detecting similar code segments through side channel
play

Detecting Similar Code Segments through Side Channel Leakage in - PowerPoint PPT Presentation

Feb 13, 2023 •124 likes •464 views

Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 , 2 and Kerstin Lemke-Rust 1 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universitt Bochum 2 Germany November 29, 2017 Bonn-Rhein-Sieg

  1. Detecting Similar Code Segments through Side Channel Leakage in Microcontrollers Peter Samarin 1 , 2 and Kerstin Lemke-Rust 1 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universität Bochum 2 Germany November 29, 2017 Bonn-Rhein-Sieg University of Applied Sciences

  2. Motivation: Software Plagiarism in Microcontrollers ◮ A product comes to the market with the same capabilities ◮ Does the system contain our intellectual property? ? µC ◮ Adversary takes our binary ◮ Effective read-out protection ◮ Comparison of code binaries not possible ◮ Our solution : compare power side channel leakage of the two implementations Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 1 / 22

  3. Observations about the Power Side Channel Varying Power traces of Power traces of inputs program 1 program 2 Input = Input = samples from all samples from all traces at time traces at time ◮ high correlation when same data is processed ◮ low correlation when different data is processed Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 2 / 22

  4. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  5. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  6. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  7. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  8. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  9. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  10. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  11. Our Approach Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  12. Our Approach: Correlate at all Times Varying Power traces of Power traces of inputs program 1 program 2 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 3 / 22

  13. Expectations about the Similarity Matrix ◮ The similarity matrix shows at what time similar computations happen Identical program, Similar program, identical data similar data Di ff erent program Partially identical program, or identical data di ff erent data Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 4 / 22

  14. Our Approach: Similarity measure Suspicious program Genuine program abs(max(col )) Global similarity measure |Correlation| 1 0 Local similarity measure Segment 0 Segment 1 Segment 0 t Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 5 / 22

  15. Experimental Setup ◮ Smartcards with ATMega163 microcontroller ◮ 8-bit µC , running at 4MHz ◮ Measure using a digital oscilloscope (PicoScope 6402C) ◮ sampling rate is 375 MHz Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 6 / 22

  16. Test Programs: Implementations of AES in Assembly AES-0 PU L AK SB MC ∗ KE AK SB MC ∗ KE AK SB MC ∗ KE AK SB MC ∗ KE AK SB MC ∗ KE AK SB AES Labor PU KE PU L AK SB MC AES Furious KE # PU L L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AES Fast KE # PU L L AK R R R R R AES Fantastic PU L AK KE SB MC ∗ AK KE SB MC ∗ AK KE SB MC ∗ AK KE SB MC ∗ AK KE SB MC ∗ AK 0 100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2300 AES-0 MC ∗ KE AK SB MC ∗ KE AK SB MC ∗ KE AK SB MC ∗ KE AK SB KE AK SPO AES Labor MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK SPO AES Furious MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK SPO AES Fast R R R R AK SPO AES Fantastic MC ∗ MC ∗ MC ∗ MC ∗ KE SB AK KE SB AK KE SB AK KE SB AK KE SB AK SPO 2200 2300 2400 2500 2600 2700 2800 2900 3000 3100 3200 3300 3400 3500 3600 3700 3800 3900 4000 4100 4200 4300 4400 Clock cycle PU - push registers L - load key/plaintext KE - key expansion SB - shift rows and subbytes PO - pop registers S - store ciphertext AK - add round key MC - mix columns *,# - identical code R - one AES round in Fast ◮ 10k traces were recorded for each implementation Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 7 / 22

  17. Results: Similarity Matrix of Furious vs. Furious Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 8 / 22

  18. Results: Similarity Matrix of Fast vs. Furious Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 9 / 22

  19. Results: Maximum Projection into Furious Furious in Furious PU L KE L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK S PO 1 |Correlation| 0.8 0.6 0.4 0.2 0 500 1000 1500 2000 2500 3000 3500 Clock cycle AES-0 in Furious PU L KE L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK S PO 1 |Correlation| 0.8 0.6 0.4 0.2 0 500 1000 1500 2000 2500 3000 3500 Clock cycle AES Labor in Furious PU L KE L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK S PO 1 |Correlation| 0.8 0.6 0.4 0.2 0 500 1000 1500 2000 2500 3000 3500 Clock cycle Fantastic in Furious PU L KE L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK S PO 1 |Correlation| 0.8 0.6 0.4 0.2 0 500 1000 1500 2000 2500 3000 3500 Clock cycle Fast in Furious PU L KE L AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB MC AK SB AK S PO 1 |Correlation| 0.8 0.6 0.4 0.2 0 500 1000 1500 2000 2500 3000 3500 Clock cycle PU - push registers L - load key/plaintext KE - key expansion SB - shift rows and subbytes PO - pop registers S - store ciphertext AK - add round key MC - mix columns Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 10 / 22

  20. Results: Maximum Projection, Global Similarity AES-0 AES Labor Furious Fast Fantastic AES-0 0.97 0.41 0.63 0.33 0.53 AES Labor 0.42 0.91 0.46 0.29 0.39 Furious 0.61 0.44 0.96 0.45 0.54 Fast 0.35 0.32 0.46 0.96 0.29 Fantastic 0.58 0.40 0.62 0.30 0.93 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 11 / 22

  21. Results: Maximum Projection of Code Segments AK SB MC KE AK SB MC KE AK SB MC KE AES-0 0.96 0.97 0.98 0.97 0.68 0.31 0.38 0.40 0.71 0.65 0.71 0.46 AES Labor 0.64 0.33 0.36 0.43 0.96 0.97 0.96 0.88 0.75 0.40 0.37 0.45 Furious 0.68 0.65 0.73 0.46 0.73 0.38 0.40 0.41 0.95 0.98 0.98 0.96 Fast 0.45 0.31 0.26 0.44 0.48 0.24 0.19 0.39 0.47 0.31 0.27 0.95 Fantastic 0.64 0.58 0.75 0.41 0.62 0.31 0.37 0.43 0.65 0.72 0.68 0.41 (a) → AES-0 (b) → AES Labor (c) → Furious AK KE R AK SB MC KE AES-0 0.69 0.46 0.28 0.66 0.57 0.75 0.33 AES Labor 0.73 0.45 0.23 0.62 0.32 0.35 0.40 Furious 0.85 0.95 0.27 0.62 0.71 0.70 0.32 Fast 0.97 0.95 0.98 0.43 0.27 0.25 0.31 Fantastic 0.64 0.40 0.25 0.96 0.96 0.97 0.90 (d) → Fast (e) → Fantastic Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 12 / 22

  22. Experiment Set #2: Furious vs. Modified Furious ◮ addr: change register and data addresses ◮ swap: change the order of instruction execution ◮ addr+swap ◮ dummy: add 792 NOP instruction randomly ◮ dummy smart: add 792 leakage-generating instructions ◮ dummy smart+addr+swap Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 13 / 22

  23. Dummy Smart Explanation ◮ Assembly language macros applied to state registers randomly throughout the code 7 8 1 2 3 INC \reg NEG \reg ROL \reg PUSH \reg1 MOV \tmp, \reg ;; save register DEC \reg NEG \reg ROR \reg PUSH \reg2 LDI ZH, hi8(hd_temp) PUSH \reg3 4 5 LDI ZL, lo8(hd_temp) LDI ZL, 0x00 EOR \reg1, \reg2 PUSH \tmp LD \reg, z LPM \tmp, Z EOR \reg2, \reg3 LDI \tmp, \c MOV \reg, \tmp ;; restore register EOR \reg3, \reg1 EOR \reg, \tmp 6 POP \reg3 POP \tmp EOR \tmp, \tmp POP \reg2 POP \reg1 Peter Samarin and Kerstin Lemke-Rust Detecting Similar Code Segments through Side Channel Leakage 14 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography 2019.08.28 Bo-Yeon Sim 1 ,

Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography 2019.08.28 Bo-Yeon Sim 1 ,

Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography 2019.08.28 Bo-Yeon Sim 1 , , Jihoon Kwon 2 , Kyu Young Choi 2 , Jihoon Cho 2 , Aesun Park 3, , and Dong-Guk Han 1,3, 1 Department of Mathematics, Kookmin University,

881 views • 58 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Detecting Similar Software Applications Collin McMillan, Mark Grechanik, and Denys Poshyvanyk

Detecting Similar Software Applications Collin McMillan, Mark Grechanik, and Denys Poshyvanyk

