Secure Context Switching of Masked Software Implementations

Barbara Gigerl*, Robert Primas, Stefan Mangard

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Cryptographic software running on embedded devices requires protection against physical side-channel attacks such as power analysis. Masking is a widely deployed countermeasure against these attacks and is directly implemented on algorithmic level. Many works study the security of masked cryptographic software on CPUs, pointing out potential problems on algorithmic/microarchitecture-level, as well as corresponding solutions, and even show masked software can be implemented efficiently and with strong (formal) security guarantees. However, these works also make the implicit assumption that software is executed directly on the CPU without any abstraction layers in-between, i.e., they focus exclusively on the bare-metal case. Many practical applications, including IoT and automotive/industrial environments, require multitasking embedded OSs on which masked software runs as one out of many concurrent tasks. For such applications, the potential impact of events like context switches on the secure execution of masked software has not been studied so far at all.

In this paper, we provide the first security analysis of masked cryptographic software spanning all three layers (SW, OS, CPU). First, we apply a formal verification approach to identify leaks within the execution of masked software that are caused by the embedded OS itself, rather than on algorithmic or microarchitecture level. After showing that these leaks are primarily caused by context switching, we propose several different strategies to harden a context switching routine against such leakage, ultimately allowing masked software from previous works to remain secure when being executed on embedded OSs. Finally, we present a case study focusing on FreeRTOS, a popular embedded OS for embedded devices, running on a RISC-V core, allowing us to evaluate the practicality and ease of integration of each strategy.
Originalspracheenglisch
TitelASIA CCS 2023 - Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
Herausgeber (Verlag)Association of Computing Machinery
Seiten980-992
Seitenumfang13
ISBN (elektronisch)979-8-4007-0098-9
DOIs
PublikationsstatusVeröffentlicht - 10 Juli 2023
Veranstaltung18th ACM ASIA Conference on Computer and Communications Security: AsiaCCS 2023 - Melbourne, Australien
Dauer: 10 Juli 202314 Juli 2023
https://asiaccs2023.org

Publikationsreihe

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Konferenz

Konferenz18th ACM ASIA Conference on Computer and Communications Security
KurztitelAsiaCCS '23
Land/GebietAustralien
OrtMelbourne
Zeitraum10/07/2314/07/23
Internetadresse

ASJC Scopus subject areas

  • Software
  • Computernetzwerke und -kommunikation

Fingerprint

Untersuchen Sie die Forschungsthemen von „Secure Context Switching of Masked Software Implementations“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren