countermeasures include: ▫ ▫ Random insertion of dummy instructions Shuffling Random pre-charging Boolean and arithmetic masking
6/46 The Proposed Compiler • Focuses on power-based side-channel attacks ▫ Could easily be applied to other attacks, particularly EM- and acoustic-based ones • Automatically applies known software countermeasures to cryptographic software to protect against side-channel attacks • The user selects which countermeasure to apply and the compiler inserts it automatically
7/46 Compiling Counter Measures • The application of these countermeasures can significantly impact performance and code size • It is impractical to protect every instruction instance in a cryptographic implementation • The objective of the compiler is to automatically identify a subset of the implementation for protection, while meeting a user-specified level of security.
8/46 Countermeasures • Random Pre-charging ▫ is selected as an example of countermeasures which need local analysis and code transformations • Boolean masking ▫ A more advanced countermeasure requiring global treatment. • The compiler can automatically detect and protect all instructions that leak critical information; ▫ The resulting program ensures the same level of protection with modest run time and code-size overheads
9/46 Compilation Flow 1. Information Leakage Analysis identifies the instructions that are sensitive to side-channel attacks ▫ The compiler can analyze the traces of real side-channel measurements if the user provides traces; alternatively, it can perform static analysis 2. Transformation Target Identification ▫ Looks at data dependencies involving the sensitive instructions to determine larger groups of instructions that require protection to ensure security 3. Code Transformation ▫ Applies the protection mechanism on instructions identified
10/46 Compiler Stages
11/46 Information Leakage Analysis Methods • Static analysis ▫ Decompiles the assembly to indentify instructions that operate on critical data and their dependencies ▫ Requires no manual intervention from the user ▫ Does not allow for platform-specific considerations ▫ Could be overly protective • Dynamic analysis ▫ Requires the user to acquire power traces off-line ▫ Exploits highly accurate device specific leakage information
12/46 Information Leakage Analysis • The input to this step is an assembly language implementation of a cryptographic algorithm that requires protection • The output is a set of annotations that indicate the sensitivity of each instruction
13/46 Why at the Assembly Level? • By operating on assembly instructions, rather than a higher level representation, the countermeasures applied do not alter the output behavior of the program • A strong optimizing compiler, which is unaware of this behavior, could recognize these countermeasures as redundant code, and eliminate them in an effort to improve performance and reduce code size
14/46 Static Analysis • The compiler decompiles and identifies the idioms (a), and constructs the CFG (b), and DFG (c); afterwards, the DFG is analyzed to determine the sensitive operations.
15/46 Static Analysis • An idiom is a group of instructions that defines a single operation which the compiler constructs basic blocks so that each of them contains a single idiom • The CFG preserves the control structure of the application • The DFG facilitates propagation of relevant information, such as sensitivity and protection requirements ▫ The compiler analyzes the DFG to determine which idioms are sensitive and require protection
16/46 Dynamic Analysis • Dynamic analysis uses empirical measurements to determine the sensitivity of each instruction • The user provides an assembly language implementation of the cryptographic algorithm and power traces acquired by executing different pairs on the target platform • The compiler produces a set of annotations that indicate the sensitivity of each instruction
17/46 Dynamic Analysis • Before running the compiler, power traces can be obtained via measurement with an oscilloscope • The measurements are suggested to be taken at a high frequency and then compressed to obtain a single power measurement for each clock cycle • High frequency sampling is to get better accuracy, whereas compression is to obtain a single sensitivity value for each instruction and for efficiency of the analysis
18/46 Dynamic Analysis • The compiler automatically performs the following steps for dynamic analysis: 1. The power traces are analyzed, and the sensitivity of each clock cycle is determined using an information theoretic metric, which estimates the amount of information that the system leaks 2. Clock cycles whose sensitivity exceeds a user-provided threshold are marked as sensitive 3. The compiler associates each clock cycle from the traces with an assembly instruction 4. The most sensitive clock cycle associated with each instruction defines the sensitivity of that instruction
19/46 Determining Sensitivity Values
20/46 Metric for Sensitivity Evaluation • Let K, X, L and respectively be random variables representing the secret key, plaintext, and information leakage from the physical device which is obtained via power trace analysis; and k, x, and l, be realizations of K, X, and L from an execution of the algorithm. • Leakage is normally distributed with mean μ and standard deviation sigma where the probability density function of L is: • The conditional entropy of L given is
21/46 Transformation Target Identification • Once sensitive instructions have been identified, the compiler automatically selects transformation targets which are instructions to protect • For relatively simple countermeasures, such as random pre-charging and random delay insertion, a peephole optimization suffice
22/46 Transformation Target Identification • Other countermeasures, such as masking and instruction shuffling protect idioms that depend on critical data and its control dependencies • The program slicing technique is used to group the sensitive idioms that have dependencies • A forward slice contains all idioms in a program that may be affected by a given set of variables at some point in the program • As a result, transformation targets of countermeasures that use dependencies of idioms are forward slices constructed for all of the critical data in the program
23/46 Code Transformation • The compiler applies the appropriate code transformation to the transformation targets identified • The protected assembly language program is returned as output
24/46 Local Code Transformations • Random pre-charging ▫ The data path is randomly charged before and after a critical instruction using randomly generated operands ▫ effective on devices that have high dynamic power consumption • The key idea is to randomize the bits and therefore power consumption on the critical components, such as a register or data bus
25/46 Local Code Transformations • The protection offered by random pre-charging differ for each device, depending on its power consumption characteristics. • For example, random pre-charging would not offer protection for devices that employ precharged busses.
