Projects per year
Abstract
Cryptographic software running on embedded devices requires protection against physical side-channel attacks such as power analysis. Masking is a widely deployed countermeasure against these attacks and is directly implemented on algorithmic level. Many works study the security of masked cryptographic software on CPUs, pointing out potential problems on algorithmic/microarchitecture-level, as well as corresponding solutions, and even show masked software can be implemented efficiently and with strong (formal) security guarantees. However, these works also make the implicit assumption that software is executed directly on the CPU without any abstraction layers in-between, i.e., they focus exclusively on the bare-metal case. Many practical applications, including IoT and automotive/industrial environments, require multitasking embedded OSs on which masked software runs as one out of many concurrent tasks. For such applications, the potential impact of events like context switches on the secure execution of masked software has not been studied so far at all.
In this paper, we provide the first security analysis of masked cryptographic software spanning all three layers (SW, OS, CPU). First, we apply a formal verification approach to identify leaks within the execution of masked software that are caused by the embedded OS itself, rather than on algorithmic or microarchitecture level. After showing that these leaks are primarily caused by context switching, we propose several different strategies to harden a context switching routine against such leakage, ultimately allowing masked software from previous works to remain secure when being executed on embedded OSs. Finally, we present a case study focusing on FreeRTOS, a popular embedded OS for embedded devices, running on a RISC-V core, allowing us to evaluate the practicality and ease of integration of each strategy.
In this paper, we provide the first security analysis of masked cryptographic software spanning all three layers (SW, OS, CPU). First, we apply a formal verification approach to identify leaks within the execution of masked software that are caused by the embedded OS itself, rather than on algorithmic or microarchitecture level. After showing that these leaks are primarily caused by context switching, we propose several different strategies to harden a context switching routine against such leakage, ultimately allowing masked software from previous works to remain secure when being executed on embedded OSs. Finally, we present a case study focusing on FreeRTOS, a popular embedded OS for embedded devices, running on a RISC-V core, allowing us to evaluate the practicality and ease of integration of each strategy.
Original language | English |
---|---|
Title of host publication | ASIA CCS 2023 - Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security |
Publisher | Association of Computing Machinery |
Pages | 980-992 |
Number of pages | 13 |
ISBN (Electronic) | 979-8-4007-0098-9 |
DOIs | |
Publication status | Published - 10 Jul 2023 |
Event | 18th ACM ASIA Conference on Computer and Communications Security: AsiaCCS 2023 - Melbourne, Australia Duration: 10 Jul 2023 → 14 Jul 2023 https://asiaccs2023.org |
Publication series
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
ISSN (Print) | 1543-7221 |
Conference
Conference | 18th ACM ASIA Conference on Computer and Communications Security |
---|---|
Abbreviated title | AsiaCCS '23 |
Country/Territory | Australia |
City | Melbourne |
Period | 10/07/23 → 14/07/23 |
Internet address |
Keywords
- Embedded OS
- Masking
- RTOS
- Side-Channel Analysis
- Verification
ASJC Scopus subject areas
- Software
- Computer Networks and Communications
Fingerprint
Dive into the research topics of 'Secure Context Switching of Masked Software Implementations'. Together they form a unique fingerprint.-
Special Research Area (SFB) F85 Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design (FWF - SPyCoDe)
1/01/23 → 31/12/26
Project: Research project
-
Dependable Internet of Things
Boano, C. A., Kubin, G., Bloem, R., Horn, M., Pernkopf, F., Zakany, N., Mangard, S., Witrisal, K., Römer, K. U., Aichernig, B., Bösch, W., Baunach, M. C., Tappler, M., Malenko, M., Weiser, S., Eichlseder, M., Leitinger, E., Grosinger, J., Großwindhager, B., Ebrahimi, M., Alothman Alterkawi, A. B., Knoll, C., Teschl, R., Saukh, O., Rath, M., Steinberger, M., Steinbauer-Wagner, G. & Tranninger, M.
1/01/16 → 31/03/22
Project: Research project
Activities
- 1 Talk at conference or symposium
-
Secure Context Switching of Masked Software Implementations
Barbara Gigerl (Speaker)
14 Jul 2023Activity: Talk or presentation › Talk at conference or symposium › Science to science