Baolei Mao,Wei Hu,Alric Althoff,Janarbek Matai,Yu Tai,Dejun Mu,Timothy Sherwood,Ryan Kastner

DOI: https://doi.org/10.1109/tcad.2017.2768420

IF: 2.9

2018-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Cryptographic cores are known to leak information about their private key due to runtime variations, and there are many well-known attacks that can exploit this timing channel. In this paper, we study how information theoretic measures can quantify the amount of key leakage that can be exacted from runtime measurements. We develop and analyze 22 Rivest-Shamir-Adleman (RSA) hardware designs-each with unique performance optimizations, timing channel mitigation techniques, or discretization/randomization countermeasures. We demonstrate the effectiveness of information theoretic measures for quantifying timing leakage through correlation analysis of information theoretic measurements and attack results. Experimental results show that mutual information is a promising technique for quantifying timing leakage for RSA, advanced encryption standard, and elliptic curve cryptography ciphers, i.e., the mutual information correlates to being able to successfully guess the value of the private key. This is an important step toward a hardware security metric which allows designers to reason about security alongside traditional hardware design metrics like area, performance, and power.

Bao-Lei MAO,Wei HU,De-Jun MU,Hui-Xiang ZHANG,Yu TAI,Liang HONG

DOI: https://doi.org/10.11897/SP.J.1016.2018.00426

2018-01-01

Chinese Journal of Computers

Abstract:The RSA algorithm is a widely deployed public key cipher for data encryption and digital signature,whose security has drawn attention from both academic and industry fields.Its security relies on both the computation complexity of breaking the algorithm itself and the security of the encryption key.Generally,it is much easier to recover the encryption key than break the RSA algorithm through power and timing side channel analysis.Previous work primarily focuses on timing side channels in software RSA implementations,without in-depth studying the effect of hardware architecture on timing channel security.Although there is work for detecting and isolating timing channel based on formal verification of timing information flow or building timing channel free hardware design by incorporating new type system into the hardware design language,they can only provide qualitative analysis of timing channel,lacking effective model to perform quantitative analysis of hardware timing channel security.In this work,we will concentrate on hardware RSA cores and provide a quantitative analysis model to evaluate such timing channel leakage.Firstly,we introduce hardware RSA timing channel and its threat model.We then employ the entropy theory to set up timing attack model and quantitative analysis model for RSA architecture timing channel.Besides,we attack RSA implementation based on entropy and variance analysis,respectively.In order to demonstrate the effectiveness of entropy in quantifying hardware RSA implementation leakage,we perform quantitative analysis of different key-pairs information leakage within the same RSA architecture,quantify information leakage for different RSA architecture implementations with timing channel algorithm optimization techniques,evaluate the effect of timing channel countermeasure on reducing information leakage;and also attack each RSA implementation to validate the effectiveness of our quantitative analysis model.Finally,we evaluate the effect of different algorithm optimizations,timing channel mitigation techniques and countermeasures on design complexity in terms of timing channel,performance and resource utilization.Experimental results show that entropy metric can be used to attack RSA timing channel and it can increase the success rate by combining variance analysis with entropy analysis.Entropy metric can be used to quantitatively analyze information leakage from timing channel in RSA hardware architectures effectively and efficiently,which provides an effective theoretical basis and test methodology to assess the severity of timing channel information leakage.In addition,entropy metric can help designers to tradeoff security requirements and design overheads such as performance and resource utilization,which provides a potential security metric to integrate timing channel security with traditional design metrics (e.g.area and performance) to characterize the hardware in more detail.

