Part of the book series:Lecture Notes in Computer Science ((LNSC,volume 11445))
Included in the following conference series:
790Accesses
Abstract
“An ounce of prevention is worth a pound of cure”. This paper presents a methodology to detect side-channel leakage at source-code level. It leverages simple tests performed on noise-less traces of execution, and returns to the developer accurate information about the security issues. The feedback is in terms of location (where in code, when in time), in terms of security severity (amount and duration of leakage), and most importantly, in terms of possible reason for the leakage. After the source code (and subsequently the compiled code) has been sanitized, attack attempts complement the methodology to test the implementation against realistic exploitations. This last steps allows to validate whether the tolerated leakages during the sanitizing stage are indeed benign.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
3rd IEEE International Verification and Security Workshop, IVSW 2018, Costa Brava, Spain, July 2–4, 2018. IEEE (2018)
Bhasin, S., Danger, J.L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: IEEE International Symposium on Electromagnetic Compatibility (EMC 2014/Tokyo), May 12–16 2014. Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, Tokyo, Japan (2014)
Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004).https://doi.org/10.1007/978-3-540-30564-4_5
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004).https://doi.org/10.1007/978-3-540-28632-5_2
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003).https://doi.org/10.1007/3-540-36400-5_3
Easter, R.J., Quemard, J.-P., Kondo, J.: Text for ISO/IEC 1st CD 17825 - Information technology - Security techniques - Non-invasive attack mitigation test metrics for cryptographic modules, March 22 2014. Prepared within ISO/IEC JTC 1/SC 27/WG 3 (2014)
Facon, A., Guilley, S., Lec’hvien, M., Schaub, A., Souissi, Y.: Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms. In: 3rd IEEE International Verification and Security Workshop, IVSW 2018, Costa Brava, Spain, July 2–4, 2018 [1], pp. 7–12 (2018)
Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012).https://doi.org/10.1007/978-3-642-33027-8_14
Gilbert Goodwill, B.J., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation, September 2011. In: NIST Non-Invasive Attack Testing Workshop (2011).http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/08_Goodwill.pdf
Jaffe, J., Rohatgi, P., Witteman, M.F.: Efficient side-channel testing for public key algorithms: RSA case study, September 2011. In: NIST Non-Invasive Attack Testing Workshop (2011).http://csrc.nist.gov/news_events/non-invasive-attack-testing-workshop/papers/09_Jaffe.pdf
Kocher, P.: Complexity and the challenges of securing SoCs. In: Stok, L., Dutt, N.D., Hassoun, S. (eds) Proceedings of the 48th Design Automation Conference, DAC 2011, San Diego, California, USA, June 5–10, 2011, pp. 328–331. ACM (2011)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).https://doi.org/10.1007/3-540-68697-5_9
Kocher, P.C.: Leak-resistant cryptographic indexed key update, March 25 2003. United States Patent 6,539,092 filed on July 2nd, 1999 at San Francisco, CA, USA (2003)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).https://doi.org/10.1007/3-540-48405-1_25
Liu, H., Qian, G., Tsunoo, Y., Goto, S.: The switching glitch power leakage model. JSW6(9), 1787–1794 (2011)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2006). ISBN 0-387-30857-1.http://www.dpabook.org/
Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES Hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006).https://doi.org/10.1007/11894063_7
Moradi, A., Guilley, S., Heuser, A.: Detecting hidden leakages. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 324–342. Springer, Cham (2014).https://doi.org/10.1007/978-3-319-07536-5_20
Souissi, Y., Danger, J.-L., Guilley, S., Bhasin, S., Nassar, M.: Common framework to evaluate modern embedded systems against side-channel attacks. In: IEEE International Conference on Technologies for Homeland Security (HST), pp. 86–91, November 15–17 2011. Westin Hotel, Waltham, MA, USA (2011).https://doi.org/10.1109/THS.2011.6107852
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009).https://doi.org/10.1007/978-3-642-01001-9_26
Takarabt, S., et al.: Pre-silicon embedded system evaluation as new EDA tool for security verification. In: 3rd IEEE International Verification and Security Workshop, IVSW 2018, Costa Brava, Spain, July 2–4, 2018 [1], pp. 74–79 (2018)
Veshchikov, N., Guilley, S.: Use of simulators for side-channel analysis. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26–28, 2017, pp. 51–59. IEEE (2017)
Veyrat-Charvillon, N., Medwed, M., Kerckhof, S., Standaert, F.-X.: Shuffling against side-channel attacks: a comprehensive study with cautionary note. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 740–757. Springer, Heidelberg (2012).https://doi.org/10.1007/978-3-642-34961-4_44
Whitnall, C., Oswald, E.: A fair evaluation framework for comparing side-channel distinguishers. J. Crypt. Eng.1(2), 145–160 (2011)
Author information
Authors and Affiliations
Secure-IC S.A.S., 15 Rue Claude Chappe, Bât. B, 35 510, Cesson-Sévigné, France
Youssef Souissi, Adrien Facon & Sylvain Guilley
École Normale Supérieure, Département d’informatique, 75 005, Paris, France
Adrien Facon & Sylvain Guilley
LTCI, Télécom ParisTech, Institut Polytechnique de Paris, 75 013, Paris, France
Sylvain Guilley
- Youssef Souissi
You can also search for this author inPubMed Google Scholar
- Adrien Facon
You can also search for this author inPubMed Google Scholar
- Sylvain Guilley
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toSylvain Guilley.
Editor information
Editors and Affiliations
Université Paris 8, Saint-Denis, France
Claude Carlet
Institut MINES-TELECOM, Paris, France
Sylvain Guilley
Université de Caen, Caen, France
Abderrahmane Nitaj
Mohammed V University, Rabat, Morocco
El Mamoun Souidi
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Souissi, Y., Facon, A., Guilley, S. (2019). Virtual Security Evaluation. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_1
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-030-16457-7
Online ISBN:978-3-030-16458-4
eBook Packages:Computer ScienceComputer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative