Abstract
Power side-channel attacks, capable of deducing secret using statistical analysis techniques, have become a serious threat to devices in cyber-physical systems and the Internet of things. Random masking is a widely used countermeasure for removing the statistical dependence between secret data and side-channel leaks. Although there are techniques for verifying whether software code has been perfectly masked, they are limited in accuracy and scalability. To bridge this gap, we propose a refinement-based method for verifying masking countermeasures. Our method is more accurate than prior syntactic type inference based approaches and more scalable than prior model-counting based approaches using SAT or SMT solvers. Indeed, it can be viewed as a gradual refinement of a set of semantic type inference rules for reasoning about distribution types. These rules are kept abstract initially to allow fast deduction, and then made concrete when the abstract version is not able to resolve the verification problem. We have implemented our method in a tool and evaluated it on cryptographic benchmarks including AES and MAC-Keccak. The results show that our method significantly outperforms state-of-the-art techniques in terms of both accuracy and scalability.
Highlights
Cryptographic algorithms are widely used in embedded computing devices, including SmartCards, to form the backbone of their security mechanisms
– We propose a method for gradually refining the type inference system using SMT solver based analysis, to ensure the overall method is complete
We first introduce our distribution types, which are inspired by prior work in [6, 13, 47], together with some auxiliary data structures; we present our inference rules
Summary
Cryptographic algorithms are widely used in embedded computing devices, including SmartCards, to form the backbone of their security mechanisms. In practice, attackers may recover cryptographic keys by analyzing physical information leaked through side channels. These so-called side-channel attacks exploit the statistical dependence between secret data and non-functional properties of a computing device such as the execution time [38], power consumption [39] and electromagnetic radiation [49]. Differential power analysis (DPA) is an extremely popular and effective class of attacks [30, 42]. This work was supported primarily by the National Natural Science Foundation of China (NSFC) grants 61532019 and 61761136011.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
