Sleuth: Automated Verification of Software Power Analysis Countermeasures

Bayrak, Ali Galip; Regazzoni, Francesco; Novo, David; Ienne, Paolo

doi:10.1007/978-3-642-40349-1_17

Cited by 58 publications

(44 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Sleuth [BRNI13] is a SAT-based methodology that outputs a hard yes/no answer to the question of whether the countermeasures are effective or not. A limitation of [BRNI13] is that it does not attempt to quantify the degree of (in)security. A first approximation to the problem was tackled in [EWTS14,ABMP13].…”

Section: Related Workmentioning

confidence: 99%

Detecting Flawed Masking Schemes with Leakage Detection Tests

Reparaz

2016

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. Masking is a popular countermeasure to thwart side-channel attacks on embedded systems. Many proposed masking schemes, even carrying "security proofs", are eventually broken because they are flawed by design. The security validation process is nowadays a lengthy, tedious and manual process. In this paper, we report on a method to verify the soundness of a masking scheme before implementing it on a device. We show that by instrumenting a high-level implementation of the masking scheme and by applying leakage detection techniques, a system designer can quickly assess at design time whether the masking scheme is flawed or not, and to what extent. Our method requires not more than working high-level source code and is based on simulation. Thus, our method can be used already in the very early stages of design. We validate our approach by spotting in an automated fashion first-, second-and thirdorder flaws in recently published state-of-the-art schemes in a matter of seconds with limited computational resources. We also present a new second-order flaw on a table recomputation scheme, and show that the approach is useful when designing a hardware masked implementation.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting Flawed Masking Schemes with Leakage Detection Tests

Reparaz

2016

Fast Software Encryption

View full text Add to dashboard Cite

show abstract

“…However, it becomes difficult to determine the effectiveness of this protection against other fault models -and, more largely, of any protections on large code -without the help of formal methods. There are different means to prove (security) properties: model checking [12], SAT [15], SMT [16], taint analysis [17], rewriting rules using modular arithmetic [6], use of a proof assistant like Coq [18], etc. Moro et al have proposed countermeasures and proved their tolerance against an instruction skip using model checking with BDD [12].…”

Section: Related Workmentioning

confidence: 99%

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Goubet

Heydemann

Encrenaz

et al. 2016

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against faultinjection attacks. By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths. Using the tool we developed, we evaluated the robustness of state-of-theart countermeasures against fault injection attacks. Based on insights gathered from this evaluation, we analyze any remaining weaknesses and propose applications of these countermeasures that are more robust.

show abstract

“…Another recent series of papers use type systems and SMT solvers for verifying whether cryptographic implementations are correctly masked [33,9,17]; in particular, Eldib and Wang [16] have developed a method for synthesis of masking countermeasures.…”

Section: Related Workmentioning

confidence: 99%

Synthesis of Fault Attacks on Cryptographic Implementations

Barthe

Dupressoir

Fouque

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Abstract. Fault attacks are active attacks in which an adversary with physical access to a cryptographic device, for instance a smartcard, tampers with the execution of an algorithm to retrieve secret material. Since the seminal Bellcore attack on RSA signatures, there has been extensive work to discover new fault attacks against cryptographic schemes, and to develop countermeasures against such attacks. Originally focused on high-level algorithmic descriptions, these works increasingly focus on concrete implementations. While lowering the abstraction level leads to new fault attacks, it also makes their discovery significantly more challenging. In order to face this trend, it is therefore desirable to develop principled, tool-supported approaches that allow a systematic analysis of the security of cryptographic implementations against fault attacks. We propose, implement, and evaluate a new approach for finding fault attacks against cryptographic implementations. Our approach is based on identifying implementation-independent mathematical properties we call fault conditions. We choose them so that it is possible to recover secret data purely by computing on sufficiently many data points that satisfy a fault condition. Fault conditions capture the essence of a large number of attacks from the literature, including lattice-based attacks on RSA. Moreover, they provide a basis for discovering automatically new attacks: using fault conditions, we specify the problem of finding faulted implementations as a program synthesis problem. Using a specialized form of program synthesis, we discover multiple faulted implementations on RSA and ECDSA that realize the fault conditions, and hence lead to fault attacks. Several of the attacks found by our tool are new, and of independent interest.

show abstract

Sleuth: Automated Verification of Software Power Analysis Countermeasures

Cited by 58 publications

References 22 publications

Detecting Flawed Masking Schemes with Leakage Detection Tests

Detecting Flawed Masking Schemes with Leakage Detection Tests

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Synthesis of Fault Attacks on Cryptographic Implementations

Contact Info

Product

Resources

About