Side-Channel Countermeasures’ Dissection and the Limits of Closed Source Security Evaluations

Bronchain, Olivier; Standaert, François‐Xavier

doi:10.46586/tches.v2020.i2.1-25

Cited by 13 publications

(14 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our view is that countermeasures should provide security independent of the attack / evaluation strategy, and that a single (e.g., machine learning / deep learning) tool is unlikely to provide strong theoretical guarantees, especially in a black box context. So this study has to be seen as complementary to discussions which show that there are realistic implementations for which black box security evaluations can be much less efficient than informed ones [5]. We show that there are (less realistic) implementations where black box security evaluations cannot succeed at all.…”

Section: Introductionmentioning

confidence: 74%

See 1 more Smart Citation

How to fool a black box machine learning based side-channel security evaluation

et al. 2021

Self Cite

View full text Add to dashboard Cite

Machine learning and deep learning algorithms are increasingly considered as potential candidates to perform black box side-channel security evaluations. Inspired by the literature on machine learning security, we put forward that it is easy to conceive implementations for which such black box security evaluations will incorrectly conclude that recovering the key is difficult, while an informed evaluator / adversary will reach the opposite conclusion (i.e., that the device is insecure given the amount of measurements available).

show abstract

Section: Introductionmentioning

confidence: 74%

“…Both are derived from the open-source DOM protected AES instantiated with two shares. 5 The protected one is fed with fresh randomness generated from an AES-based PRG. The unprotected one is strictly the same except that it is fed with a constant as randomness.…”

Section: Measurement Setupmentioning

confidence: 99%

How to fool a black box machine learning based side-channel security evaluation

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…• We show that despite the fact that bitslice masking provides better opportunity for secure implementation than the table-based solutions considered in [BKPT,BS20], it remains hard to reach high security levels in the investigated low-end devices.…”

Section: Contributionsmentioning

confidence: 89%

“…Somewhat surprisingly, the amount of public research in this direction is quite limited. Examples include multivariate attacks against masked tables' re-computation algorithms [TWO13,BGNT18] and their recent application to an open-source affine masked implementation proposed by the French ANSSI [BKPT,BS20]. These investigations put forward that implementing masking securely in a software device with limited noise is a challenging task, and suggest bitslice implementations as one of the natural directions to reach higher security levels.…”

Section: Introductionmentioning

confidence: 99%

Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

Bronchain

Standaert

2021

TCHES

Self Cite

View full text Add to dashboard Cite

We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde, in ARM Cortex-M0 and M3 devices. Rather than looking for possibly reduced security orders (as frequently considered in the literature), we directly target these implementations by assuming their maximum security order and aim at reducing their noise level thanks to multivariate, horizontal and analytical attacks. Our investigations point out that the Cortex-M0 device has so limited physical noise that masking is close to ineffective. The Cortex-M3 shows a better trend but still requires a large number of shares to provide strong security guarantees. Practically, we first exhibit a full 128-bit key recovery in less than 10 traces for a 6-share masked AES implementation running on the Cortex-M0 requiring 232 enumeration power. A similar attack performed against the Cortex-M3 with 5 shares require 1,000 measurements with 244 enumeration power. We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of the CHES 2020 CTF. We complement these experiments with a careful information theoretic analysis, which allows interpreting our results. We also discuss our conclusions under the umbrella of “backwards security evaluations” recently put forwards by Azouaoui et al. We finally extrapolate the evolution of the proposed attack complexities in the presence of additional countermeasures using the local random probing model proposed at CHES 2020.

show abstract

“…The first limitation of [USS + 20] relates to its motivation of enabling secure firmware updates by leveraging hardware coprocessors rather than countermeasures like masking. While this appears as a strong motivation given the challenge of implementing masking securely on low-end devices [BS20], we observe that the main security property that is required for this purpose is ciphertext integrity with leakage in decryption. As discussed in [BPPS17], this property can be reached with two calls to a strongly protected block cipher and letting most of the other parts of the implementation leak in an unbounded manner.…”

Section: Introductionmentioning

confidence: 92%

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Bronchain

Momin

Peters

et al. 2021

TCHES

Self Cite

View full text Add to dashboard Cite

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end microcontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, an

show abstract

Side-Channel Countermeasures’ Dissection and the Limits of Closed Source Security Evaluations

Cited by 13 publications

References 23 publications

How to fool a black box machine learning based side-channel security evaluation

How to fool a black box machine learning based side-channel security evaluation

Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Contact Info

Product

Resources

About