Abstract
Accelerated by the increased interconnection of highly accessible devices, the demand for effective and efficient protection of hardware designs against Side-Channel Analysis (SCA) is ever rising, causing its topical relevance to remain immense in both, academia and industry. Among a wide range of proposed countermeasures against SCA, masking is a highly promising candidate due to its sound foundations and well-understood security requirements. In addition, formal adversary models have been introduced, aiming to accurately capture real-world attack scenarios while remaining sufficiently simple to efficiently reason about the SCA resilience of designs. Here, the d-probing model is the most prominent and well-studied adversary model. Its extension, introduced as the robust d-probing model, covers physical defaults occurring in hardware implementations, particularly focusing on combinational recombinations (glitches), memory recombinations (transitions), and routing recombinations (coupling).With increasing complexity of modern cryptographic designs and logic circuits, formal security verification becomes ever more cumbersome. This started to spark innovative research on automated verification frameworks. Unfortunately, these verification frameworks mostly focus on security verification of hardware circuits in the presence of glitches, but remain limited in identification and verification of transitional leakage. To this end, we extend SILVER, a recently proposed tool for formal security verification of masked logic circuits, to also detect and verify information leakage resulting from combinations of glitches and transitions. Based on extensive case studies, we further confirm the accuracy and practical relevance of our methodology when assessing and verifying information leakage in hardware implementations.
Highlights
Given that SILVER operates on an annotated gate-level netlist, we extended the initial parsing and pre-processing procedures to support the conversion of an iterative circuit to a loop-free graph as well as the generation of the list of transitions F
We present a novel methodology for modeling transition- and glitch-extended probes, enabling us to integrate the verification of transition-based leakage into SILVER, an existing software framework for formal verification of masked circuits which before was limited to perform verification in the (1, 0, 0)-robust d-probing model only, i.e., under the occurrence of glitches
With the integration of our methodology into SILVER, we enable designers to formally evaluate the security of hardware designs in the presence of glitches combined with transitions (i.e., in the (1, 1, 0)-robust d-probing model), which is highly relevant for constructing SideChannel Analysis (SCA)-resilient iterative hardware designs
Summary
Comparing these existing approaches and tools for formal verification of masked hardware circuits, what becomes immediately apparent is the fact that all tools only consider glitches as undesired physical defaults while neglecting information leakage due to transitions. None of the existing tools supports a complete modeling of unintentional physical defaults occurring in hardware, i.e., glitches and transitions, for the security verification of masked circuits. Demonstrating the power of our extended model and verification framework as well as the practical relevance of accurately modeling glitches and transitions during security verification, we analyze different iterative 8-bit S-box constructions, proposed by Boss et al [BGG+16], and report information leakage due to transitions, both in formal security verification as well as in experimental Side-Channel Analysis (SCA) evaluations. Thanks to our extended version of SILVER, while confirming the issues reported and claims made in [CS21], we provide other insights through theoretical and experimental analyses when HPC gadgets are processed iteratively
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
