Scramble Suit: A Profile Differentiation Countermeasure to Prevent Template Attacks

Barenghi, Alessandro; Fornaciari, William; Pelosi, Gerardo; Zoni, Davide

doi:10.1109/tcad.2019.2926389

Cited by 11 publications

(11 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The actual dynamics of the power consumption signal is several orders of magnitude slower with respect to the one of a computing platform and the electricity provider is interested in the actual energy consumption over a period of time, and not to the instantaneous value of the power consumption. Moreover, hiding techniques leveraging noise signals are known to be ineffective against side-channel attacks [7]. [3], [4] demonstrate the possibility of setting up a successful side-channel attack by exploiting the link between the statistics of the architectural performance counters and the data being computed.…”

Section: Background and Related Workmentioning

confidence: 99%

Design of Side-Channel-Resistant Power Monitors

Zoni

Cremona

Fornaciari

2022

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

View full text Add to dashboard Cite

In modern computing platforms, power monitors are employed to deliver online power estimates to support different run-time power-performance optimization methodologies. However, the possibility of setting up a successful sidechannel attack by analyzing the power estimates imposes the use of a suitable and systematic approach in the design of such power monitors. This paper proposes a design methodology to automatically identify and implement side-channel resistant power monitors at the hardware level, for generic computing platforms. The methodology works by designing a power monitor for which the switching activity of the signals used to compute the power estimates is not a function of both the secret key and the plaintext/ciphertext values processed by the computing platform. According to the most recent standardized methodologies to assess the side-channel security, our experimental validation leverages both CPA and t-test analysis considering a general purpose System-on-Chip executing different cryptographic primitives and an application-specific accelerator implementing the AES-128 algorithm. Our results confirm the impossibility of retrieving the secret key from the power estimates provided by our side-channel resistant power monitor. Considering several temporal resolutions, we highlight an accuracy error of the power estimates limited to less than 2.7%, as well as an average area and power overheads for the protected power monitors lower than 6% and 5%, respectively. To this end, the proposed methodology is able to deliver a side-channel resistant power monitor within state-of-the-art accuracy error and overheads.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Design of Side-Channel-Resistant Power Monitors

Zoni

Cremona

Fornaciari

2022

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, it has been experimentally shown in [1]- [5] that building a profile employing measurements coming from multiple device instances (Multi Device Model, MDM) and reducing the measurement setup differences, leads to successful profiled SCAs, regardless of the specific profiling technique (i.e., Bayesian templates or machine learning/neural networks based classifiers). While natural inter-device variability was proven to be manageable by an attacker, the authors of [6] report a countermeasure against profiled attacks named Scramble Suit, which introduces an approach to amplify the said inter-device variability to the point where the profile distortion prevents attacks in a systematic fashion. In [6], such amplification is obtained computing two identical instances of the cipher to be protected, one of which acts on a scrambling secret key derived blending together a device-dependent element while the other employs the actual user-supplied key.…”

Section: Introductionmentioning

confidence: 99%

“…While natural inter-device variability was proven to be manageable by an attacker, the authors of [6] report a countermeasure against profiled attacks named Scramble Suit, which introduces an approach to amplify the said inter-device variability to the point where the profile distortion prevents attacks in a systematic fashion. In [6], such amplification is obtained computing two identical instances of the cipher to be protected, one of which acts on a scrambling secret key derived blending together a device-dependent element while the other employs the actual user-supplied key. This approach superimposes a device-and-computation dependent noise onto the side channel signal coming from the computation with the user key.…”

Section: Introductionmentioning

confidence: 99%

A Non Profiled and Profiled Side Channel Attack Countermeasure through Computation Interleaving

Piacentini,

Barenghi,

Pelosi

2023

2023 26th Euromicro Conference on Digital System Design (DSD)

Self Cite

View full text Add to dashboard Cite

Side channel attacks analyse devices to retrieve secret informations. These attacks can be performed using either a synthetic model or by profiling a specific instance of the targeted design. Our proposal is a novel countermeasure characterized by temporal interleaving of the computation. This approach improves upon existing methods by rendering the profiled models of a device non-portable and offering resistance against firstorder non-profiled attacks. The assessment of the security of our proposed approach covers scenarios of profiled attacks with feature reduction techniques, both under a single-device and multi-device model, as well as first-order non-profiled attacks. Our design demonstrates improved results in terms of resource consumption and timing when compared to alternative solutions.

show abstract

“…However, the security strength of the cryptographic system is directly connected to the quality of the used random numbers, thus highlighting true random number generators (TRNGs) as essential components in the security infrastructure [8]. The correct implementation of TRNGs is indeed paramount to ensuring the effective security of the wide array of cryptographic primitives where they are employed, such as traditional [7] and post-quantum [10,12,19,20] key exchange mechanisms, digital signature schemes [5,11,15], and countermeasures to side-channel attacks [3,21]. A TRNG must therefore produce a sequence of numbers such that the generated values are statistically independent, uniformly distributed, and unpredictable.…”

Section: Introductionmentioning

confidence: 99%

On the Effectiveness of True Random Number Generators Implemented on FPGAs

Galli

Galimberti²,

Fornaciari³

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Randomness is at the core of many cryptographic implementations. True random number generators provide unpredictable sequences of numbers by exploiting physical phenomena. This work compares multiple literature proposals of true random number generators targeting FPGAs. The considered TRNGs are obtained as the combinations of three digital noise sources, namely, NLFIRO, PLL-TRNG, and ES-TRNG, and three post-processing techniques, namely, XOR, Von Neumann, and LFSR. The resulting combinations of such components are evaluated in terms of security, throughput, and resource utilization. The experimental results, which were collected on Xilinx Artix-7 FPGAs, highlight the importance of the post-processing stage for security purposes and reveal NLFIRO as the best digital noise source and LFSR as the best post-processing technique, having the highest throughput with excellent security performance without compromising area and power consumption.Keywords: Field programmable gate arrays • True random number generators • Hardware-based security primitives • Side-channel attacks Supported by the EU Horizon 2020 "TEXTAROSSA" project (Grant No. 956831).

show abstract

Scramble Suit: A Profile Differentiation Countermeasure to Prevent Template Attacks

Cited by 11 publications

References 54 publications

Design of Side-Channel-Resistant Power Monitors

Design of Side-Channel-Resistant Power Monitors

A Non Profiled and Profiled Side Channel Attack Countermeasure through Computation Interleaving

On the Effectiveness of True Random Number Generators Implemented on FPGAs

Contact Info

Product

Resources

About