26/46 Global Code Transformations • Boolean masking known to provide strong protection against first-order attacks • Boolean masking XOR’s the intermediate results of a computation with some uniformly random values (masks) so that none of the intermediate values are revealed
27/46 Global Code Transformations • Each slice identified for protection includes a set of idioms that directly access critical data followed by their ancestors that depend on the critical data • The compiler first applies the masks at the sources then traverses the slice forward, propagating the masks along to intermediate nodes • Masks are removed at the sinks at the end of slice
28/46 Mask Application and Propagation
29/46 Masking Linear Operations • For maximum security, the compiler never reveals the intermediate values • It also does not generate an assembly language program that performs two consecutive operations whose Hamming distance is equal to an intermediate value
30/46 Masking Non-Linear Operations • Cryptographic algorithms use non-linear operations to obscure the relationship between plaintext and cipher text • Non-linear operations are generally the target of side channel attacks, because they highlight the difference between incorrect and correct key guesses; this increases the probability of a successful attack • Non-linear operations are typically implemented as lookup tables in software
31/46 Experimental Setup • Random pre-charging selected as an example of a countermeasure for which peephole optimization suffices • Boolean masking is an example of a countermeasure that requires global code transformation for proper insertion • AES and Clefia were the two block ciphers used as benchmarks
32/46 Experimental Setup • Attacks actually performed and counter measures tested on real-world device
33/46 Random Pre-charging Results • Sensitivity values for each clock cycle during the execution of one round of the unprotected AES implementation. Higher sensitivity values means higher vulnerability to side-channel attacks
34/46 Random Pre-charging Results • Sensitivity values for the partially-protected implementation are below the threshold value of 0. 4 during every clock cycle
35/46 Reduction in Sensitivity Values • For the protected code segment, the sensitivity of all instructions is now below the threshold
36/46 Random Pre-charging Results • Random pre-charging is automatically applied on each implementation, using two different threshold values: the 0. 4 and zero (for full protection) • The partially-protected version of each implementation achieves the same level of security as the fully-protected version with up to 52% runtime and 48% code-size improvement
37/46 Instruction Overhead • 52 -218% for Partial Protection • 217 -292% for Full Protection
38/46 Code Size Overhead • 76 -162% for Partial Protection • 169 -249% for Full Protection
39/46 Boolean Masking Results • Performance hit ranged from 4%-66% • Code size increased between 19% and 66%
40/46 Discussion • Information leakage analysis and transformation target identification are generic and can be used for the application of any countermeasure • Code transformations are countermeasure specific and have to be extended to support different countermeasures
41/46 Discussion • The proposed compiler: ▫ Automatically determines and protects the most sensitive instructions, while obtaining comparable security to fully-protected implementations, with much less overhead ▫ Can be used by software engineers who do not have any background in cryptography
42/46 Discussion • None of the known countermeasures guarantee perfect security! • They increase the effort required to mount a successful attack
Thank you!
- Ali galip bayrak
- Galip cem berk
- Guide to network defense and countermeasures
- Guide to network defense and countermeasures
- Cyber security threats and countermeasures
- Csrf countermeasures
- Cache attacks and countermeasures: the case of aes
- Spill prevention control & countermeasures training
- Operational auditing
- Whirshark
- Real power and reactive power
- Automatic transmit power control
- Application of power mosfet
- Applications of maximum power transfer theorem
- Applications of insulating materials in transformers ppt
- Application of power screw
- Solar power satellites and microwave power transmission
- Actual power and potential power
- Flex28024a
- Dispersive power of grating experiment
- Power of a power property
- Chain rule範例
- Power angle curve in power system stability
- Power bi training powerpoint
- Power delivered vs power absorbed
- Automatic delivery pipette
- Octopus deploy linux tentacle
- Choque medular
- Automatic pet feeder project report
- Automatic input device
- Feedback-directed random test generation
- Automatic reinforcement aba example
- Private automatic branch exchange (pabx)
- What is office automation system (oas)
- Automatic transmission troubleshooting chart
- Functions of pipette
- Explain machine independent loader features in detail.
- What is automatic library search
- Estab in system software
- History of automatic control
- Chunking ap psychology definition
- Output
- Fleet management
- Komponen utama automatic transmission