automated software protection for the masses against side
play

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL - PowerPoint PPT Presentation

Mar 20, 2023 •174 likes •715 views

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

  1. Nicolas Belleville 1 Damien Couroussé 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Université, CNRS, LIP6, F-75005, Paris, France firstname.lastname@lip6.fr AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS

  2. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … Ciphertexts produced Try to find the key using: • measurements • ciphertexts or plaintexts • a consumption model | 2

  3. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … x1 Ciphertexts produced Try to find the key using: ??? • measurements • ciphertexts or plaintexts • a consumption model | 3

  4. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … x10 Ciphertexts produced Try to find the key using: ??? • measurements • ciphertexts or plaintexts • a consumption model | 4

  5. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … x100 Ciphertexts produced Try to find the key using: ??? • measurements • ciphertexts or plaintexts • a consumption model | 5

  6. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … x290 Ciphertexts produced <5kB Try to find the key using: (less than a hello ฀ • world binary file) measurements • ciphertexts or plaintexts • a consumption model | 6

  7. SIDE CHANNEL ATTACKS Electromagnetic emissions Power consumption … x290 Ciphertexts produced <5kB Make this Try to find the key using: (less than a hello ฀ ? • bigger! world binary file) measurements • ciphertexts or plaintexts • a consumption model | 7

  8. SOFTWARE COUNTERMEASURES secret: 01001101 Masking Hiding split secret add noise into shares share 1: 10010001 share 2: 11011100 secret: 01001101 share1 xor share2 = secret Measurements Measurements are no more are noisy directly correlated to secret Attack is harder | 8

  9. SOFTWARE COUNTERMEASURES secret: 01001101 Masking Hiding split secret add noise into shares share 1: 10010001 share 2: 11011100 secret: 01001101 share1 xor share2 = secret Measurements Measurements are no more are noisy directly correlated to secret Attack is harder | 9

  10. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic emissions Function’s Power result consumption change this don’t change this | 10

  11. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic Executed depends on impacts emissions Function’s instructions Power result Manipulated data consumption change this don’t change this | 11

  12. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic Executed impacts impacts emissions Function’s instructions Power result Manipulated data consumption change this don’t change this | 12

  13. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic Executed impacts impacts emissions Function’s instructions Power result Manipulated data consumption change this change this don’t change this | 13

  14. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic Instructions Electromagnetic impacts impacts emissions Function’s Instructions Electromagnetic executed emissions Function’s Executed Power result executed emissions Function’s Data manipulated Power result instructions consumption Data manipulated Power result consumption Manipulated data consumption change this change this don’t change this | 14

  15. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Electromagnetic Instructions Electromagnetic impacts impacts emissions Function’s Instructions Electromagnetic executed emissions Function’s Executed Power result executed emissions Function’s Data manipulated Power result instructions consumption Data manipulated Power result consumption Manipulated data consumption change this change this don’t change this Runtime code generation only use code regenerate a transformations that different code preserve program regularly semantics | 15

  16. CODE POLYMORPHISM WITH RUNTIME CODE GENERATION Issues Our contributions Countermeasures are usually manually Automatic application of the applied countermeasure Countermeasures are usually given for Any code can be hardened particular ciphers Target a wide range of platforms (be Use static memory allocation lightweight) Allocation of a realistic size (don’t waste memory) Use specialized code generation An attacker may write on an executable Use the specialization of the generator to memory section manage memory permissions Hard to have a good trade-off between Highly configurable → possible to find a security and performance trade-off | 16

  17. SIDE CHANNEL ATTACKS Unprotected Electromagnetic emissions Power consumption … x290 Ciphertexts produced 5kB Try to find the key using: (less than a hello ฀ • world binary file) measurements • ciphertexts or plaintexts • a consumption model | 17

  18. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x290 Ciphertexts produced 5kB Try to find the key using: (less than a hello ??? • world binary file) measurements • ciphertexts or plaintexts • a consumption model | 18

  19. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x1 000 Ciphertexts produced 16kB Try to find the key using: (one second ??? • of an mp3 file) measurements • ciphertexts or plaintexts • a consumption model | 19

  20. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x10 000 Ciphertexts produced 160kB Try to find the key using: (10 seconds ??? • of an mp3 file) measurements • ciphertexts or plaintexts • a consumption model | 20

  21. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x100 000 Ciphertexts produced 1.6MB Try to find the key using: (our paper) ??? • measurements • ciphertexts or plaintexts • a consumption model | 21

  22. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x1 000 000 Ciphertexts produced 16MB Try to find the key using: (a 20Mpixels ??? • jpeg image) measurements • ciphertexts or plaintexts • a consumption model | 22

  23. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x3 800 000 Ciphertexts produced 60MB Try to find the key using: (a 3minutes long ฀ • full HD video) measurements • ciphertexts or plaintexts • a consumption model | 23

  24. SIDE CHANNEL ATTACKS Protected Electromagnetic emissions Power consumption x2.5 overhead … x3 800 000 x13 000 Ciphertexts improvement! produced 60MB Try to find the key using: (a 3minutes long ฀ • full HD video) measurements • ciphertexts or plaintexts • a consumption model | 24

  25. OUTLINE • Background • Side channel attacks • Software countermeasures • Code polymorphism • Automated application of code polymorphism • Overview • Code transformations used • Memory management • Experimental evaluation • Performance evaluation • Security evaluation | 25

  26. OUTLINE • Background • Side channel attacks • Software countermeasures • Code polymorphism • Automated application of code polymorphism • Overview • Code transformations used • Memory management • Experimental evaluation • Performance evaluation • Security evaluation | 26

  27. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Specialized Wrapper function runtime code generator Main idea: The annotated function is replaced by a wrapper and a generator | 27

  28. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Wrapper s Specialized function s runtime code generator s Main idea: Each annotated function has its own generator (with shared code segments) | 28

  29. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Wrapper s Specialized function s runtime code generator s Main idea: Each annotated function has its own generator (with shared code segments) | 29

  30. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Wrapper s Specialized function s runtime code generator s Main idea: Each annotated function has its own generator (with shared code segments) | 30

  31. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Specialized Wrapper function runtime code generator | 31

  32. OVERVIEW STATICALLY Modified .c .c Compiler binary compiler Annotated Specialized Wrapper function runtime code generator Main idea: RUNTIME At runtime, a new polymorphic instance is Wrapper generated at each call ③ calls ① calls Runtime code polymorphic ② generates polymorphic polymorphic polymorphic polymorphic polymorphic polymorphic generator instance instance instance instance instance instance instance | 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection

Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection

Software Protection Evaluation Bjorn De Sutter ISSISP 2017 Paris 1 Software Protection Evaluation Four criteria (Collberg et al) Potency : confusion, complexity, manual effort Resilience : resistance against (automated) tools

839 views • 68 slides
Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy

Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy

Automated Segmentation of Suspicious Breast Masses from Ultrasound Images Viksit Kumar, Jeremy Webb, Adriana Gregory, Mostafa Fatemi, Azra Alizad GTC 2018, San Jose, USA SIGNIFICANCE Breast cancer is most common and leading cause of death in

303 views • 13 slides
Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

Towards Automated Software Project Planning Extending Palladio for the Simulation of Software

KPD Symposium 2013 Position Paper Towards Automated Software Project Planning Extending Palladio for the Simulation of Software Processes Oliver Hummel &amp; Robert Heinrich sdq.ipd.kit.edu SOFTWARE DESIGN AND QUALITY GROUP INSTITUTE FOR

233 views • 11 slides
Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with

Searching for the Best Tests An Introduction to Automated Software Testing with Search-Based Techniques Gregory M. Kapfhammer Department of Computer Science Allegheny College March 31, 2015 Software is Everywhere Software is

1.71k views • 144 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software

The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software

The Business Side of a Software Architect Tomer Peretz, Orbotech About Me Chief Software Architect at Orbotech Presidency member at ILTAM 2 | The business side of a software architect Orbotech in the Electronics Value Chain Today Flat

464 views • 24 slides
Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and

Lecture on Automated Software Engineering Alloy: Analyzing Software Requirements, Design and Algorithms Martin Monperrus, Ph.D. version of Oct 15, 2012 Creative Commons Attribution License Copying and modifying are authorized as long as

818 views • 34 slides
Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and mixing Consequences of neutrino masses Neutrino masses from gravity, what has been done Neutrino masses from gravity: the Schwinger Dyson

741 views • 52 slides
S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical

S V V .lu software verification &amp; validation Automated Software Testing in Cyber-Physical Systems Lionel Briand NUS, Singapore, 2019 Dependable Breakfast 2 SnT Center: Mandate 3 SnT Center: Overview 101 M 287 employees 51

1.36k views • 94 slides
Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr

Automated Software Transplantation ( ISSTA 2015 ) Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Justyna Petke Automated Software Transplantation Genetic Improvement of Software

418 views • 22 slides
Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution Eric Schulte Department of Computer Science University of New Mexico Albuquerque, NM July 2014 Neutral Networks and Automated Software Evolution

1.51k views • 147 slides
Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan,

Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan,

Playing with Binary Analysis Deobfuscation of VM based software protection Jonathan Salwan, Sbastien Bardin and Marie-Laure Potet SSTIC 2017 Topic Binary protection Virtualization-based software protection Automatic

933 views • 72 slides
Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science

Automated Software Testing with Inferred Program Properties Tao Xie Dept. of Computer Science &amp; Engineering University of Washington Joint work with David Notkin July 2004 Motivation Existing automated test generation tools are

638 views • 43 slides
Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Alexandru Marginean Automated Software Transplantation Humies 2016 Why Autotransplantation?

1.06k views • 87 slides
Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia

Automated Software Transplantation Earl T. Mark Yue Alexandru Justyna Barr Harman Jia Marginean Petke CREST, University College London Alexandru Marginean Automated Software Transplantation Why Autotransplantation? ~100 players

593 views • 20 slides
Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse

Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse

Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse Feature Learning 3 March 2015 Multiple Component Models 1 Translation Model Language Model Reordering Model Philipp Koehn Machine

775 views • 59 slides
Pretzelocity Pretzelocity &amp; &amp; Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma

Pretzelocity Pretzelocity &amp; &amp; Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma

Pretzelocity Pretzelocity &amp; &amp; Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma ( Bo-Qiang Ma ( ) ) PKU PKU ( ) ? 2nd Workshop on Hadron Physics in China and

641 views • 45 slides
Using Python and XMPP to build a decentralized social network J er ome Poisson (Goffi)

Using Python and XMPP to build a decentralized social network J er ome Poisson (Goffi)

Using Python and XMPP to build a decentralized social network J er ome Poisson (Goffi) FOSDEM Saturday 30th January 2016 Some words about the project a lot of features other interfaces about the technologies global architecture

538 views • 32 slides
Joseph John Thomson 1856-1940 Discovery of electron and e/m measurement First mass spectrometer

Joseph John Thomson 1856-1940 Discovery of electron and e/m measurement First mass spectrometer

Joseph John Thomson 1856-1940 Discovery of electron and e/m measurement First mass spectrometer and discovery of isotopes Proposed the idea of waveguides Thomson scattering Plum pudding model of the atom Admitted to Owens College

332 views • 4 slides
WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY &amp; VOTING MEMBERS | CALL TO ORDER BOARD

WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY &amp; VOTING MEMBERS | CALL TO ORDER BOARD

BOARD MEETING | F EBRUARY 23, 2018 WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY &amp; VOTING MEMBERS | CALL TO ORDER BOARD MEETING | F EBRUARY 23, 2018 CONSENT AGENDA VOTING DIRECTORS TO APPROVE CONSENT AGENDA Review of Minutes and

841 views • 58 slides
GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O.

GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O.

GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O. Levillain GASP 1/39 Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing

977 views • 74 slides
Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science, University of Bristol Finse Winter School, 7 May 2015 Security protocols: roles and goals Roles: P 1 , . . . , P n (e.g. clients, servers, devices,

1.43k views • 127 slides
THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing,

THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing,

DATA MINING THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing, mining, and post-processing Sampling, feature extraction and normalization Exploratory analysis of data basic statistics What is data

2.11k views • 139 slides

More recommend