Constructive Side-Channel Analysis and Secure Design: 13th International Workshop, COSADE 2022, Leuven, Belgium, April 11-12, 2022, Proceedings

✍ Scribed by Josep Balasch, Colin O’Flynn

Publisher: Springer
Year: 2022
Tongue: English
Leaves: 279
Series: Lecture Notes in Computer Science, 13211
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

This book constitutes revised selected papers from the 13th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2022, held in Leuven, Belgium, in April 2022.

The 12 full papers presented in this volume were carefully reviewed and selected from 25 submissions. The papers cover the following subjects: implementation attacks, secure implementation, implementation attack-resilient architectures and schemes, secure design and evaluation, practical attacks, test platforms, and open benchmarks.

✦ Table of Contents

Preface
Organization
Contents
Machine/Deep Learning
Machine-Learning Assisted Side-Channel Attacks on RNS ECC Implementations Using Hybrid Feature Engineering
1 Introduction
2 Preliminaries and Related Literature
2.1 RNS as Side-Channel Attack Countermeasure
2.2 Feature Engineering Techniques
3 Machine Learning Based Evaluation Methodology for ECC RNS Scalar Multiplication
3.1 Attack Scenario Specification
3.2 Raw Trace Preprocessing
3.3 Data Splitting
3.4 Feature Selection and Processing
3.5 ML Classification Model Training
3.6 Key Prediction
4 Practical Results and Discussion
4.1 Trace Collection and Experimental Setup
4.2 Classifier's Performance on Raw Features
4.3 Impact of Feature Engineering
4.4 Hybrid Feature Selection Techniques
5 Conclusion
A Appendix
References
Focus is Key to Success: A Focal Loss Function for Deep Learning-Based Side-Channel Analysis
1 Introduction
2 Background
2.1 Deep Learning-Based Side-Channel Analysis
2.2 Loss Functions
2.3 Datasets
3 Related Works
4 A Novel Loss Function for SCA
4.1 Problem Statement
4.2 Focal Loss Ratio
4.3 Hyperparameter Tuning
5 Experimental Results
5.1 Setup
5.2 ASCAD_fixed
5.3 ASCAD_variable
5.4 CHES_CTF
6 Discussion
7 Conclusions and Future Work
References
On the Evaluation of Deep Learning-Based Side-Channel Analysis
1 Introduction
2 Machine Learning-Based Side-Channel Analysis
3 Related Works
4 Summary Statistics
5 Experimental Evaluation
5.1 Settings
5.2 Results
5.3 Discussion
6 Conclusions and Future Work
References
Tools and References
A Second Look at the ASCAD Databases
1 Introduction
2 Leakage Analysis of the ASCAD Implementation
2.1 Implementation Details
2.2 Correlation Point-of-Interest (CPOI) Analysis
2.3 Classical Side-Channel Analysis
3 ML-SCA on ASCAD: Impact of Training Scenarios and Varying Key Byte Leakage
3.1 Experimental Setup
3.2 Fixed Key vs. Variable Key Training
3.3 Training on Different Key Bytes
4 Conclusion
A Appendix
A.1 Sample Ranges for Different Bytes
A.2 Multivariate Second-Order Attack - Sample Combinations
References
FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication
1 Introduction
2 Background
2.1 Fault Attacks
2.2 Control-Flow Attacks
2.3 Control-Flow Integrity
3 Threat Model and Attack Scenario
3.1 Threat Model
3.2 Attack Scenario
3.3 CFI Against Software and Fault Attacks
4 FIPAC
4.1 Signature-Based Control-Flow Integrity
4.2 State Updates with Pointer Authentication
4.3 Placement of Checks
5 Implementation
5.1 CFI Primitives
5.2 Protection of Control-Flow Instructions
5.3 Toolchain
6 Evaluation
6.1 Security Evaluation
6.2 Security Comparison
6.3 Functional Evaluation
6.4 Performance Evaluation
7 Discussion
8 Conclusion
References
Body Biasing Injection: To Thin or Not to Thin the Substrate?
1 Introduction
2 Modelling
2.1 Simulation Results
2.2 Effect of the Substrate Thickness
2.3 About the BBI Fault Model
3 Experiments
3.1 Substrate Thinning
3.2 BBI Platform
