Projekte pro Jahr
Abstract
The protection of cryptographic software implementations against power-analysis attacks is critical for applications in embedded systems. A commonly used algorithmic countermeasure against these attacks is masking, a secret-sharing scheme that splits a sensitive computation into computations on multiple random shares.
In practice, the security of masking schemes relies on several assumptions that are often violated by microarchitectural side-effects of CPUs. Many past works address this problem by studying these leakage effects and building corresponding leakage models that can then be integrated into a software verification workflow. However, these models have only been derived empirically, putting in question the otherwise rigorous security statements made with verification.
We solve this problem in two steps.
First, we introduce a contract layer between the (CPU) hardware and the software that allows the specification of microarchitectural side-effects on masked software in an intuitive language.
Second, we present a method for proving the correspondence between contracts and CPU netlists to ensure the completeness of the specified leakage models.
Then, any further security proofs only need to happen between software and contract, which brings benefits such as reduced verification runtime, improved user experience, and the possibility of working with vendor-supplied contracts of CPUs whose design is not available on netlist-level due to IP restrictions.
We apply our approach to the popular RISC-V IBEX core, provide a corresponding formally verified contract, and describe how this contract could be used to verify masked software implementations.
In practice, the security of masking schemes relies on several assumptions that are often violated by microarchitectural side-effects of CPUs. Many past works address this problem by studying these leakage effects and building corresponding leakage models that can then be integrated into a software verification workflow. However, these models have only been derived empirically, putting in question the otherwise rigorous security statements made with verification.
We solve this problem in two steps.
First, we introduce a contract layer between the (CPU) hardware and the software that allows the specification of microarchitectural side-effects on masked software in an intuitive language.
Second, we present a method for proving the correspondence between contracts and CPU netlists to ensure the completeness of the specified leakage models.
Then, any further security proofs only need to happen between software and contract, which brings benefits such as reduced verification runtime, improved user experience, and the possibility of working with vendor-supplied contracts of CPUs whose design is not available on netlist-level due to IP restrictions.
We apply our approach to the popular RISC-V IBEX core, provide a corresponding formally verified contract, and describe how this contract could be used to verify masked software implementations.
Originalsprache | englisch |
---|---|
Titel | CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security |
Herausgeber (Verlag) | Association of Computing Machinery |
Seiten | 381-395 |
Seitenumfang | 15 |
ISBN (elektronisch) | 9781450394505 |
DOIs | |
Publikationsstatus | Veröffentlicht - 7 Nov. 2022 |
Veranstaltung | 2022 ACM SIGSAC Conference on Computer and Communications Security: ACM CSS 2022 - Los Angeles, USA / Vereinigte Staaten Dauer: 7 Nov. 2022 → 11 Nov. 2022 |
Publikationsreihe
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
ISSN (Print) | 1543-7221 |
Konferenz
Konferenz | 2022 ACM SIGSAC Conference on Computer and Communications Security |
---|---|
Kurztitel | ACM CSS 2022 |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | Los Angeles |
Zeitraum | 7/11/22 → 11/11/22 |
ASJC Scopus subject areas
- Software
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „Power Contracts: Provably Complete Power Leakage Models for Processors“. Zusammen bilden sie einen einzigartigen Fingerprint.-
AWARE - Hardware-gewährleistete Softwaresicherheit
Mangard, S. (Teilnehmer (Co-Investigator))
1/05/22 → 30/04/25
Projekt: Forschungsprojekt
-
FERMION - Formale Verifizierung maskierter Hardware-Implementierungen
Bloem, R. (Teilnehmer (Co-Investigator))
2/01/19 → 1/01/22
Projekt: Forschungsprojekt
Aktivitäten
- 1 Vortrag bei Konferenz oder Fachtagung
-
Power Contracts: Provably Complete Power Leakage Models for Processors
Hadzic, V. (Redner/in)
10 Nov. 2022Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science
Publikationen
- 2 Beitrag in einem Konferenzband
-
Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs
Gigerl, B., Hadzic, V., Primas, R., Mangard, S. & Bloem, R., 2021, Proceedings of the 30th USENIX Security Symposium. USENIX Association, S. 1469-1486 18 S.Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung
Open AccessDatei -
CocoAlma: A Versatile Masking Verifier
Hadzic, V. & Bloem, R., 9 Juli 2021, Proceedings of the 21st Formal Methods in Computer-Aided Design, FMCAD 2021. Piskac, R., Whalen, M. W., Hunt, W. A. & Weissenbacher, G. (Hrsg.). S. 14-23 10 S. (Proceedings of the 21st Formal Methods in Computer-Aided Design, FMCAD 2021).Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung
Open AccessDatei