Baolei MAO,Dejun MU,Wei HU,Huixiang ZHANG,Maoyuan QIN

DOI: https://doi.org/10.3778/j.issn.1002-8331.1701-0148

2017-01-01

Abstract:The attackers can extract the RSA private key by timing channel. Currently, there is a lack of effective method to detect and evaluate information leakage from RSA hardware timing channel. In this paper, Gate Level Information Flow tracking(GLIFT)method is employed to detect RSA timing channel and a test framework is proposed to evaluate RSA timing channel qualitatively and quantitatively. By case studies on 5 different RSA architectures, the experimental results show that the test framework can evaluate the effect of mitigation techniques on reducing and eliminating information leakage from RSA timing channel effectively and efficiently, which indicates that the test framework can help designers to tradeoff timing channel security, resource utilization and performance.

Ryan Kastner,Wei Hu,Alric Althoff

DOI: https://doi.org/10.3850/9783981537079_1008

2016-01-01

Abstract:Existing hardware design methodologies provide limited methods to detect security flaws or derive a measure on how well a mitigation technique protects the system. Information flow analysis provides a powerful method to test and verify a design against security properties that are typically expressed using the notion of noninterference. While this is useful in many scenarios, it does have drawbacks primarily related to its strict enforcement of limiting all information flows - even those that could only occur in rare circumstances. Quantitative metrics based upon information theoretic measures provide an approach to loosen such restrictions. Furthermore, they are useful in understanding the effectiveness of security mitigations techniques. In this work, we discuss information flow analysis using noninterference and qualitative metrics. We describe how to use them in a synergistic manner to perform joint information flow analysis. And we use this novel technique to analyze security properties across several different hardware cryptographic cores.

MAO Baolei,MU Dejun,HU Wei,ZHANG Huixiang,TAI Yu,ZHANG Lu

DOI: https://doi.org/10.3969/j.issn.1001-2400.2017.05.020

2017-01-01

Abstract:The timing channel residing in RSA hardware implementations imposes a major threat to hardware security.In this work,we propose a sliding window timing attack method with significant improvement in the attack success rate and employ an information theoretic model to quantitatively measure the effectiveness of the proposed attack.Experimental results show that the sliding window attack method increases the attack success rate from 73% to 96% as compared to Kocher's timing attack,which uses a single bit window.Our results also reveal a strong correlation between attack success rates and the mutual information measurements of the key and encryption time.This indicates that information theoretic metrics can serve as an approach for quantifying the effectiveness of the sliding window timing attack method and evaluating timing channel threat of the RSA hardware architecture.

Congming Wei,Guangze Hong,An Wang,Jing Wang,Shaofei Sun,Yaoling Ding,Liehuang Zhu,Wenrui Ma

DOI: https://doi.org/10.1109/tifs.2024.3449119

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In side-channel testing, the standard timing analysis works when the vendor can provide a measurement to indicate the execution time of cryptographic algorithms. In this paper, we find that there exists timing leakage in power/electromagnetic channels, which is often ignored in traditional timing analysis. Hence a new method of timing analysis is proposed to deal with the case where execution time is not available. Different execution time leads to different execution intervals, affecting the locations of plaintext and ciphertext transmission. Our method detects timing leakage by studying changes in plaintext-ciphertext correlation when traces are aligned forward and backward. Experiments are then carried out on different cryptographic devices. Furthermore, we propose an improved timing analysis framework which gives appropriate methods for different scenarios.

Lennart M. Reimann,Anshul Prashar,Chiara Ghinami,Rebecca Pelke,Dominik Sisejkovic,Farhad Merchant,Rainer Leupers

2024-02-07

Abstract:In contemporary Electronic Design Automation (EDA) tools, security often takes a backseat to the primary goals of power, performance, and area optimization. Commonly, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Cutting-edge methods employ information flow analysis to identify inadvertent information leaks in design structures. Current information leakage detection methods use quantitative information flow analysis to quantify the leaks. However, handling sequential circuits poses challenges for state-of-the-art techniques due to their time-agnostic nature, overlooking timing channels, and introducing false positives. To address this, we introduce QTFlow, a timing-sensitive framework for quantifying hardware information leakages during the design phase. Illustrating its effectiveness on open-source benchmarks, QTFlow autonomously identifies timing channels and diminishes all false positives arising from time-agnostic analysis when contrasted with current state-of-the-art techniques.

