Juchuan Zhang,Xiaoyu Ji,Yuehan Chi,Yi‐Chao Chen,Bin Wang,Wenyuan Xu

DOI: https://doi.org/10.1145/3448300.3468291

2021-01-01

Abstract:Trade secrets such as intellectual properties are the inherent values for firms. Although companies have exploited strict access management policies and isolated their networks from the public Internet, trade secrets are still vulnerable to side-channel attacks. Side-channels can reveal the computing processes of computers in forms of various physical signals such as light, electromagnetism, and even heat. Such side-channels can bypass the isolation mechanism and therefore bring about severe threats. However, existing side-channels can only perform well within a short-distance (e.g., less than 1 meter) due to the high attenuation of signals. In this paper, we seek to utilize the built-in power lines in a building and construct a power side-channel that enables remote, i.e., cross-outlet attack against trade secrets. To this end, we investigate the power factor correction (PFC) module inside the power supply units of commodity computers and find that the PFC signals observed from an outlet can precisely reveal the power consumption information of all the connected devices, even from the outlets in adjacent rooms. Based upon this insight, we design and implement OutletSpy, a power side-channel attack that can infer application launching from a remote outlet and therefore enjoys the stealthiness property. We validate and evaluate OutletSpy with a dataset under different background APPs, time variations and different locations. The experiment results show OutletSpy can infer the application launching with 98.25% accuracy.

Frank Piessens,Paul C. van Oorschot

DOI: https://doi.org/10.1109/msec.2024.3352848

IF: 3.105

2024-04-05

IEEE Security & Privacy

Abstract:We provide a brief, accessible introduction to side-channel attacks, a growing subarea of computer security. We explain the key underlying ideas, give a chronological overview of selected classical attacks, and characterize side-channel attacks along several axes.

computer science, information systems, software engineering

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Yufeng Tang,Zheng Gong,Tao Sun,Jinhai Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-030-88323-2_22

2021-01-01

Abstract:White-box block cipher (WBC) aims at protecting the secret key of a block cipher even if an adversary has full control over the implementations. At CHES 2016, Bos et al. proved that WBC are also threatened by side-channel analysis (SCA), e.g., differential fault analysis (DFA) and differential computation analysis (DCA). Therefore, advanced countermeasures have been proposed by Lee et al. for resisting DFA and DCA, such as table redundancy and improved masking methods, respectively. In this paper, we introduce a new adaptive side-channel analysis model which assumes that an adversary adaptively collects the intermediate values of a specific function and can mount the DFA/DCA attack with chosen inputs. In the adaptive SCA model, both theoretical analysis and experimental results show that Lee et al.’s proposed methods are vulnerable to DFA and DCA attacks. Moreover, a negative proposition is also demonstrated on the corresponding high-order countermeasures under our new model.

Saleh Khalaj Monfared,Tahoura Mosavirik,Shahin Tajik

DOI: https://doi.org/10.48550/arXiv.2310.07014

2023-05-08

Cryptography and Security

Abstract:The threat of physical side-channel attacks and their countermeasures is a widely researched field. Most physical side-channel attacks rely on the unavoidable influence of computation or storage on voltage or current fluctuations. Such data-dependent influence can be exploited by, for instance, power or electromagnetic analysis. In this work, we introduce a novel non-invasive physical side-channel attack, which exploits the data-dependent changes in the impedance of the chip. Our attack relies on the fact that the temporarily stored contents in registers alter the physical characteristics of the circuit, which results in changes in the die's impedance. To sense such impedance variations, we deploy a well-known RF/microwave method called scattering parameter analysis, in which we inject sine wave signals with high frequencies into the system's power distribution network (PDN) and measure the echo of the signals. We demonstrate that according to the content bits and physical location of a register, the reflected signal is modulated differently at various frequency points enabling the simultaneous and independent probing of individual registers. Such side-channel leakage violates the $t$-probing security model assumption used in masking, which is a prominent side-channel countermeasure. To validate our claims, we mount non-profiled and profiled impedance analysis attacks on hardware implementations of unprotected and high-order masked AES. We show that in the case of profiled attack, only a single trace is required to recover the secret key. Finally, we discuss how a specific class of hiding countermeasures might be effective against impedance leakage.

Lu Zhang,Luis Vega,Michael Taylor

DOI: https://doi.org/10.48550/arXiv.1605.00681

2016-05-03

Abstract:Power side-channel attacks are a very effective cryptanalysis technique that can infer secret keys of security ICs by monitoring the power consumption. Since the emergence of practical attacks in the late 90s, they have been a major threat to many cryptographic-equipped devices including smart cards, encrypted FPGA designs, and mobile phones. Designers and manufacturers of cryptographic devices have in response developed various countermeasures for protection. Attacking methods have also evolved to counteract resistant implementations. This paper reviews foundational power analysis attack techniques and examines a variety of hardware design mitigations. The aim is to highlight exposed vulnerabilities in hardware-based countermeasures for future more secure implementations.

Cryptography and Security

Andreas Gornik,Amir Moradi,Jurgen Oehm,Christof Paar

DOI: https://doi.org/10.1109/tcad.2015.2423274

2015-08-01

Abstract:Side-channel attacks are one of the major concerns for security-enabled applications as they make use of information leaked by the physical implementation of the underlying cryptographic algorithm. Hence, reducing the side-channel leakage of the circuits realizing the cryptographic primitives is amongst the main goals of circuit designers. In this paper, we present a novel circuit concept, which decouples the main power supply from an internal power supply that is used to drive a single logic gate. The decoupling is done with the help of buffering capacitances integrated into semiconductor. We also introduce—compared to the previously known schemes—an improved decoupling circuit which reduces the crosstalk from the internal to the external power supply. The result of practical side-channel evaluation on a prototype chip fabricated in a 150nm CMOS technology shows a high potential of our proposed technique to reduce the side-channel leakages.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Jan Wichelmann,Ahmad Moghimi,Thomas Eisenbarth,Berk Sunar

DOI: https://doi.org/10.1145/3274694.3274741

2019-01-07

Abstract:Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze $15$ different cryptographic implementations consisting of $112$ million instructions in about $105$ minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries.

Cryptography and Security

Wei Yang,Anni Jia

DOI: https://doi.org/10.1155/2021/6614702

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Side-channel analysis (SCA) is usually used for security evaluation to test the side-channel vulnerability of a cryptographic device. However, in practice, an analyser may need to cope with enormous amounts of side-channel measurement data to extract valuable information for SCA. Under the circumstances, side-channel leakage detection can be used to identify leakage points which contain secret information and therefore improve the efficiency of security assessment. This investigation proposes a new black-box leakage detection approach on the basis of the one-way analysis of variance (ANOVA). In accordance with the relevance between leakage points and inputs of a cryptographic algorithm, the proposed method divides side-channel samples into multiple classes and tests the difference among these classes by taking advantage of the one-way ANOVA. Afterwards, leakage points and nonleakage points can be distinguished by determining whether the null hypothesis is accepted. Further, we extend our proposed method to multichannel leakage detection. In particular, a new SCA attack with a F-statistic-based distinguisher is capable of developing if the input of the leakage detection approach is replaced by a sensitive intermediate variable. Practical experiments show the effectiveness of the proposed methods.

Martin Hell,Oskar Westman

DOI: https://doi.org/10.37936/ecti-cit.2020142.239925

2020-06-03

Abstract:Side-channel attacks on cryptographic algorithms targets the implementation of the algorithm. Information can leak from the implementation in several different ways and, in this paper, electromagnetic radiation from an FPGA is considered. We examine to which extent key information from an AES implementation can be deduced using a low-end oscilloscope. Moreover, we examine how the antenna's distance from the FPGA affects the results in this setting. Our experiments show that some key bits indeed can be inferred from the measurements, despite having a far from optimal setting.

Lianbo Yao,Tao Zhang

DOI: https://doi.org/10.1109/ICCSIT.2010.5563592

2010-01-01

Abstract:Side channel analysis (SeA) is a powerful physical cryptanalysis. In common industrial practice, the SeA security evaluation is performed after the devices are manufactured. However, the post-manufactured analysis is time consuming, error prone and expensive. Motivated by the spirit of hardware/software co-design, a design-time SeA analysis is proposed to improve the efficiency. Firstly, a general SeA leakage model is presented, and then the flow of design-time security analysis is described. After that, a flexible simulation and analytical environment is built to assess the different SeA leakage. Finally, an illustrative experiment, which performs a design-time SeA analysis on the crypto-chip with AES-128 core, is given. © 2010 IEEE.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

Robert Dumitru,Thorben Moos,Andrew Wabnitz,Yuval Yarom

2024-12-06

Abstract:In recent years a new class of side-channel attacks has emerged. Instead of targeting device emissions during dynamic computation, adversaries now frequently exploit the leakage or response behaviour of integrated circuits in a static state. Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA). Despite relying on different physical phenomena, they all enable the extraction of sensitive information from circuits in a static state with high accuracy and low noise -- a trait that poses a significant threat to many established side-channel countermeasures. In this work, we point out the shortcomings of existing solutions and derive a simple yet effective countermeasure. We observe that in order to realise their full potential, static side-channel attacks require the targeted data to remain unchanged for a certain amount of time. For some cryptographic secrets this happens naturally, for others it requires stopping the target circuit's clock. Our proposal, called Borrowed Time, hinders an attacker's ability to leverage such idle conditions, even if full control over the global clock signal is obtained. For that, by design, key-dependent data may only be present in unprotected temporary storage when strictly needed. Borrowed Time then continuously monitors the target circuit and upon detecting an idle state, securely wipes sensitive contents. We demonstrate the need for our countermeasure and its effectiveness by mounting practical static power SCA attacks against cryptographic systems on FPGAs, with and without Borrowed Time. In one case we attack a masked implementation and show that it is only protected with our countermeasure in place. Furthermore we demonstrate that secure on-demand wiping of sensitive data works as intended, affirming the theory that the technique also effectively hinders LLSI and IA.

Cryptography and Security

Xi Chen,Zhaojun Lu,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00208

2018-01-01

Abstract:Testing is essential to isolate good chips from faulty ones. Scan chain, which provides test engineer access to all the flip flops in the chip, is the backbone of industrial testing methods. However, attackers can also leverage the controllability and observability of scan chain as a side channel to break systems such as cryptographic chips. In this paper, we develop a partial scan chain based approach to prevent side channel attacks. The basic idea is to remove the flip flops that store sensitive information from the full scan chain. However, the challenge is how to keep the full test coverage as we demonstrate that using industrial design tools such as traditional partial scan not only fails to provide full fault coverage, but also incurs huge overhead in test time and test vector generation time. We use a novel finite state machine (FSM) structure to deliver secure controllability of the un-chained flip flops to test engineers while using lightweight LFSR and XOR to enable the observability. We conduct experiments to demonstrate that the proposed partial scan, comparing to the full scan, gives full test coverage with reduced test time and does not need to re-generate test vectors.

Pol Van Aubel,Kostas Papagiannopoulos,Łukasz Chmielewski,Christian Doerr

DOI: https://doi.org/10.48550/arXiv.1712.05745

2017-12-16

Abstract:Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.

Cryptography and Security

Ronan Lashermes,Hélène Le Bouder

DOI: https://doi.org/10.1007/s13389-024-00356-2

2024-05-19

Journal of Cryptographic Engineering

Abstract:We introduce a novel side-channel-based reverse engineering technique capable of reconstructing a procedure solely from inputs, outputs, and traces of execution. Beyond generic restrictions, we do not assume any prior knowledge of the procedure or the chip it operates on. These restrictions confine our analysis to 8-bit RISC constant-time software implementations. Specifically we demonstrate with simulated traces the theoretical feasibility of reconstructing a symmetric cryptographic cipher, even in scenarios where traces are sampled with information loss and noise, such as when measuring the power consumption of the chip.

computer science, theory & methods

Ferhat Erata,Ruzica Piskac,Victor Mateu,Jakub Szefer

DOI: https://doi.org/10.1109/EuroSP57164.2023.00047

2023-04-05

Abstract:Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.

Cryptography and Security

Tao Zhang,Xiao-Yu Zheng,Ming-Yu Fan,Jian-Bo Yao

2009-01-01

Abstract:Side-channel analysis (SCA) is a powerful physical cryptanalysis. However, traditional SCA security evaluation is time-consuming, error prone and expensive. In order to improve the efficiency of security evaluation, a design-time SCA analysis method is proposed. Firstly, a general SCA leakage model is presented, and the analysis flow of design-time SCA is described. Secondly, a flexible simulation and analysis environment is built to evaluate the security of different SCA leakages. Finally, an illustrative experiment, which performs a design-time SCA evaluation on the crypto-chip with AES-128 core, is given. Compared with traditional SCA analysis method, our approach can detect SCA vulnerability and evaluate the quality of SCA countermeasures at design time, and thus it reduces time-to-market greatly.

YAO Jian-bo,ZHANG Tao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2012.06.021

2012-01-01

Abstract:In view to the characteristic of side channel attacks needs corresponding side channel simulation tools support,a side channel attacks simulation environment design is presented and implementation technology about the simulation platform is analyzed in detail.The platform will separate the simulation realization and analysis realization of side channel leak,using the component technology on the package,with strong flexibility.The different side channel information leakage and attack strategy in the form of components is added to the platform,make the testers can according to the test needs to choose flexible test data and analysis strategy.In case analysis,by group length of 64 bit DES cryptographic algorithm for test object,are given respectively under the environment of the real measure of the power consumption of the curve and using simulation platform are power curve.

Chenxu Wang,Jinghu Li,Mingyan Yu,Jinxiang Wang

DOI: https://doi.org/10.1587/elex.10.20130602

2013-01-01

IEICE Electronics Express

Abstract:Side-channel analysis is an important strategy for Hardware Trojan (HT) detection. Karhunen-Love (K-L) expansion can be used to improve side-channel signals analysis quality, As an auxiliary post-processing method of K-L expansion, One Class Support Vector Machine (OCSVM) is introduced to achieve ICs intelligent classification. With the OCSVM and the power traces of Genuine ICs (Genuines), a hyper sphere can be built to distinguish the Trojan ICs (Trojans) from Genuines. The effectiveness of the proposed approach is experimentally demonstrated using power simulations performed on a representative circuit with several different Trojan circuits.