Detecting Similar Software Applications Collin McMillan, Mark Grechanik, and Denys Poshyvanyk The College of William and Mary and The University of Illinois at Chicago Find Identical Penmen Finding Similar Web Pages Similar Web Pages For ACM

687 views • 41 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Side-channel attacks You saw before how timing

1.37k views • 81 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Detecting State Changes of Indoor Everyday Objects using Wi-Fi Channel State Information Sep. 12

Detecting State Changes of Indoor Everyday Objects using Wi-Fi Channel State Information Sep. 12

Detecting State Changes of Indoor Everyday Objects using Wi-Fi Channel State Information Sep. 12 th , 2017 Kazuya Ohara*, Takuya Maekawa, and Yasuyuki Matsushita Osaka University, Japan 1 Background 2 Detecting State Changes of Indoor

776 views • 34 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Binary Program Analysis: Theory and Practice (what you code is not what you execute) Emmanuel

Binary Program Analysis: Theory and Practice (what you code is not what you execute) Emmanuel

Binary Program Analysis: Theory and Practice (what you code is not what you execute) Emmanuel Fleury <emmanuel.fleury@labri.fr> Joint work with: Grald Point <gerald.point@labri.fr> , Aymeric Vincent <aymeric.vincent@labri.fr>

924 views • 91 slides
MEDIA SKILLS WORKSHOP SECTION 1: MEDIA INTRODUCTION OVERVIEW: SECTION 1 Tactics: Bridging,

MEDIA SKILLS WORKSHOP SECTION 1: MEDIA INTRODUCTION OVERVIEW: SECTION 1 Tactics: Bridging,

CIGI MEDIA SKILLS WORKSHOP SECTION 1: MEDIA INTRODUCTION OVERVIEW: SECTION 1 Tactics: Bridging, Hooking, Flagging, Touch and Go Ten tips DOs and DONTs General Interview Tips - Before, During, and After Final Thoughts THE

733 views • 57 slides
elausys.be ELECTRONIC & AUTOMATION SYSTEMS Products Universal KNX Actuator System Switching

elausys.be ELECTRONIC & AUTOMATION SYSTEMS Products Universal KNX Actuator System Switching

KNX MANUFACTURER Made in Belgium elausys.be ELECTRONIC & AUTOMATION SYSTEMS Products Universal KNX Actuator System Switching | Shutter | Blind Control Products Universal KNX Actuator System Modular & Extensible Rich Features

359 views • 13 slides
Good advising may be the single most underestimated characteristic of a successful college

Good advising may be the single most underestimated characteristic of a successful college

Good advising may be the single most underestimated characteristic of a successful college experience. Advisors play a critical role. They can ask a broad array of questions, and can make suggestions, that can affect students in a profound

355 views • 20 slides
Fault-Channel Watermarks Peter Samarin 1 , 2 , Alexander Skripnik 1 , and Kerstin Lemke-Rust 1

Fault-Channel Watermarks Peter Samarin 1 , 2 , Alexander Skripnik 1 , and Kerstin Lemke-Rust 1

Fault-Channel Watermarks Peter Samarin 1 , 2 , Alexander Skripnik 1 , and Kerstin Lemke-Rust 1 Bonn-Rhein-Sieg University of Applied Sciences 1 Ruhr-Universitt Bochum 2 Germany 27 September 2016 Bonn-Rhein-Sieg University of Applied Sciences

310 views • 14 slides
Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno Overeinder Wednesday, July 3, 13 The initial question Critical infrastructure sectors What is the network level representation of the critical

392 views • 24 slides
Mathematical Discourse Math Department Objectives Participants will: Understand what

Mathematical Discourse Math Department Objectives Participants will: Understand what

Mathematical Discourse Math Department Objectives Participants will: Understand what mathematical discourse is. Understand how to incorporate mathematical discourse in daily lessons. What Questions Did You Ask Today? Lets go to

276 views • 13 slides
Quality of Discourse: An Advocates perspective Milkah Kihunah, CARE USA Presentation at the

Quality of Discourse: An Advocates perspective Milkah Kihunah, CARE USA Presentation at the

A pilot project measuring the Quality of Discourse: An Advocates perspective Milkah Kihunah, CARE USA Presentation at the American Evaluation Association Conference, Nov 11 2015 OUTLINE What? Policy and Advocacy context Why?

479 views • 11 slides

More recommend