Cryptography and Security,Hardware Architecture

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan,LIU Huiying,JI Ke-ke

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.04.001

2012-01-01

Abstract:The security of a lightweight block cipher KLEIN against the algebraic side-channel attack is evaluated by combining algebraic attack with side-channel attack under the Hamming weight leakage model.Firstly,the algebraic representation of KLEIN is given.Then,the Hamming weights of the intermediate states are deduced from analyzing the power leakages and converted into algebraic equations.Finally,the CryptoMinisat solver is applied to solve for the key.Based on three different error tolerant strategies,many physical experiments are conducted on KLEIN under an 8-bit microcontroller and the complexity of the attack is also evaluated.Experiment results show that: the unprotected software implementation of KLEIN is vulnerable to algebraic side-channel attack.Full 64-bit master key of KLEIN can be recovered by analyzing the Hamming weight leakages of the first round under know plaintext/ciphertext scenario and 2 rounds under unknown plaintext/ciphertext scenario.

Yu Tai,Wei Hu,Dejun Mu,Baolei Mao,Lu Zhang

DOI: https://doi.org/10.1109/ACCESS.2017.2780254

IF: 3.9

2018-01-01

IEEE Access

Abstract:Computing hardware has become an attractive attack surface due to the globalization of semi-conductor design and supply chain, and the wide integration of third-party intellectual property cores. Recently, gate-level information flow tracking (GLIFT) has been proposed to monitor the flow of information in secure hardware design by associating data objects with sensitivity labels and tracking the flow of labeled data. GLIFT can be used to model and verify security-related properties, such as confidentiality and integrity. However, existing work in this realm only considers binary labels. These are inadequate for understanding simultaneous information flow behaviors and the root source information flows. In this paper, we propose a precise multi-bit GLIFT method to perform simultaneous multi-bit flow tracking for understanding exactly which bits are affecting a data object at the same time. The proposed method provides more detailed insights into simultaneous information flow behaviors and thus allows proof of quantitative information flow data properties. We compare the complexity and verification performance for different information flow models using primitive gates, IWLS benchmarks, several cryptographic cores, and trust HUB benchmarks. Experimental results have demonstrated that our method can reason about multi-bit information flow behaviors and identify potential security flaws.

Han Li

DOI: https://doi.org/10.48550/arXiv.1912.07005

2019-12-15

Abstract:The McEliece cryptosystem based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes is first purposed in 2013\cite{QCMDPC} and is considered a promising contender in the post-quantum era. Understanding its security is hence essential. Till now, the most effective attacks are the reaction attack\cite{Reaction} and the timing attack\cite{Timing}. Both of these attacks rely on the decoding performance to recover the private key. The reaction attack relies on the decoding failure rate and the timing attack relies on the iterations during decoding. However, the mechanics behind these attacks remain elusive. In this paper, a mathematical model is proposed to explain both attacks by connecting the spectrum of private key and first-layer performance of the decoder.

Cryptography and Security

Armaiti Ardeshiricham,Wei Hu,Ryan Kastner

DOI: https://doi.org/10.1109/iccad.2017.8203772

2017-01-01

Abstract:Emergence of side channel security attacks has challenged the classic assumptions regarding what data is publicly available. As demonstrated repeatedly, statistical analysis of information collected by measuring completion time of hardware designs can reveal confidential information. Even though timing-based side channel leakage can be easily exploited to breach data privacy, conventional hardware verification tools are not yet suited to assess these vulnerabilities. To acquaint the hardware design process with formal security evaluations, we introduce a model for tracking timing-based information flows through HDL codes. Based on this model, we have developed Clepsydra, a tool for automatically generating circuitry for tracking timing flows and generic logical flows within hardware designs in two distinct channels. The circuit generated by Clepsydra can be analyzed by EDA tools to detect timing leakage or formally prove constant execution time. We present proofs regarding soundness and precision of the proposed model along with results of employing Clepsydra to verify security properties on a variety of hardware units including crypto cores, bus architectures, caches and arithmetic modules.

Tara Merin John,Syed Kamran Haider,Hamza Omar,Marten van Dijk

DOI: https://doi.org/10.1109/tdsc.2017.2779780

2020-03-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Data-dependent access patterns of an application to an untrusted storage system are notorious for leaking sensitive information about the user's data. Previous research has shown how an adversary capable of monitoring both read and write requests issued to the memory can correlate them with the application to learn its sensitive data. However, information leakage through only the write access patterns is less obvious and not well studied in the current literature. In this work, we demonstrate an actual attack on power-side-channel resistant Montgomery's ladder based modular exponentiation algorithm commonly used in public key cryptography. We infer the complete 512-bit secret exponent in $mathbf{sim 3.5}$∼3.5 minutes by virtue of just the write access patterns of the algorithm to the main memory. In order to learn the victim algorithm's write access patterns under realistic settings, we exploit a compromised DMA device to take frequent snapshots of the application's address space, and then run a simple differential analysis on these snapshots to find the write access sequence. The attack has been shown on an Intel Core(TM) i7-4790 3.60GHz processor based system. We further discuss a possible attack on McEliece public-key cryptosystem that also exploits the write-access patterns to learn the secret key.

computer science, information systems, software engineering, hardware & architecture

Yuemei He,Guan Haibing,Chen Kai,Liang Alei

DOI: https://doi.org/10.1109/ICIECS.2009.5362890

2009-01-01

Abstract:Cache-based timing attacks recover cipher keys by exploiting side channel information leaks which are caused by the implementations of cryptographic algorithms and the data-dependent behavior of cache memory. This kind of attacks has been proved to be effective in experiments and even feasible in practice. A number of software-based mechanisms have been proposed to protect against such attacks, however, most of them only aims at a specific sort of cache-based attacks by altering the implementation of the algorithm. In this paper, we put forward a novel idea with the goal of providing general protection. With the help of dynamic binary translation technique, we create a sandbox where the cryptographic implementations are executed. During the runtime, redundancy instructions can be inserted into the binary code of the cipher routine, and thus the leaked information is skewed and becomes useless to the attackers. The preliminary experimental results indicate that this defending mechanism can provide strong protection against the cache-based timing attacks. Moreover, in the part of conclusion, we discuss that this mechanism can also be effective against other types of cache-based side channel attacks. ©2009 IEEE.

Huaxin Wang,Yiwen Gao,Yuejun Liu,Qian Zhang,Yongbin Zhou

DOI: https://doi.org/10.1186/s42400-024-00209-9

2024-06-05

Abstract:During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when implemented on hardware, has seen limited research on side-channel analysis, and current attacks are incomplete or requires a substantial quantity of traces. Therefore, we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis (CPA) method, where with a minimum of 70,000 traces partial private key coefficients can be recovered. Furthermore, we optimise the attack by extracting Point-of-Interests using known information due to parallelism (named CPA-PoI) and by iteratively utilising parallel leakages (named CPA-ITR). Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%, CPA-ITR by up to 25%, and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces. They outperfom the CPA method. As a result, it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.

M. Mehdi Kholoosi,M. Ali Babar,Cemal Yilmaz

2023-08-23

Abstract:Timing attacks are considered one of the most damaging side-channel attacks. These attacks exploit timing fluctuations caused by certain operations to disclose confidential information to an attacker. For instance, in asymmetric encryption, operations such as multiplication and division can cause time-varying execution times that can be ill-treated to obtain an encryption key. Whilst several efforts have been devoted to exploring the various aspects of timing attacks, particularly in cryptography, little attention has been paid to empirically studying the timing attack-related vulnerabilities in non-cryptographic software. By inspecting these software vulnerabilities, this study aims to gain an evidence-based understanding of weaknesses in non-cryptographic software that may help timing attacks succeed. We used qualitative and quantitative research approaches to systematically study the timing attack-related vulnerabilities reported in the National Vulnerability Database (NVD) from March 2003 to December 2022. Our analysis was focused on the modifications made to the code for patching the identified vulnerabilities. We found that a majority of the timing attack-related vulnerabilities were introduced due to not following known secure coding practices. The findings of this study are expected to help the software security community gain evidence-based information about the nature and causes of the vulnerabilities related to timing attacks.

Cryptography and Security,Software Engineering

Wei Jiang,Zhenlin Guo,Yue Ma,Nan Sang

DOI: https://doi.org/10.1016/j.sysarc.2013.09.008

IF: 5.836

2013-01-01

Journal of Systems Architecture

Abstract:Security, energy and timing are three main concerns for embedded real-time systems, especially in battery-powered security-critical embedded systems. Existing researches on cryptographic algorithms seriously ignored the timing properties and their running environments were supposed for general applications while not based on real-time operating systems. In this paper we make efforts to analyse both energy and time related characteristics of widely used cryptographic algorithms for data-sensitive embedded real-time systems. All our studies are based on empirical data measured from a widely used ARM9 developing platform which runs security-critical test tasks within the real-time operating systems @mC/OSII. To efficiently obtain precise and accuracy data, we use NI instrument and devise a well-defined data-processing method. Identifying the inherent characteristics of security algorithms, we propose a multi-dimensional analysis framework that reveals potential features cryptographic algorithms from the angles of power, speed, and unit energy cost. The energy and time features of most popular cryptographic algorithms including symmetric, asymmetric, and hash algorithms are well studied. In addition, some mathematical models are also built to help explain and investigate these features. Based on the experiments and analysis, we found some interesting results like (1) energy consumptions and time overheads of cryptographic algorithms are not linear functions of the size of plain text, (2) energy cost is near-linear to the execution time of each cryptographic algorithm under any data size due to the hard/software experimental platform constraint, (3) the power is a Gaussian function of data size while the processing speed and unit energy are polynomial functions of data size. We believe this paper could help the design of security-critical applications in embedded real-time systems, e.g. utilizing directly these experimental data of cryptographic algorithms or these fitting mathematical functions to optimize the energy consumption of security-critical real-time applications under limited resources and security requirements.

MA Yixin,TANG Shibo,TAN Jing,LI Xuefei,HU Wei

DOI: https://doi.org/10.1051/jnwpu/20224010076

2022-01-01

Abstract:Cryptographic cores are the key components to enforce information security properties related to confidentiality and integrity. Since the security of a cryptographic core implementation and the security of the cryptographic algorithm itself from the mathematical perspective are two different problems, cryptographic cores may contain hidden security vulnerabilities such as design flaws and side channels. Security analysis methods based on functional verification rely heavily on the quality of test vectors and usually have low test coverage, which is difficult to meet the security verification requirements of security-critical components like cryptographic cores. This work proposes a cryptographic core security verification and vulnerability detection method from the perspective of information flow security. The proposed method can accurately measure all logical information flows in cryptographic core designs to formally verify security properties such as confidentiality and integrity. It can detect potential security vulnerabilities in cryptographic implementations by capturing harmful information flows. Experimental results show that our information flow security verification method is effective in detecting sensitive information leakage caused by the design vulnerabilities and side channels in cryptographic cores.

Jan Wichelmann,Ahmad Moghimi,Thomas Eisenbarth,Berk Sunar

DOI: https://doi.org/10.1145/3274694.3274741

2019-01-07

Abstract:Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze $15$ different cryptographic implementations consisting of $112$ million instructions in about $105$ minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries.

Cryptography and Security

Daniel Moghimi,Berk Sunar,Thomas Eisenbarth,Nadia Heninger

DOI: https://doi.org/10.48550/arXiv.1911.05673

2019-11-13

Cryptography and Security

Abstract:Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only 45,000 authentication handshakes via a network connection. The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.