3.3 Device Under Fault Injection
3.4 Experimental Results
4 Conclusion
References
Attacks
On the Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-invasive Physical Attacks
1 Introduction
1.1 Related Work
1.2 Contributions
2 Experimental Setup
2.1 Target Modifications
3 The ROM Bootloader
3.1 Extracting and Analysing the ROM Bootloader
3.2 ROM Bootloader Emulation
4 Bypassing Debug Security
4.1 Determining a Suitable Glitch Width
4.2 Debug Security Bypass: CCFG Configuration Parsing
4.3 Debug Security Bypass: eFuse Readout
4.4 Extracting Firmware from the Tesla Model 3 Key Fob
5 The Hardware AES Co-processor
5.1 Side-Channel Analysis
5.2 Differential Fault Analysis
6 Conclusion
6.1 Responsible Disclosure
References
Single-Trace Clustering Power Analysis of the Point-Swapping Procedure in the Three Point Ladder of Cortex-M4 SIKE
1 Introduction
1.1 Related Work
1.2 Contributions
1.3 Outline
2 Background
2.1 Supersingular Isogeny Key Encapsulation (SIKE)
2.2 Clustering
3 Clustering Power Analysis of SIKE
4 Attack Enhancements
4.1 Enhancing Sample Selection
4.2 Enhancing Power Samples Clustering
4.3 Enhancing Key Verification
5 Experimental Verification
5.1 Setup
5.2 Traces Collection
5.3 Clustering Power Analysis
5.4 Results
5.5 Discussion
5.6 Other SIKE Instances
6 Countermeasure
6.1 Description
6.2 Implementation
6.3 Experimental Validation
6.4 Other Countermeasures
7 Conclusion and Future Work
A Attacked Code
References
Canonical DPA Attack on HMAC-SHA1/SHA2
1 Introduction
1.1 Motivation
1.2 DPA
1.3 Known DPA Attacks on HMAC
1.4 Contribution
1.5 Organization of the Paper
2 HMAC-SHA1/SHA2
2.1 SHA1/SHA2 as Merkle-Damgård Constructions
2.2 HMAC-SHA1/SHA2 as Merkle-Damgård Tree
2.3 Aim of DPA Attacks on HMAC
2.4 The SHA256 Compression Function
2.5 The SHA1 Compression Function
3 Known Attack on the Inner Secret
3.1 DPA on Plaintext Plus Subkey
3.2 Attack on the Inner HMAC-SHA256 Secret
3.3 Attack on the Inner HMAC-SHA1 Secret
4 New Attack on the Outer Secret
4.1 Attack on the Outer HMAC-SHA256 Secret
4.2 The Attack
4.3 Optimization and Fall-Back
4.4 Attack on the Outer HMAC-SHA1 Secret
4.5 Preliminary Conclusion
5 Application to the BQ27Z561 Battery Authentication
5.1 Battery Authentication for Counterfeit Prevention
5.2 Measurement Setup
5.3 Measurements
5.4 Disclosure of the Inner Secret
5.5 Optimizations
5.6 Disclosure of the Outer Secret
5.7 Conclusion
References
Masking
Provable Secure Software Masking in the Real-World
1 Introduction
1.1 Contributions
1.2 Related Work
2 Side-Channel Analysis
2.1 Measurement Setup
2.2 Leakage Assessment
2.3 CPA Attack Results
2.4 Root Cause Analysis
3 Benchmarking
3.1 Randomness Generation
3.2 Benchmarking: Discussion and Conclusion
4 Discussion and Conclusions
4.1 Recommendations
References
Systematic Study of Decryption and Re-encryption Leakage: The Case of Kyber
1 Introduction
2 Background
2.1 Information Theory for Side-Channel Attacks
2.2 CRYSTALS-Kyber
3 Shortcut Formulas for SPA and DPA
3.1 AskDPA: DPA Against CPAPKE.Dec
3.2 AskSPA: SPA Against Re-encryption
4 Generic Intuitions
4.1 Masking can be (very) Expensive
4.2 Leveling Moderately Helps
5 Applications to CRYSTALS-Kyber
5.1 Finer Grain Analysis
5.2 Concrete Attack Parameters
5.3 A Look at Unprotected Implementations
5.4 Generic Intuition Revisited
6 Discussion and Challenges
A Masked Kyber.CCAKEM.Dec
References
Handcrafting: Improving Automated Masking in Hardware with Manual Optimizations
1 Introduction
2 Background
3 Architectures Descriptions
3.1 Masked AES S-box Implementation
3.2 8-Bit Serial Implementation
3.3 32-Bit Serial Implementation
3.4 128-Bit Serial Implementation
4 Implementation Results
4.1 Masked S-box Implementations
4.2 Masked AES Implementations
4.3 Physical Security
5 Conclusion
References
Author Index

📜 SIMILAR VOLUMES