a practical methodology for measuring the side channel
play

A Practical Methodology for Measuring the Side- Channel Signal - PowerPoint PPT Presentation

Oct 29, 2023 •155 likes •350 views

A Practical Methodology for Measuring the Side- Channel Signal Available to the Attacker for Instruction- Level Events Robert Callan, Alenka Zajic, and Milos Prvulovic @ MICRO14 (Paper #48) EECS 573 Sung Kim and Siying Feng 6/7/2017 1 1

  1. A Practical Methodology for Measuring the Side- Channel Signal Available to the Attacker for Instruction- Level Events Robert Callan, Alenka Zajic, and Milos Prvulovic @ MICRO’14 (Paper #48) EECS 573 Sung Kim and Siying Feng 6/7/2017 1 1

  2. Outline • Motivation • Contributions • Technical Details • Experiments • Conclusions • Q&A 6/7/2017 2 2

  3. Motivation Side-channel vulnerabilities are abundant, but badness is unquantified Electromagnetic (EM) Aural Electronic 6/7/2017 3 3

  4. Contributions SAVAT: S ignal Av ailable to At tacker • A definition and measurement methodology for side-channel vulnerability Side-channel Measurement SAVAT System A System B 6/7/2017 4 4

  5. Aside - Differential Power Analysis (DPA) Biases in power data can stem from: • Data-dependent variability • Conditionally-executed code segments Guesses Crypto routine Statistical test about secret data (e.g., private key) 6/7/2017 5 5

  6. Aside - Differential Power Analysis (DPA) E.g., attack on first byte of an AES key [*] One example incorrect hypothesis Correct hypothesis [*] T. Popp, S. Mangard and E. Oswald, "Power Analysis Attacks and Countermeasures," IEEE Design & Test of Computers , 2007. 6/7/2017 6 6

  7. Technical Details 1/3 - SAVAT Definition SAVAT := Difference in signal caused by instruction A versus instruction B 6/7/2017 7 7

  8. Technical Details 2/3 - Implementation Naive implementation 1. Execute code containing instr. A 2. Execute code containing instr. B 3. Compare diff. caused by A v.s. B Problems • Signal strength/noise • Alignment in time • Sampling rate [*] Figure from R. Callan et al., 2014 6/7/2017 8 8

  9. Technical Details 3/3 - Practical Implementation Idea: construct periodic signal based on alternating inst. A and inst. B: [*] Figure from R. Callan et al., 2014 6/7/2017 9 9

  10. Technical Details 3/3 - Practical Implementation Low-freq. signal at “alternation frequency” of instruction loops - low sampling rate Implementation Idea while(1) { for( … ) { Do inst. A } for( … ) { Do inst. B } } [*] Figure from R. Callan et al., 2014 6/7/2017 10 10

  11. Experimental Setup • Single-threaded user mode applications • EM signal measured using • Magnetic loop antenna • Spectrum analyzer • A/B alternation frequency of 80 kHz • Measurement distance of 10 cm • Additional measurements for Core 2 Duo laptop at 50 cm and 100 cm 6/7/2017 11 11 [*] Figure from R. Callan et al., 2014

  12. Experimental Setup • Measure the total received signal power in the frequency band 80 KHz ± 1 KHz • Actual alternation frequency is slightly different • Same-instruction alternation measurements are good estimates of the experimental error 6/7/2017 12 12 [*] Figure from R. Callan et al., 2014

  13. RESULT - SAVAT (zJ) for Core 2 Duo Laptop • SAVAT values extremely small (1 zJ = 10 -21 J) • Many instructions worth of differences are needed for attackers • Large variation in SAVAT among instruction pairs • Some instruction pairs are easier to identify • Average stdev-to-mean ratio is 5% • Experiments are repeatable 6/7/2017 13 13 [*] Figure from R. Callan et al., 2014

  14. RESULT - SAVAT (zJ) for Core 2 Duo Laptop • Four groups of instructions having low intra-group and high inter-group SAVATs • The off-chip access group, the L2 hit group, the arithmetic/L1 group, DIV • L2 store hit more distinguishable than L2 load hit • Off-chip memory access and L2 hits have similar SAVAT 6/7/2017 14 14 [*] Figure from R. Callan et al., 2014

  15. RESULT - SAVAT (zJ) for Pentium 3 M Laptop • Several processor generations older • DIV easier to distinguish from other arithmetic instructions • SAVAT for ADD/DIV 10x higher than Core 2 Duo Core 2 Duo Pentium 3 M • Off-chip access have higher SAVAT than L2 access (LDM > STM) • High-SAVAT of DIV and off-chip • Reduced for Core 2 Duo design 6/7/2017 15 15 [*] Figure from R. Callan et al., 2014

  16. RESULT - SAVAT (zJ) at 50 cm and 100 cm • Significantly lower SAVAT values • Off-chip events have higher SAVAT values than on-chip events 50 cm 100 cm 10 cm 6/7/2017 16 16 [*] Figure from R. Callan et al., 2014

  17. Conclusion • SAVAT • A metric that measures the side channel created by a specific single-instruction difference in program execution • Practical methodology • Only user-level permission and realistic measurement equipments required • Results • Confirm intuitive expectations, e.g. off-chip vs. on-chip • At short distance • DIV has higher SAVAT • LDM/SDM has similar SAVAT as LDL2/STL2 6/7/2017 17 17

  18. Questions? 6/7/2017 18 18

  19. Discussion • Is SAVAT useful? (yes v.s. no) • e.g., codes are usually a combination of different instructions • Is their practical measurement methodology valid? (advantages v.s. pitfalls) • i.e., alternating between loops of inst. A and inst. B • Is SAVAT compatible with multicore systems? Bonus • Is SAVAT practical for modern ISAs? • The number of instructions in x86 ISA is in the order of thousands • Does SAVAT catch data-dependent differences in power? 6/7/2017 19 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - 29. August 2015 Tobias Schneider & Amir Moradi Ruhr-Universitt Bochum Embedded Security Group Outline Motivation Statistical Background Testing

461 views • 43 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th , 2015 Motivation Security Evaluation Leakage Assessment Methodology | CHES 2015 | Tobias Schneider 2

1.15k views • 81 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks & Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Advancing Methodology on Measuring Asset Ownership and Entrepreneurship from a Gender

Advancing Methodology on Measuring Asset Ownership and Entrepreneurship from a Gender

Advancing Methodology on Measuring Asset Ownership and Entrepreneurship from a Gender Perspective EDGE Side Event to the 48 th Session of the UN Statistical Commission New York, 4 March 2017 Overview of the EDGE initiative EDGE overview (1)

814 views • 36 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Brave, New Multi-Channel World Implementing & Measuring Integrated, Multi-Channel

Brave, New Multi-Channel World Implementing & Measuring Integrated, Multi-Channel

Brave, New Multi-Channel World Implementing & Measuring Integrated, Multi-Channel Campaign Strategies PRESENTED BY RICHARD BECKER, PRESIDENTTARGET ANALYTICS 10/27/12 Footer 1 AGENDA The Marketers Dilemma: How to Measure

315 views • 27 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Summary Summary What you need to know about concurrency What you need to know about concurrency

Summary Summary What you need to know about concurrency What you need to know about concurrency

Herb Sutter Software and the Concurrency Revolution Software and the Software and the Concurrency Revolution Concurrency Revolution Herb Sutter Herb Sutter Software Architect Software Architect Microsoft Developer Division Microsoft

351 views • 19 slides
Stephan Merz INRIA Lorraine & LORIA Nancy, France 1

Stephan Merz INRIA Lorraine & LORIA Nancy, France 1

Modeling and Developing Systems Using TLA + Stephan Merz INRIA Lorraine & LORIA Nancy, France 1

2.01k views • 143 slides
Verification with the Check suite Yatin Manerkar Princeton University ARM Cambridge, July 20 th ,

Verification with the Check suite Yatin Manerkar Princeton University ARM Cambridge, July 20 th ,

Automated Full-Stack Memory Model Verification with the Check suite Yatin Manerkar Princeton University ARM Cambridge, July 20 th , 2018 http:/ ://check.cs.p .princeton.edu/ What are Memory (Consistency) Models? Memory Consistency Models

2.2k views • 192 slides
Transfer Learning for Semi-Supervised Collaborative Recommendation Weike Pan 1 , Qiang Yang 2

Transfer Learning for Semi-Supervised Collaborative Recommendation Weike Pan 1 , Qiang Yang 2

Transfer Learning for Semi-Supervised Collaborative Recommendation Weike Pan 1 , Qiang Yang 2 , Yuchao Duan 1 and Zhong Ming 1 panweike@szu.edu.cn, qyang@cse.ust.hk, duanyuchao@email.szu.edu.cn, mingz@szu.edu.cn 1 College of Computer

318 views • 27 slides
Power-Aware Predictive Models of Hybrid (MPI/OpenMP) Scientific Applications on Multicore Systems

Power-Aware Predictive Models of Hybrid (MPI/OpenMP) Scientific Applications on Multicore Systems

Power-Aware Predictive Models of Hybrid (MPI/OpenMP) Scientific Applications on Multicore Systems Charles Lively III*, Xingfu Wu*, Valerie Taylor*, Shirley Moore+ , Hung-Ching Chang^, Chun-Yi Su^, and Kirk Cameron^ *Department of Computer

250 views • 24 slides
Reminder Final exam Standard Template Library II The date for the Final has been

Reminder Final exam Standard Template Library II The date for the Final has been

Reminder Final exam Standard Template Library II The date for the Final has been decided: Saturday, November 16 th 8am 10am 01-2000 Announcement Project Exam 2 Questions? Has been moved to Monday October

277 views • 6 slides
Announcement Final exam Standard Template Library II Tuesday, May 20 th 2:45

Announcement Final exam Standard Template Library II Tuesday, May 20 th 2:45

Announcement Final exam Standard Template Library II Tuesday, May 20 th 2:45 4:45pm Rm 70-1620 Announcement Speaking of Exams For those taking SE1 in the fall There will be no exam this week Now a studio

105 views • 7 slides
STL and Example Review <vector> Declaration: std::vector<T>vec = {initializer

STL and Example Review <vector> Declaration: std::vector<T>vec = {initializer

STL and Example Review <vector> Declaration: std::vector<T>vec = {initializer list} Access and modify: vec[index] = value Assignment of whole array: new_vec = vec Find size: vec.size() Extend: vec.push_back(val) How

384 views • 10 slides

More recommend