Provable Secure Software Masking in the Real-World View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2022-03-26

AUTHORS

Arthur Beckers , Lennert Wouters , Benedikt Gierlichs , Bart Preneel , Ingrid Verbauwhede

ABSTRACT

We evaluate eight implementations of provable secure side-channel masking schemes that were published in top-tier academic venues such as Eurocrypt, Asiacrypt, CHES and SAC. Specifically, we evaluate the side-channel attack resistance of eight open-source and first-order side-channel protected AES-128 software implementations on the Cortex-M4 platform. Using a T-test based leakage assessment we demonstrate that all implementations produce first-order leakage with as little as 10,000 traces. Additionally, we demonstrate that all except for two Inner Product Masking based implementations are vulnerable to a straightforward correlation power analysis attack. We provide an assembly level analysis showing potential sources of leakage for two implementations. Some of the studied implementations were provided for benchmarking purposes. We demonstrate several flaws in the benchmarking procedures and question the usefulness of the reported performance numbers in the face of the implementations’ poor side-channel resistance. This work serves as a reminder that practical evaluations cannot be omitted in the context of side-channel analysis. More... »

PAGES

215-235

Book

TITLE

Constructive Side-Channel Analysis and Secure Design

ISBN

978-3-030-99765-6
978-3-030-99766-3

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-99766-3_10

DOI

http://dx.doi.org/10.1007/978-3-030-99766-3_10

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1146561557


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Beckers", 
        "givenName": "Arthur", 
        "id": "sg:person.012453241326.44", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012453241326.44"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Wouters", 
        "givenName": "Lennert", 
        "id": "sg:person.014146440433.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014146440433.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Gierlichs", 
        "givenName": "Benedikt", 
        "id": "sg:person.013777364607.95", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013777364607.95"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Preneel", 
        "givenName": "Bart", 
        "id": "sg:person.011115044357.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Verbauwhede", 
        "givenName": "Ingrid", 
        "id": "sg:person.014435152743.83", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014435152743.83"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2022-03-26", 
    "datePublishedReg": "2022-03-26", 
    "description": "We evaluate eight implementations of provable secure side-channel masking schemes that were published in\u00a0top-tier academic venues such as Eurocrypt, Asiacrypt, CHES and SAC. Specifically, we evaluate the side-channel attack resistance of eight open-source and first-order side-channel protected AES-128 software implementations on the Cortex-M4 platform. Using a T-test based leakage assessment we demonstrate that all implementations produce first-order leakage with as little as 10,000 traces. Additionally, we demonstrate that all except for two Inner Product Masking based implementations are vulnerable to a straightforward correlation power analysis attack. We provide an assembly level analysis showing potential sources of leakage for two implementations. Some of the studied implementations were provided for benchmarking purposes. We demonstrate several flaws in the benchmarking procedures and question the usefulness of the reported performance numbers in the face of the implementations\u2019 poor side-channel resistance. This work serves as a reminder that practical evaluations cannot be omitted in the context of side-channel analysis.", 
    "editor": [
      {
        "familyName": "Balasch", 
        "givenName": "Josep", 
        "type": "Person"
      }, 
      {
        "familyName": "O\u2019Flynn", 
        "givenName": "Colin", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-99766-3_10", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-99765-6", 
        "978-3-030-99766-3"
      ], 
      "name": "Constructive Side-Channel Analysis and Secure Design", 
      "type": "Book"
    }, 
    "keywords": [
      "side-channel attack resistance", 
      "correlation power analysis attack", 
      "side-channel resistance", 
      "side-channel analysis", 
      "power analysis attacks", 
      "secure software", 
      "first-order leakage", 
      "software implementation", 
      "analysis attacks", 
      "performance numbers", 
      "attack resistance", 
      "academic venues", 
      "leakage assessment", 
      "practical evaluation", 
      "implementation", 
      "inner product", 
      "software", 
      "Eurocrypt", 
      "Asiacrypt", 
      "platform", 
      "attacks", 
      "scheme", 
      "level analysis", 
      "flaws", 
      "traces", 
      "work", 
      "context", 
      "usefulness", 
      "venues", 
      "leakage", 
      "evaluation", 
      "face", 
      "number", 
      "CHES", 
      "analysis", 
      "purpose", 
      "source", 
      "reminders", 
      "procedure", 
      "products", 
      "assessment", 
      "potential source", 
      "t-test", 
      "resistance", 
      "sac", 
      "assembly-level analysis"
    ], 
    "name": "Provable Secure Software Masking in the Real-World", 
    "pagination": "215-235", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1146561557"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-99766-3_10"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-99766-3_10", 
      "https://app.dimensions.ai/details/publication/pub.1146561557"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-10-01T06:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/chapter/chapter_290.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-99766-3_10"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-99766-3_10'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-99766-3_10'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-99766-3_10'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-99766-3_10'


 

This table displays all metadata directly associated to this object as RDF triples.

138 TRIPLES      22 PREDICATES      70 URIs      63 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-99766-3_10 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 schema:author N146ff9eab7bc4429a8247f22d24419bf
4 schema:datePublished 2022-03-26
5 schema:datePublishedReg 2022-03-26
6 schema:description We evaluate eight implementations of provable secure side-channel masking schemes that were published in top-tier academic venues such as Eurocrypt, Asiacrypt, CHES and SAC. Specifically, we evaluate the side-channel attack resistance of eight open-source and first-order side-channel protected AES-128 software implementations on the Cortex-M4 platform. Using a T-test based leakage assessment we demonstrate that all implementations produce first-order leakage with as little as 10,000 traces. Additionally, we demonstrate that all except for two Inner Product Masking based implementations are vulnerable to a straightforward correlation power analysis attack. We provide an assembly level analysis showing potential sources of leakage for two implementations. Some of the studied implementations were provided for benchmarking purposes. We demonstrate several flaws in the benchmarking procedures and question the usefulness of the reported performance numbers in the face of the implementations’ poor side-channel resistance. This work serves as a reminder that practical evaluations cannot be omitted in the context of side-channel analysis.
7 schema:editor Naf544b1dae2547e08b76f7e653011910
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Naa0df7e7b4144f4da4ed34ec99081124
11 schema:keywords Asiacrypt
12 CHES
13 Eurocrypt
14 academic venues
15 analysis
16 analysis attacks
17 assembly-level analysis
18 assessment
19 attack resistance
20 attacks
21 context
22 correlation power analysis attack
23 evaluation
24 face
25 first-order leakage
26 flaws
27 implementation
28 inner product
29 leakage
30 leakage assessment
31 level analysis
32 number
33 performance numbers
34 platform
35 potential source
36 power analysis attacks
37 practical evaluation
38 procedure
39 products
40 purpose
41 reminders
42 resistance
43 sac
44 scheme
45 secure software
46 side-channel analysis
47 side-channel attack resistance
48 side-channel resistance
49 software
50 software implementation
51 source
52 t-test
53 traces
54 usefulness
55 venues
56 work
57 schema:name Provable Secure Software Masking in the Real-World
58 schema:pagination 215-235
59 schema:productId N090f196493154a5e847ab4adc7d56e93
60 N5d9acc9292b14c08b1e3f207cce415a3
61 schema:publisher N077203c4cfc7468eae28387f43e750eb
62 schema:sameAs https://app.dimensions.ai/details/publication/pub.1146561557
63 https://doi.org/10.1007/978-3-030-99766-3_10
64 schema:sdDatePublished 2022-10-01T06:56
65 schema:sdLicense https://scigraph.springernature.com/explorer/license/
66 schema:sdPublisher N797e24178e5941699c6eb8f7fe468c82
67 schema:url https://doi.org/10.1007/978-3-030-99766-3_10
68 sgo:license sg:explorer/license/
69 sgo:sdDataset chapters
70 rdf:type schema:Chapter
71 N077203c4cfc7468eae28387f43e750eb schema:name Springer Nature
72 rdf:type schema:Organisation
73 N090f196493154a5e847ab4adc7d56e93 schema:name dimensions_id
74 schema:value pub.1146561557
75 rdf:type schema:PropertyValue
76 N1124b2f5076c4e7690d880974d7e475c schema:familyName O’Flynn
77 schema:givenName Colin
78 rdf:type schema:Person
79 N146ff9eab7bc4429a8247f22d24419bf rdf:first sg:person.012453241326.44
80 rdf:rest N91881477e48d49be82f1214ef85b0825
81 N4da4b3417efb4aa09ca7bebf75168220 rdf:first N1124b2f5076c4e7690d880974d7e475c
82 rdf:rest rdf:nil
83 N5d9acc9292b14c08b1e3f207cce415a3 schema:name doi
84 schema:value 10.1007/978-3-030-99766-3_10
85 rdf:type schema:PropertyValue
86 N682beae300494c50a25f5c12eafad736 schema:familyName Balasch
87 schema:givenName Josep
88 rdf:type schema:Person
89 N6df487981ae64928b9700a39a4461097 rdf:first sg:person.014435152743.83
90 rdf:rest rdf:nil
91 N77826fbeb97d480591f84cf6a2a1860c rdf:first sg:person.011115044357.39
92 rdf:rest N6df487981ae64928b9700a39a4461097
93 N797e24178e5941699c6eb8f7fe468c82 schema:name Springer Nature - SN SciGraph project
94 rdf:type schema:Organization
95 N91881477e48d49be82f1214ef85b0825 rdf:first sg:person.014146440433.96
96 rdf:rest Na0f2ed96b82c4da18ca07d688129a9d3
97 Na0f2ed96b82c4da18ca07d688129a9d3 rdf:first sg:person.013777364607.95
98 rdf:rest N77826fbeb97d480591f84cf6a2a1860c
99 Naa0df7e7b4144f4da4ed34ec99081124 schema:isbn 978-3-030-99765-6
100 978-3-030-99766-3
101 schema:name Constructive Side-Channel Analysis and Secure Design
102 rdf:type schema:Book
103 Naf544b1dae2547e08b76f7e653011910 rdf:first N682beae300494c50a25f5c12eafad736
104 rdf:rest N4da4b3417efb4aa09ca7bebf75168220
105 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
106 schema:name Information and Computing Sciences
107 rdf:type schema:DefinedTerm
108 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
109 schema:name Computer Software
110 rdf:type schema:DefinedTerm
111 sg:person.011115044357.39 schema:affiliation grid-institutes:grid.5596.f
112 schema:familyName Preneel
113 schema:givenName Bart
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
115 rdf:type schema:Person
116 sg:person.012453241326.44 schema:affiliation grid-institutes:grid.5596.f
117 schema:familyName Beckers
118 schema:givenName Arthur
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012453241326.44
120 rdf:type schema:Person
121 sg:person.013777364607.95 schema:affiliation grid-institutes:grid.5596.f
122 schema:familyName Gierlichs
123 schema:givenName Benedikt
124 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013777364607.95
125 rdf:type schema:Person
126 sg:person.014146440433.96 schema:affiliation grid-institutes:grid.5596.f
127 schema:familyName Wouters
128 schema:givenName Lennert
129 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014146440433.96
130 rdf:type schema:Person
131 sg:person.014435152743.83 schema:affiliation grid-institutes:grid.5596.f
132 schema:familyName Verbauwhede
133 schema:givenName Ingrid
134 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014435152743.83
135 rdf:type schema:Person
136 grid-institutes:grid.5596.f schema:alternateName imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium
137 schema:name imec-COSIC, KU Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium
138 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...