A Tale of Resilience: On the Practical Security of Masked Software Implementations

A Tale of Resilience: On the Practical Security of Masked Software Implementations

Masking constitutes a provably-secure approach against side-channel attacks. However, recombination effects (e.g., transitions) severely reduce the proven security. Concerning the software domain, CPU microarchitectures encompass techniques improving the execution performances. Several studies show...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 11; p. 1
Main Authors: Casalino, Lorenzo, Belleville, Nicolas, Courousse, Damien, Heydemann, Karine
Format: Journal Article
Language:English
Published: Piscataway IEEE 01-01-2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Computer architecture
Computer Science
Cryptography and Security
Cybersecurity
Embedded Systems
Encoding
Fields (mathematics)
Masking
Microarchitecture
Microcontrollers
Multiplication
processor micro-architecture
Random variables
Registers
Resilience
Security
side-channel analysis
Side-channel attacks
Software
Software engineering
software masking
Microarchitecture
Side-channel attacks
Encoding
Random variables
Registers
Security
Resilience
Software engineering
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Masking constitutes a provably-secure approach against side-channel attacks. However, recombination effects (e.g., transitions) severely reduce the proven security. Concerning the software domain, CPU microarchitectures encompass techniques improving the execution performances. Several studies show that such techniques induce recombination effects. Furthermore, these techniques implicitly induce some form of parallelism, and the potential associated threat has never been investigated. In addition, the practical security of masking relies on the chosen masking scheme. Few works analysed the security of software protected by different masking schemes, and none considered the parallelism threat. Thus, literature lacks of a more comprehensive investigation on the practical security of software implementations relying on various masking schemes in presence of micro-architecture-induced recombination effects and parallelism. This work performs a first step to fill this gap. Specifically, we evaluate the practical security offered by first-order boolean , arithmetic-sum and inner-product masking against transitions and parallelism in software. We firstly assess the presence of transition and parallel-induced leakages in software. Secondly, we evaluate the security of the encodings of the selected masking schemes with respect to each leakage source via micro-benchmarks. Thirdly, we assess the practical security of different AES-128 software implementations, one for each selected masking scheme. We lead the investigation on the STM32F215 and STM32F303 micro-controllers. We show that (1) CPU's parallel features allow successful attacks against transition-resistant masked implementations; (2) implementation choices (e.g., finite field multiplication) impact on the practical security of masked software implementations in presence of recombination effects.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3298436