Power Contracts: Provably Complete Power Leakage Models for Processors

Roderick Bloem, Barbara Gigerl, Marc Gourjon, Vedad Hadzic*, Stefan Mangard, Robert Primas

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

The protection of cryptographic software implementations against power-analysis attacks is critical for applications in embedded systems. A commonly used algorithmic countermeasure against these attacks is masking, a secret-sharing scheme that splits a sensitive computation into computations on multiple random shares.
In practice, the security of masking schemes relies on several assumptions that are often violated by microarchitectural side-effects of CPUs. Many past works address this problem by studying these leakage effects and building corresponding leakage models that can then be integrated into a software verification workflow. However, these models have only been derived empirically, putting in question the otherwise rigorous security statements made with verification.

We solve this problem in two steps.
First, we introduce a contract layer between the (CPU) hardware and the software that allows the specification of microarchitectural side-effects on masked software in an intuitive language.
Second, we present a method for proving the correspondence between contracts and CPU netlists to ensure the completeness of the specified leakage models.
Then, any further security proofs only need to happen between software and contract, which brings benefits such as reduced verification runtime, improved user experience, and the possibility of working with vendor-supplied contracts of CPUs whose design is not available on netlist-level due to IP restrictions.
We apply our approach to the popular RISC-V IBEX core, provide a corresponding formally verified contract, and describe how this contract could be used to verify masked software implementations.
Original languageEnglish
Title of host publicationCCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation of Computing Machinery
Pages381-395
Number of pages15
ISBN (Electronic)9781450394505
DOIs
Publication statusPublished - 7 Nov 2022
Event2022 ACM SIGSAC Conference on Computer and Communications Security: ACM CSS 2022 - Los Angeles, United States
Duration: 7 Nov 202211 Nov 2022

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2022 ACM SIGSAC Conference on Computer and Communications Security
Abbreviated titleACM CSS 2022
Country/TerritoryUnited States
CityLos Angeles
Period7/11/2211/11/22

Keywords

  • Power side-channel
  • Leakage model
  • Verification
  • Contract
  • Domain-specific language
  • Masking
  • Probing security
  • power side-channel
  • masking
  • contract
  • leakage model
  • domain-specific language
  • probing security
  • verification

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Power Contracts: Provably Complete Power Leakage Models for Processors'. Together they form a unique fingerprint.
  • Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs

    Gigerl, B., Hadzic, V., Primas, R., Mangard, S. & Bloem, R., 2021, Proceedings of the 30th USENIX Security Symposium. USENIX Association, p. 1469-1486 18 p.

    Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

    Open Access
    File
  • CocoAlma: A Versatile Masking Verifier

    Hadzic, V. & Bloem, R., 9 Jul 2021, Proceedings of the 21st Formal Methods in Computer-Aided Design, FMCAD 2021. Piskac, R., Whalen, M. W., Hunt, W. A. & Weissenbacher, G. (eds.). p. 14-23 10 p. (Proceedings of the 21st Formal Methods in Computer-Aided Design, FMCAD 2021).

    Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

    Open Access
    File

Cite this