[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Automated Deployment of Software Encoding Countermeasure

  • Chapter
  • First Online:
Automated Methods in Cryptographic Fault Analysis

Abstract

In this chapter, we provide insights on automated generation of an encoding-based software countermeasure against both fault and side-channel attacks. First, we outline the fault resistance properties that are necessary to design an encoding scheme designed to protect cryptographic software implementations against faults. We define theoretical bounds that clearly show the possibilities and limitations of encoding-based countermeasures, together with trade-offs between side-channel and fault resistance. Later, we detail the algorithm that automatically constructs a code according to pre-defined user criteria w.r.t. fault resistance and takes the stochastic device leakage into account to minimize the leaked side-channel information. As a result, we are able to design a code by using automated methods that can provide the optimal trade-off between side-channel and fault resistance. We simulate several codes with respect to most popular fault models, using a general-purpose microcontroller assembly implementation.

This research was conducted when author “J. Breier” was with Temasek Laboratories, NTU.

This research was conducted when author “X. Hou” was with Nanyang Technological University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 71.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
GBP 89.99
Price includes VAT (United Kingdom)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Breier, On analyzing program behavior under fault injection attacks, in 2016 Eleventh International Conference on Availability, Reliability and Security (ARES) (IEEE, Piscataway, 2016), pp. 1–5

    Google Scholar 

  2. J. Breier, X. Hou, Feeding two cats with one bowl: on designing a fault and side-channel resistant software encoding scheme, in Cryptographers’ Track at the RSA Conference (Springer, Berlin, 2017), pp. 77–94

    MATH  Google Scholar 

  3. J. Breier, D. Jap, C.-N. Chen, Laser profiling for the back-side fault attacks: with a practical laser skip instruction attack on AES, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (CPSS ’15) (ACM, New York, 2015), pp. 99–103

    Google Scholar 

  4. J. Breier, D. Jap, S. Bhasin, The other side of the coin: analyzing software encoding schemes against fault injection attacks, in 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (IEEE, Piscataway, 2016), pp. 209–216

    Google Scholar 

  5. A.E. Brouwer, J.B. Shearer, N.J.A. Sloane, W.D. Smith, A new table of constant weight codes. IEEE Trans. Inf. Theory 36(6), 1334–1380 (1990)

    Article  MathSciNet  Google Scholar 

  6. C. Chen, T. Eisenbarth, A. Shahverdi, X. Ye, Balanced encoding to mitigate power analysis: a case study, in International Conference on Smart Card Research and Advanced Applications. Lecture Notes in Computer Science (Springer, Berlin, 2014), pp. 49–63

    Google Scholar 

  7. J.H. Conway, N.J.A. Sloane, Sphere Packings, Lattices and Groups, vol. 290 (Springer, Berlin, 2013)

    Google Scholar 

  8. F.-W. Fu, T. Kløve, Y. Luo, V.K. Wei, On equidistant constant weight codes. Discret. Appl. Math. 128(1), 157–164 (2003)

    Article  MathSciNet  Google Scholar 

  9. L. Goubin, J. Patarin, DES and differential power analysis. The “duplication” method, in International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Lecture Notes in Computer Science (Springer, Berlin, 1999), pp. 158–172

    Google Scholar 

  10. P. Hoogvorst, J.-L. Danger, G. Duc, Software implementation of dual-rail representation, in Second International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE), Darmstadt (2011)

    Google Scholar 

  11. S. Ling, C. Xing, Coding Theory: A First Course (Cambridge University Press, Cambridge, 2004)

    Book  Google Scholar 

  12. F.J. MacWilliams, N.J.A. Sloane, The Theory of Error Correcting Codes (Elsevier, Amsterdam, 1977)

    MATH  Google Scholar 

  13. H. Maghrebi, V. Servant, J. Bringer, There is wisdom in harnessing the strengths of your enemy: customized encoding to thwart side-channel attacks – extended version–. Cryptology ePrint Archive, Report 2016/183, 2016. http://eprint.iacr.org/

  14. P. Rauzy, S. Guilley, Z. Najm, Formally proved security of assembly code against leakage. IACR Cryptology ePrint Arch. 2013, 554 (2013)

    Google Scholar 

  15. F. Regazzoni, L. Breveglieri, P. Ienne, I. Koren, Interaction between fault attack countermeasures and the resistance against power analysis attacks, in Fault Analysis in Cryptography (Springer, Berlin, 2012), pp. 257–272

    Google Scholar 

  16. W. Schindler, K. Lemke, C. Paar, A stochastic model for differential side-channel cryptanalysis, in International Workshop on Cryptographic Hardware and Embedded Systems (Springer, Berlin, 2005), pp. 30–46

    Google Scholar 

  17. T. Schneider, A. Moradi, T. Güneysu, ParTI – towards combined hardware countermeasures against side-channel and fault-injection attacks, in Annual Cryptology Conference (Springer, Berlin, 2016), pp. 302–332

    MATH  Google Scholar 

  18. N. Selmane, S. Bhasin, S. Guilley, T. Graba, J.-L. Danger, WDDL is protected against setup time violation attacks, in 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2009), pp. 73–83

    Book  Google Scholar 

  19. V. Servant, N. Debande, H. Maghrebi, J. Bringer, Study of a novel software constant weight implementation, in International Conference on Smart Card Research and Advanced Applications (Springer, Berlin, 2014), pp. 35–48

    Google Scholar 

  20. K. Tiri, I. Verbauwhede, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, in Proceedings Design, Automation and Test in Europe Conference and Exhibition, vol. 1 (IEEE, Piscataway, 2004), pp. 246–251

    Google Scholar 

  21. E. Trichina, R. Korkikyan, Multi fault laser attacks on protected CRT-RSA, in 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) (IEEE, Piscataway, 2010), pp. 75–86

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Underwriters Laboratories, Singapore, Singapore

    Jakub Breier

  2. Acronis, Singapore, Singapore

    Xiaolu Hou

Authors
  1. Jakub Breier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaolu Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaolu Hou .

Editor information

Editors and Affiliations

  1. Underwriters Laboratories, Singapore, Singapore

    Jakub Breier

  2. Acronis, Singapore, Singapore

    Xiaolu Hou

  3. Temasek Laboratories, Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

Appendices

Appendix 1: Generated Codes

In this section, we state the remaining codes generated by Algorithm 1, for M = 16 and n = 8, 9, 10 (Tables 7.4 and 7.5).

Appendix 2: Fault Resistance Probabilities

In this section, we show the detailed theoretical calculations of fault resistance probabilities and the overall resistance index (with error) for some specific examples.

Equidistant Detection Scheme

Using Lemma 7.1, we list the values of p ms and p rand in Table 7.6 for (8, 4, 2) and (8, 4, 4) equidistant binary codes.

Table 7.6 Theoretical values of p m for (n, M, d)-equidistant binary code
Full size table

Detection Scheme

Since we require that \({\mathrm {dis}}\left ({{\mathcal C}}\right )\geq 2\) for Detection Scheme, for 1-bit fault, we expect the results to be Null, which means p 1 = 1. Now we give a theoretical calculation for the (8, 4, 4)-binary code \({{\mathcal C}}_{8,4,min4}=\{00011001,00100111,10001010, 10110100\}\). We first list the distance between every pair of codewords in Table 7.7.

Table 7.7 Distance between each pair of codewords in the (8, 4, 4)-binary code \({{\mathcal C}}_{8,4,min4}\)
Full size table

By Eq. (7.3), we can then calculate the m-bit fault resistance probabilities and the overall resistance index for \({{\mathcal C}}\):

$$\displaystyle \begin{aligned} p_2&=p_3=1-\frac{1}{4}(0+0+0+0)=1,\\ p_4&=1-\frac{1}{4\binom{8}{4}}(2+0+1+1)=\frac{69}{70}\approx0.9857, \end{aligned} $$
$$\displaystyle \begin{aligned} p_5&=1-\frac{1}{4\binom{8}{5}}(2+2+2+2)=\frac{27}{28}\approx0.9643,\\ p_6&=p_7=p_8=1-\frac{1}{4}(0+0+0+0)=1, \quad p_{{\mbox{rand}}}=\sum_{m=1}^8\frac{1}{8}p_m=0.9938.\\ \end{aligned} $$

Correction Scheme

m-bit fault resistance probabilities with error correction for the same (8, 4, 4)-binary code \({{\mathcal C}}_{8,4,min4}=\{00011001, 00100111,10001010,10110100\}\). As \({\mathrm {dis}}\left ({{\mathcal C}}\right )=4\), by Remark 7.1 it is an 1-error-correcting code. By Eq. (7.2), p m,(e) = 1 for m = 1. To calculate p m,(e) for m ≥ 2, we first list the table of cardinalities of F c,m for \({\boldsymbol c}\in {{\mathcal C}}\) and m = 2, 3, …, 8 in Table 7.8.

Table 7.8 Cardinality of F c,m for m = 2, 3, …, 8 and \({ \boldsymbol c}\in {{\mathcal C}}_{8,4,min4}\)
Full size table

By Eq. (7.2), we can then calculate the m-bit fault resistance probabilities with error correction as well as the overall resistance index with error correction for \({{\mathcal C}}\).

$$\displaystyle \begin{aligned} \begin{array}{rcl} p_{2,(e)}&\displaystyle =&\displaystyle 1-\frac{1}{4\binom{8}{2}}(0+0+0+0)=1,\\ p_{3,(e)}&\displaystyle =&\displaystyle 1-\frac{1}{4\binom{8}{3}}(4+4+4+4)=\frac{13}{14}\approx0.9286,\\ p_{4,(e)}&\displaystyle =&\displaystyle 1-\frac{1}{4\binom{8}{4}}(11+11+11+11)=\frac{59}{70}\approx0.8429,\\ p_{5,(e)}&\displaystyle =&\displaystyle 1-\frac{1}{4\binom{8}{5}}(6+6+6+6)=\frac{25}{28}\approx0.8929,\\ p_{6,(e)}&\displaystyle =&\displaystyle 1-\frac{1}{4\binom{8}{6}}(6+6+6+6)=\frac{11}{14}\approx0.7857,\\ p_{7,(e)}&\displaystyle =&\displaystyle p_{8,(e)}=1-\frac{1}{4}(0+0+0+0)=1,\\ p_{{\mbox{rand}},(e)}&\displaystyle =&\displaystyle \sum_{m-1}^8\frac{1}{8}p_{m,(e)}=0.9313.\end{array} \end{aligned} $$

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Breier, J., Hou, X. (2019). Automated Deployment of Software Encoding Countermeasure. In: Breier, J., Hou, X., Bhasin, S. (eds) Automated Methods in Cryptographic Fault Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-11333-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11333-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11332-2

  • Online ISBN: 978-3-030-11333-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation