3.2 Passive Implementation Attacks and Countermeasures

Date: Tuesday 10 March 2015
Time: 14:30 - 16:00
Location / Room: Belle Etoile

Chair:
Philippe Maurine, CEA-TECH, FR

Co-Chair:
Francesco Regazzoni, AlaRI, CH

Passive implementation attacks are a major security threat for embedded systems. This session focuses on improving side-channel analysis considering reliable key extraction, information leakage of static power consumption, and processor instructions. It also presents a monitor to defeat write-back attacks on caches.

Time	Label	Presentation Title Authors
14:30	3.2.1	RELIABLE INFORMATION EXTRACTION FOR SINGLE TRACE ATTACKS Speakers: Valentina Banciu, Elisabeth Oswald and Carolyn Whitnall, University of Bristol, GB Abstract Side-channel attacks using only a single trace crucially rely on the capability of reliably extracting side-channel information (e.g. Hamming weights of intermediate target values) from traces. In particular, in original versions of simple power analysis (SPA) or algebraic side channel attacks (ASCA) it was assumed that an adversary can correctly extract the Hamming weight values for all the intermediates used in an attack. Recent developments in error tolerant SPA style attacks relax this unrealistic requirement on the information extraction and bring renewed interest to the topic of template building or training suitable machine learning classifiers. In this work we ask which classifiers or methods, if any, are most likely to return the true Hamming weight among their first (say s) ranked outputs. We experiment on two data sets with different leakage characteristics. Our experiments show that the most suitable classifiers to reach the required performance for pragmatic SPA attacks are Gaussian templates, Support Vector Machines and Random Forests, across the two data sets that we considered. We found no configuration that was able to satisfy the requirements of an error tolerant ASCA in case of complex leakage. Download Paper (PDF; Only available from the DATE venue WiFi)
15:00	3.2.2	SCANDALEE: A SIDE-CHANNEL-BASED DISASSEMBLER USING LOCAL ELECTROMAGNETIC EMANATIONS Speakers: Daehyun Strobel, Florian Bache, David Oswald, Falk Schellenberg and Christof Paar, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, DE Abstract Side-channel analysis has become a well-established topic in the scientific community and industry over the last one and a half decade. Somewhat surprisingly, the vast majority of work on side-channel analysis has been restricted to the "use case" of attacking cryptographic implementations through the recovery of keys. In this contribution, we show how side-channel analysis can be used for extracting code from embedded systems based on a CPU's electromagnetic emanation. There are many applications within and outside the security community where this is desirable. In cryptography, it can, e.g., be used for recovering proprietary ciphers and security protocols. Another broad application field is general security and reverse engineering, e.g., for detecting IP violations of firmware or for debugging embedded systems when there is no debug interface or it is proprietary. A core feature of our approach is that we take localized electromagnetic measurements that are spatially distributed over the IC being analyzed. Given these multiple inputs, we model code extraction as a classification problem that we solve with supervised learning algorithms. We apply a variant of linear discriminant analysis to distinguish between the multiple classes. In contrast to previous approaches, which reported instruction recognition rates between 40-70%, our approach detects more than 95% of all instructions for test code, and close to 90% for real-world code. The methods are thus very relevant for use in practice. Our method performs dynamic code recognition, which has both advantages (only the program parts that are actually executed are observed) but also limitations (rare code executions are difficult to observe). Download Paper (PDF; Only available from the DATE venue WiFi)
15:30	3.2.3	SIDE-CHANNEL ATTACKS FROM STATIC POWER: WHEN SHOULD WE CARE? Speakers: Santos Merino del Pozo¹, Francois-Xavier Standaert¹, Dina Kamel¹ and Amir Moradi² ¹UCL Crypto Group, BE; ²Ruhr University Bochum, DE Abstract Static power consumption is an increasingly important concern when designing circuits in deep submicron technologies. Besides its impact for low-power implementations, recent research has investigated whether it could lead to exploitable side-channel leakages. Both simulated analyses and measurements from FPGA devices have confirmed that such a static signal can indeed lead to successful key recoveries. In this respect, the main remaining question is whether it can become the target of choice for actual adversaries, especially since it has smaller amplitude than its dynamic counterpart. In this paper, we answer this question based on actual measurements taken from an AES S-box prototype chip implemented in a 65-nanometer CMOS technology. For this purpose, we first provide a fair comparison of the static and dynamic leakages in a univariate setting, based on worst-case information theoretic analysis. This comparison confirms that the static signal is significantly less informative than the dynamic one. Next, we extend our evaluations to a multivariate setting. In this case, we observe that simple averaging strategies can be used to reduce the noise in static leakage traces. As a result, we mainly conclude that (a) if the target chip is working at maximum clock frequency (which prevents the previously mentioned averaging), the static leakage signal remains substantially smaller than the dynamic one, so has limited impact, and (b) if the adversary can reduce the clock frequency, the noise of the static leakage traces can be reduced arbitrarily. Whether the static signal leads to more informative leakages than the dynamic one then depends on the quality of the measurements (as the former one has very small amplitude). But it anyway raises a warning flag for the implementation of algorithmic countermeasures such as masking, that require high noise levels. Download Paper (PDF; Only available from the DATE venue WiFi)
15:45	3.2.4	EXTRAX: SECURITY EXTENSION TO EXTRACT CACHE RESIDENT INFORMATION FOR SNOOP-BASED EXTERNAL MONITORS Speakers: Jinyong Lee¹, Yongje Lee², Hyungon Moon¹, Ingoo Heo¹ and Yunheung Paek¹ ¹Seoul National University, KR; ²Seoul National University, Samsung Electronics Co., Ltd., KR Abstract Advent of rootkits has urged researchers to conduct much research on defending the integrity of OS kernels. Even though recently proposed snoop-based monitors have shown to provide higher performance and security level compared to conventional hypervisor-based monitors, we discovered that the use of write-back caches in a system would seriously undermine the effectiveness of snoop-based monitors. To address the problem, we propose a special hardware unit called Extrax which makes use of existing hardware logic, core debugging interface, to extract necessary information for security monitoring. Being implemented to refine the debug information for security purposes, Extrax assists snoop-based monitors to detect attacks that exploit write-back caches. Experimental results show that our system can detect more advanced attacks, which the state-of-the-art snoop-based hardware monitors cannot capture, with moderate area overhead and power consumption. Download Paper (PDF; Only available from the DATE venue WiFi)
16:00		End of session Coffee Break in Exhibition Area Coffee Break in Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area. Lunch Break On Tuesday and Wednesday, lunch boxes will be served in front of the session room Salle Oisans and in the exhibition area for fully registered delegates (a voucher will be given upon registration on-site). On Thursday, lunch will be served in Room Les Ecrins (for fully registered conference delegates only). Tuesday, March 10, 2015 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30; Keynote session from 13:20 - 14:20 (Room Oisans) sponsored by Mentor Graphics Coffee Break 16:00 - 17:00 Wednesday, March 11, 2015 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30, Keynote lectures from 12:50 - 14:20 (Room Oisans) Coffee Break 16:00 - 17:00 Thursday, March 12, 2015 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:00, Keynote lecture from 13:20 - 13:50 Coffee Break 15:30 - 16:00