towards the automatic applications of side channel
play

Towards the Automatic Applications of Side Channel Countermeasures - PowerPoint PPT Presentation

Apr 06, 2024 •452 likes •1.01k views

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

  1. Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1

  2. Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA Resistant Instruction Set Extension 5 Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy P. 2

  3. Why Electronic Design Automation for security? Security is very often considered at later stages of design Cost and Time to Market Possible Security pitfalls Francesco Regazzoni 23 October 2015, Chia, Italy P. 3

  4. Why Electronic Design Automation for security? Security is very often considered at later stages of design Cost and Time to Market Possible Security pitfalls EXTRA CONSTRAINT Use as much as possible “standard” EDA commodities! Francesco Regazzoni 23 October 2015, Chia, Italy P. 3

  5. Motivating Example Francesco Regazzoni 23 October 2015, Chia, Italy P. 4

  6. Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA Resistant Instruction Set Extension 5 Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy P. 5

  7. Simplified Hardware Design Flow (ASIC) Algorithm Design C, Matlab, VHDL RTL (Architecture) Design Synthesizable HDL Gate x x XOR y y Layout Francesco Regazzoni 23 October 2015, Chia, Italy P. 6

  8. Let’s focus on Synthesis RTL (Architecture) Design Synthesizable HDL Logic Synthesis Gate Level x x XOR y y Francesco Regazzoni 23 October 2015, Chia, Italy P. 7

  9. Logic Synthesis Input and Output INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 23 October 2015, Chia, Italy P. 8

  10. Is it sufficient for DPA? Paul Kocher, Joshua Jaffe, and Benjamin Jun, “ Differential Power Analysis ”, in Proceedings of Advances in Cryptology-CRYPTO’99 , Santa Barbara, California, USA, August 15-19, 1999. (Cited by 5177) Francesco Regazzoni 23 October 2015, Chia, Italy P. 9

  11. Countermeasures Power consumption independent from processed key dependent data Intermediate values of the cryptographic algorithm Intermediate values processed by the device Power consumption of the cryptographic device Francesco Regazzoni 23 October 2015, Chia, Italy P. 10

  12. Countermeasures Power consumption independent from processed key dependent data Intermediate values of the cryptographic algorithm Masking Countermeasures Intermediate values processed by the device Power consumption of the cryptographic device Francesco Regazzoni 23 October 2015, Chia, Italy P. 11

  13. Countermeasures Power consumption independent from processed key dependent data Intermediate values of the cryptographic algorithm Masking Countermeasures Intermediate values processed by the device Hiding Countermeasures Power consumption of the cryptographic device Francesco Regazzoni 23 October 2015, Chia, Italy P. 12

  14. Countermeasures Power consumption independent from processed key dependent data Intermediate values of the cryptographic algorithm Masking Countermeasures Intermediate values processed by the device Hiding Countermeasures Power consumption of the cryptographic device They can be implemented in Software or in Hardware Francesco Regazzoni 23 October 2015, Chia, Italy P. 12

  15. Approach One INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints OUTPUT : DPA resistant Gate Level Netlist Estimation of area, timing, power (!) Timing constraints Francesco Regazzoni 23 October 2015, Chia, Italy P. 13

  16. Approach Two INPUT : HDL Description Technological Library (area, timing, power) Synthetic Library (multipliers...) Constraints (limit the gates) OUTPUT : Gate Level Netlist “Cell Substitution” : Replace cells with Reload the design for correct area and timing K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits , IEEE TCAD, 2006 Francesco Regazzoni 23 October 2015, Chia, Italy P. 14

  17. Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA Resistant Instruction Set Extension 5 Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy P. 15

  18. Place and Route Gate x x XOR y y Place and Route Layout Francesco Regazzoni 23 October 2015, Chia, Italy P. 16

  19. Place and Route Input and Output INPUT : Gate level description of the circuit Physical view of the library (pin placement, ...) Constraints from synthesis OUTPUT : Gate Level Netlist Position and interconnection of the gates Estimation of area, timing, power (!) Francesco Regazzoni 23 October 2015, Chia, Italy P. 17

  20. This is not yet the end! Security Evaluation Chip Finalization Tape Out Security Evaluation Francesco Regazzoni 23 October 2015, Chia, Italy P. 18

  21. Security Evaluation Toggle Count .... SPICE simulation Real measures on fabricated chip Francesco Regazzoni 23 October 2015, Chia, Italy P. 19

  22. Reconfigurable Devices Measure directly Less Freedom Tools more “closed” Francesco Regazzoni 23 October 2015, Chia, Italy P. 20

  23. Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA Resistant Instruction Set Extension 5 Quick Note on Software Francesco Regazzoni 23 October 2015, Chia, Italy P. 21

  24. Protect PRESENT with secure hardware Lightweight block cipher 4 bit S-box addRoundKey , sBoxLayer // Calculate S-box (plaintext XOR key) int PRESENT(int plaintext, int key) { 1 int result = 0; // initialize the result 2 plaintext = plaintext ^key; // perform the xor with the key 3 result = S[plaintext]; // perform the S-box 4 return result; }; // return the result Francesco Regazzoni 23 October 2015, Chia, Italy P. 22

  25. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 23

  26. What can I do? Register File IMM. B A ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 24

  27. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 25

  28. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 26

  29. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 27

  30. What can I do? Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 28

  31. What can I do? Something easier? Francesco Regazzoni 23 October 2015, Chia, Italy P. 29

  32. Protected / Non Protected CO-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 30

  33. Protected / Non Protected CO-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 31

  34. Protected / Non Protected CO-Design! Register File IMM. A B ISE ISE ISE ALU Memory Francesco Regazzoni 23 October 2015, Chia, Italy P. 32

  35. Automatic design of DPA resistant ISE identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Francesco Regazzoni 23 October 2015, Chia, Italy P. 33

  36. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Francesco Regazzoni 23 October 2015, Chia, Italy P. 34

  37. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Francesco Regazzoni 23 October 2015, Chia, Italy P. 35

  38. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Francesco Regazzoni 23 October 2015, Chia, Italy P. 36

  39. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 23 October 2015, Chia, Italy P. 37

  40. Needed “Basic Blocks” identify Partition Protect Security sensitive parts Sensitive / Sensitive Evaluation Non Sensitive Generate useful power traces? Measure the DPA resistance? Countermeasure and its design flow? Partition the algorithm? Francesco Regazzoni 23 October 2015, Chia, Italy P. 38

  41. The CMOS Design Flow software processor HDL code crypto.c Protected ISE HDL code Library Protected ISE Extractor Synth and P&R CMOS Library CMOS Synth and P&R crypto_ISE.c 0101001. 0101001. 1100001. SPICE level 1100001. simulation Security Evaluaton Francesco Regazzoni 23 October 2015, Chia, Italy P. 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras Side Channel Analysis Electro magnetic Radiation Fault injection Power consumption Timing channels Preventing Side Channel Attacks is

468 views • 34 slides
The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel

The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel

The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks David Molnar , Matt Piotrowski, David Schultz, and David Wagner UC-Berkeley and MIT Regular Cryptographic Attacks Key k Idealized

423 views • 11 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Side-Channel & Fault Attacks Ruggero Susella System Research & Applications Security

Side-Channel & Fault Attacks Ruggero Susella System Research & Applications Security

Side-Channel & Fault Attacks Ruggero Susella System Research & Applications Security Rodmap STMicroelectronics 2018/12/06 2 ST Who are we ? STMicroelectronics 3 A global semiconductor leader 2017 revenues of $8.35B

1.32k views • 107 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06

Bricks and Tools for Secure Hardware Implementations Francesco Regazzoni Francesco Regazzoni 06 June 2014, ibenik, Croatia P. 1 Why Electronic Design Automation? Surely the purpose of science is to ease human hardship Galileo,

846 views • 82 slides
MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480

Imperial College London - Department of Computing MSc Advanced Computing, MSc Computing (Spec.) Comp. 4th year, ISE 4th year & JMC 4th year 480 AUTOMATED REASONING CBC Otter Practice (Assessed) Issued: 30 October 2012 Due: 12 November 2011

202 views • 4 slides
The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF

The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF

The Independent Stream an Introduction Nevil Brownlee Independent Submissions Editor IETF 98, 26 March 2017 All about the Independent Stream (InSt) History The InSt and its Editor (ISE) Relevant RFCs: 4846 and 6548 What does

498 views • 28 slides
Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on

Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on

Introduction Independent Runs Royal Road Parallel Times Combinatorial Optimisation Adaptive Schemes Outlook & Conclusions Theory of Parallel Evolutionary Algorithms Dirk Sudholt University of Sheffield, UK Based on joint work with J

806 views • 79 slides
Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than

Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than

Psychological Influences on Risk Perception Lecture 20/Chapter 17 Certainty effect: people feel better about a reduction of risk to 0 than they do about a reduction of risk by the same Psychological Influences on Personal amount to a risk

482 views • 6 slides
The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander

The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander

The Kiev Experiment Evolving Agile Partnerships Who are we? Simon Ogle Alexander Kikhtenko Peter Thomas Where did we start? Existing monolithic mainframe application Quarterly deliveries 6 week testing cycles

676 views • 48 slides
The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins,

The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins,

The evolution and interaction of two shock-accelerated, unstable gas cylinders Chris Tomkins, Kathy Prestridge, Paul Rightley, Mark Marr-Lyon, Robert Benjamin Summer students: James Doyle and Michael Schneider Dynamic Experimentation Division,

212 views • 18 slides
Test of optical links on CN V.3 David M unchow for the Gieen Group Belle II PXD/SVD

Test of optical links on CN V.3 David M unchow for the Gieen Group Belle II PXD/SVD

Test of optical links on CN V.3 David M unchow for the Gieen Group Belle II PXD/SVD Workshop 5. February 2013, Wetzlar, Germany 1 Test Setup 2 Hardware Modifications 3 Software Issues 4 Test Results Test Setup In final setup input rate of

131 views • 10 slides

More recommend