Search

Your search keyword '"Standaert, François-Xavier"' showing total 104 results
Start Over Author "Standaert, François-Xavier" Publisher springer
104 results on '"Standaert, François-Xavier"'

5. Systematic Study of Decryption and Re-encryption Leakage: The Case of Kyber

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Azouaoui, Melissa, Bronchain, Olivier, Hoffmann, Clément, Kuzovkova,Yulia, Schneider, Tobias, Standaert, François-Xavier, Constructive Side-Channel Analysis and Secure Design - 13th International Workshop, {COSADE}, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Azouaoui, Melissa, Bronchain, Olivier, Hoffmann, Clément, Kuzovkova,Yulia, Schneider, Tobias, Standaert, François-Xavier, and Constructive Side-Channel Analysis and Secure Design - 13th International Workshop, {COSADE}

Published
2022

6. Handcrafting: Improving Automated Masking in Hardware with Manual Optimizations

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Momin, Charles, Cassiers, Gaëtan, Standaert, François-Xavier, Constructive Side-Channel Analysis and Secure Design - 13th International Workshop, {COSADE}, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Momin, Charles, Cassiers, Gaëtan, Standaert, François-Xavier, and Constructive Side-Channel Analysis and Secure Design - 13th International Workshop, {COSADE}

Published
2022

9. Automated News Recommendation in front of Adversarial Examples & the Technical Limits of Transparency in Algorithmic Accountability

Author

UCL - SSH/ILC/PCOM - Pôle de recherche en communication, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Descampe, Antonin, Massart, Clément, Poelman, Simon, Standaert, François-Xavier, Standaert, Olivier, UCL - SSH/ILC/PCOM - Pôle de recherche en communication, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Descampe, Antonin, Massart, Clément, Poelman, Simon, Standaert, François-Xavier, and Standaert, Olivier

Published
2021

10. A Stealthy Hardware Trojan based on a Statistical Fault Attack

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Momin, Charles, Bronchain, Olivier, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Momin, Charles, Bronchain, Olivier, and Standaert, François-Xavier

Abstract

Integrated Circuits (ICs) are sensible to a wide range of (passive, active, invasive, non-invasive) physical attacks. In this context, Hardware Trojans (HTs), that are malicious modifications of a circuit by an untrusted manufacturer, are one of the most challenging threats to mitigate. HTs aim to alter the functionality of the infected chip in a malicious way, e.g. under specific conditions known by the adversary. Fault attacks are a typical attack vector. However, for a HT to be exploitable by an adversary, it also has to be stealthy. For example, a HT that would directly inject exploitable faults in a block cipher may be spotted by analyzing its functional behavior (i.e. the positions and the distribution of the faulty values appearing). In this paper, we propose a stealthy HT instance leading to successful and hidden Statistical Fault Attacks (SFA). More precisely, the faults are injected when the chip is running under condition for which metastabilty occurs (i.e. with a increased clock frequency), leading to the apparition of faults at random positions within the target implementation. In addition, an internal bit is set to a value known only by the adversary, allowing him to perform efficient SFA. Compared to classical SFA, the HT uses its control on the target to circumvent behavioral detection tests. Indeed, it also adds computation errors in the early rounds of the target cipher which are not exploitable via SFA.

Published
2021

11. Towards Tight Random Probing Security - extended version

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Cassiers, Gaëtan, Faust, Sebastian, Orlt, Maximilian, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Cassiers, Gaëtan, Faust, Sebastian, Orlt, Maximilian, and Standaert, François-Xavier

Abstract

Proving the security of masked implementations in theoretical models that are relevant to practice and match the best known attacks of the side-channel literature is a notoriously hard problem. The random probing model is a good candidate to contribute to this challenge, due to its ability to capture the continuous nature of physical leakage (contrary to the threshold probing model), while also being convenient to manipulate in proofs and to automate with verification tools. Yet, despite recent progresses in the design of masked circuits with good asymptotic security guarantees in this model, existing results still fall short when it comes to analyze the security of concretely useful circuits under realistic noise levels and with low number of shares. In this paper, we contribute to this issue by introducing a new composability notion, the Probe Distribution Table (PDT), and a new tool (called STRAPS, for the Sampled Testing of the RAndom Probing Security). Their combination allows us to significantly improve the tightness of existing analyses in the most practical (low noise, low number of shares) region of the design space. We illustrate these improvements by quantifying the random probing security of an AES S-box circuit, masked with the popular multiplication gadget of Ishai, Sahai and Wagner from Crypto 2003, with up to six shares.

Published
2021

12. Efficient Leakage-Resilient MACs Without Idealized Assumptions

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Guo, Chun, Peters, Thomas, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Guo, Chun, Peters, Thomas, and Standaert, François-Xavier

Published
2021

13. Towards a Better Understanding of Side-Channel Analysis Measurements Setups

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bellizia, Davide, Udvarhelyi, Balazs, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bellizia, Davide, Udvarhelyi, Balazs, and Standaert, François-Xavier

Abstract

The evaluation of side-channel measurement setups and the impact they can have on physical security evaluations is a surprisingly under-discussed topic. In this paper, we initiate a comprehensive study of such setups for embedded software and hardware (FPGA) implementa- tions.We systematically investigate a design space including the choice of the probing method, the clock frequency of the device under test, its sup- ply voltage and the sampling rate of the adversary's oscilloscope. Our re- sults quantify the impact (i.e., the risk of security over-estimations) that suboptimal setups can cause and lead to easy-to-use guidelines for secu- rity evaluators. Despite some of our conclusions are device-dependent, we argue that the proposed methodology and some of the proposed guide- lines are of general interest and could be applied to other setups.

Published
2021

14. Scatter: a Missing Case?

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Zhou, Yuanyuan, Duval, Sébastien, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Zhou, Yuanyuan, Duval, Sébastien, and Standaert, François-Xavier

Abstract

Scatter is a multivariate transform proposed in combination with the Chi2 and MIA distinguishers at COSADE 2018. Its primary motivation is to inherently deal with the misalignment and synchronization issues that may decrease the efficiency of concrete side-channel attacks. In this paper, we first show empirically that when compared to natural competitors for first-order multivariate attacks (e.g., exploiting linear regression on-the-y), it does not bring improvements in the (simulated and actual) implementation settings studied by its authors. We then show that the same holds in the higher-order case: in most practically relevant settings, Scatter works best when combined with a combination function mixing the leakage samples in a non-linear manner, bringing it back to a situation where it does not improve standard distinguishers.

Published
2020

15. On the Security of Off-the-Shelf Microcontrollers: Hardware is not Enough

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Udvarhelyi, Balazs, van Wassenhove, Antoine, Bronchain, Olivier, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Udvarhelyi, Balazs, van Wassenhove, Antoine, Bronchain, Olivier, and Standaert, François-Xavier

Abstract

We complete the state-of-the-art on the side-channel security of real-world devices by analysing two 32-bit microcontrollers equiped with an unprotected co-processor. Our results show that (i) the lack of understanding of their hardware architecture can be circumvented with standard detection tools { for this purpose, we combine a simple variation of the Test Vector Leakage Assessment methodology with Signal-to-Noise Ratio estimations, which enables the efficient identification of attack vectors; (ii) standard distinguishers then lead to powerful key recoveries with less than 5,000 traces; and (iii) preprocessing like the continuous wavelet transform can be useful in such a black box evaluation context.

Published
2020

16. Exploring Crypto-Physical Dark Matter and Learning with Physical Rounding Towards Secure and Efficient Fresh Re-Keying

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Duval, Sébastien, Méaux, Pierrick, Momin, Charles, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Duval, Sébastien, Méaux, Pierrick, Momin, Charles, and Standaert, François-Xavier

Abstract

State-of-the-art re-keying schemes can be viewed as a tradeoff between efficient but heuristic solutions based on binary field multiplications, that are only secure if implemented with a sufficient amount of noise, and formal but more expensive solutions based on weak pseudorandom functions, that remain secure if the adversary accesses their output in full. Recent results on “crypto dark matter” (TCC 2018) suggest that low-complexity pseudorandom functions can be obtained by mixing linear functions over different small moduli. In this paper, we conjecture that by mixing some matrix multiplications in a prime field with a physical mapping similar to the leakage functions exploited in side-channel analysis, we can build efficient re-keying schemes based on “crypto-physical dark matter”, that remain secure against an adversary who can access noise-free measurements. We provide first analyzes of the security and implementation properties that such schemes provide. Precisely, we first show that they are more secure than the initial (heuristic) proposal by Medwed et al. (AFRICACRYPT 2010). For example, they can resist attacks put forward by Belaid et al. (ASIACRYPT 2014), satisfy some relevant cryptographic properties and can be connected to a “Learning with Physical Rounding” problem that shares some similarities with standard learning problems. We next show that they are significantly more efficient than the weak pseudorandom function proposed by Dziembowski et al. (CRYPTO 2016), by exhibiting hardware implementation results.

Published
2020

17. Deep Learning Mitigates but Does Not Annihilate the Need of Aligned Traces and a Generalized ResNet Model For Side-channel Attacks

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Zhou, Yuanyuan, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Zhou, Yuanyuan, and Standaert, François-Xavier

Abstract

We consider the question whether synchronization / alignment methods are still useful / necessary in the context of side-channel attacks exploiting deep learning algorithms. While earlier works have shown that such methods / algorithms have a remarkable tolerance to misaligned measurements, we answer positively and describe experimental case studies of side-channel attacks against a key transportation layer and an AES S-box where such a preprocessing remains beneficial (and sometimes necessary) to perform efficient key recoveries. Our results also introduce generalized Residual Networks as a powerful alternative to other deep learning tools (e.g., Convolutional Neural Networks and Multi-Layer Perceptrons) that have been considered so far in the field of side-channel analysis. In our experimental case studies, it outperforms the other three published state-of-the-art neural network models for the data sets with and without alignment, and it even outperforms the published optimized CNN model with the public ASCAD1 data set. Conclusions are naturally implementation specific and could differ with other datasets, other values for the hyper-parameters, other machine learning models and with other alignment techniques.

Published
2020

18. Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography - A Practical Guide Through the Leakage-Resistance Jungle

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bellizia, Davide, Bronchain, Olivier, Cassiers, Gaëtan, Grosso, Vincent, Guo, Chun, Momin, Charles, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bellizia, Davide, Bronchain, Olivier, Cassiers, Gaëtan, Grosso, Vincent, Guo, Chun, Momin, Charles, Pereira, Olivier, Peters, Thomas, and Standaert, François-Xavier

Abstract

Triggered by the increasing deployment of embedded cryptographic devices (e.g., for the IoT), the design of authentication, encryption and authenticated encryption schemes enabling improved security against side-channel attacks has become an important research direction. Over the last decade, a number of modes of operation have been proposed and analyzed under different abstractions. In this paper, we investigate the practical consequences of these findings. For this purpose, we first translate the physical assumptions of leakage-resistance proofs into minimum security requirements for implementers. Thanks to this (heuristic) translation, we observe that (i) security against physical attacks can be viewed as a tradeoff between mode-level and implementation level protection mechanisms, and (ii) security requirements to guarantee confidentiality and integrity in front of leakage can be concretely different for the different parts of an implementation. We illustrate the first point by analyzing several modes of operation with gradually increased leakage-resistance. We illustrate the second point by exhibiting leveled implementations, where different parts of the investigated schemes have different security requirements against leakage, leading to performance improvements when high physical security is needed. We finally initiate a comparative discussion of the different solutions to instantiate the components of a leakage-resistant authenticated encryption scheme.

Published
2020

19. On the Worst-Case Side-Channel Security of ECC Point Randomization in Embedded Devices

Author

UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics, UCL - SSH/LIDAM - Louvain Institute of Data Analysis and Modeling in economics and statistics, Azouaoui, Melissa, Durvaux, François, Poussier, Romain, Standaert, François-Xavier, Papagiannopoulos, Kostas, Verneuil, Vincent, UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics, UCL - SSH/LIDAM - Louvain Institute of Data Analysis and Modeling in economics and statistics, Azouaoui, Melissa, Durvaux, François, Poussier, Romain, Standaert, François-Xavier, Papagiannopoulos, Kostas, and Verneuil, Vincent

Abstract

Point randomization is an important countermeasure to protect Elliptic Curve Cryptography (ECC) implementations against side-channel attacks. In this paper, we revisit its worst-case security in front of advanced side-channel adversaries taking advantage of analytical techniques in order to exploit all the leakage samples of an implementation. Our main contributions in this respect are the following: first, we show that due to the nature of the attacks against the point randomization (which can be viewed as Simple Power Analyses), the gain of using analytical techniques over simpler divide-and-conquer attacks is limited. Second, we take advantage of this observation to evaluate the theoretical noise levels necessary for the point randomization to provide strong security guarantees and compare different elliptic curve coordinates systems. Then, we turn this simulated analysis into actual experiments and show that reasonable security levels can be achieved by implementations even on low-cost (e.g. 8-bit) embedded devices. Finally, we are able to bound the security on 32-bit devices against worst-case adversaries.

Published
2020

20. Strong Authenticity with Leakage under Weak and Falsifiable Physical Assumptions

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Guo, Chun, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, 15th International Conference on Information Security and Cryptology (Inscrypt 2019), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Guo, Chun, Pereira, Olivier, Peters, Thomas, Standaert, François-Xavier, and 15th International Conference on Information Security and Cryptology (Inscrypt 2019)

Abstract

Authenticity can be compromised by information leaked via side-channels (e.g., power consumption). Examples of attacks include direct key recoveries and attacks against the tag verification which may lead to forgeries. At FSE 2018, Berti et al. described two authenticated encryption schemes which provide authenticity assuming a leak-free implementation of a Tweakable Block Cipher (TBC). Precisely, security is guaranteed even if all the intermediate computations of the target implementation are leaked in full but the TBC long-term key. Yet, while a leak-free implementation reasonably models strongly protected implementations of a TBC, it remains an idealized physical assumption that may be too demanding in many cases, in particular if hardware engineers mitigate the leakage to a good extent but (due to performance constraints) do not reach leak-freeness. In this paper, we get rid of this important limitation by introducing the notion of Strong Unpredictability with Leakage for BC’s and TBC’s. It captures the hardness for an adversary to provide a fresh and valid input/output pair for a (T)BC, even having oracle access to the (T)BC, its inverse and their leakages. This definition is game-based and may be verified/falsified by laboratories. Based on it, we then provide two Message Authentication Codes (MAC) which are secure if the (T)BC on which they rely are implemented in a way that maintains a sufficient unpredictability. Thus, we improve the theoretical foundations of leakageresilient MAC and extend them towards engineering constraints that are easier to achieve in practice.

Published
2019

21. Template Attacks vs. Machine Learning Revisited and the Curse of Dimensionality in Side-Channel Analysis: Extended Version

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Lerman, Liran, Pousier, Romain, Markowitch, Olivier, Standaert, François-Xavier, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Lerman, Liran, Pousier, Romain, Markowitch, Olivier, and Standaert, François-Xavier

Abstract

Template attacks and machine learning are two popular approaches to profiled side-channel analysis. In this paper, we aim to contribute to the understanding of their respective strengths and weaknesses, with a particular focus on their curse of dimensionality. For this purpose, we take advantage of a well controlled simulated experimental setting in order to put forward two important aspects. First and from a theoretical point of view, the data complexity of template attacks is not sensitive to the dimension increase in side-channel traces given that their profiling is perfect. Second and from a practical point of view, concrete attacks are always affected by (estimation and assumption) errors during profiling. As these errors increase, machine learning gains interest compared to template attacks, especially when based on random forests. We then clarify these results thanks to the bias-variance decomposition of the error rate recently introduced in the context side-channel analysis.

Published
2018

22. Side-channel attacks against the human brain: the PIN code case study (extended version).

Author

UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics, UCL - SSS/IONS/COSY - Systems & cognitive Neuroscience, Lange, joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics, UCL - SSS/IONS/COSY - Systems & cognitive Neuroscience, Lange, joseph, Massart, Clément, Mouraux, André, and Standaert, François-Xavier

Abstract

We revisit the side-channel attacks with brain-computer interfaces (BCIs) first put forward by Martinovic et al. at the USENIX 2012 Security Symposium. For this purpose, we propose a comprehensive investigation of concrete adversaries trying to extract a PIN code from electroencephalogram signals. Overall, our results confirm the possibility of partial PIN recovery with high probability of success in a more quantified manner and at the same time put forward the challenges of full/systematic PIN recovery. They also highlight that the attack complexities can significantly vary in function of the adversarial capabilities (e.g., supervised/profiled vs. unsupervised/non-profiled), hence leading to an interesting trade-off between their efficiency and practical relevance. We then show that similar attack techniques can be used to threat the privacy of BCI users. We finally use our experiments to discuss the impact of such attacks for the security and privacy of BCI applications at large, and the important emerging societal challenges they raise.

Published
2018

23. Side-Channel Attacks Against the Human Brain: the PIN Code Case Study

Author

Lange, Joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
0301 basic medicine, High probability, The PIN code case, Computer science, Side-channel attacks, Computer security, computer.software_genre, 03 medical and health sciences, Adversarial system, 030104 developmental biology, 0302 clinical medicine, Entropy (information theory), Side channel attack, computer, 030217 neurology & neurosurgery, Brain–computer interface
Abstract

We revisit the side-channel attacks with Brain-Computer Interfaces (BCIs) first put forward by Martinovic et al. at the USENIX 2012 Security Symposium. For this purpose, we propose a comprehensive investigation of concrete adversaries trying to extract a PIN code from electroencephalogram signals. Overall, our results confirm the possibility of partial PIN recovery with high probability of success in a more quantified manner (i.e., entropy reductions), and put forward the challenges of full PIN recovery. They also highlight that the attack complexities can significantly vary in function of the adversarial capabilities (e.g., supervised/profiled vs. unsupervised/non-profiled), hence leading to an interesting tradeoff between their efficiency and practical relevance. We then show that similar attack techniques can be used to threat the privacy of BCI users. We finally use our experiments to discuss the impact of such attacks for the security and privacy of BCI applications at large, and the important emerging societal challenges they raise.

Published
2017

24. Ridge-Based Profiled Differential Power Analysis

Author

Wang, Weijia, Yu, Yu, Standaert, François-Xavier, Gu, Dawu, Sen, XU, Zhang, Chi, Topics in Cryptology (CT-RSA) 2017 - The Cryptographers' Track at the RSA Conference 2017, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Side-channel attack, Ridge regression, Profiled DPA, Cross-validation, Linear regression
Abstract

Profiled DPA is an important and powerful type of side-channel attacks (SCAs). Thanks to its profiling phase that learns the leakage features from a controlled device, profiled DPA outperforms many other types of SCA and are widely used in the security evaluation of cryptographic devices. Typical profiling methods (such as linear regression based ones) suffer from the overfitting issue which is often neglected in previous works, i.e., the model characterizes details that are specific to the dataset used to build it (and not the distribution we want to capture). In this paper, we propose a novel profiling method based on ridge regression and investigate its generalization ability (to mitigate the overfitting issue) theoretically and by experiments. Further, based on cross-validation, we present a parameter optimization method that finds out the most suitable parameter for our ridge-based profiling. Finally, the simulation-based and practical experiments show that ridge-based profiling not only outperforms `classical' and linear regression-based ones (especially for nonlinear leakage functions), but also is a good candidate for the robust profiling.

Published
2017

25. Towards Easy Leakage Certification

Author

Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Side-channel analysis, Security evaluations
Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published
2017

26. Score-Based vs. Probability-Based Enumeration - A Cautionary Note

Author

Choudary, Marios O., Poussier, Romain, Standaert, François-Xavier, 17th International Conference in Cryptology in India - Progress in cryptology (INDIACRYPT 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Exploit, Computer science, Heuristic, Bayesian probability, Rank (computer programming), Context (language use), 02 engineering and technology, Side-channel attacks, 020202 computer hardware & architecture, Probability-based enumeration, Linear regression, Statistics, 0202 electrical engineering, electronic engineering, information engineering, Enumeration, Key (cryptography), 020201 artificial intelligence & image processing, Score-based enumeration
Abstract

The fair evaluation of leaking devices generally requires to come with the best possible distinguishers to extract and exploit side-channel information. While the need of a sound model for the leakages is a well known issue, the risks of additional errors in the post-processing of the attack results (with key enumeration/key rank estimation) are less investigated. Namely, optimal post-processing is known to be possible with distinguishers outputting probabilities (e.g. template attacks), but the impact of a deviation from this context has not been quantified so far. We therefore provide a consolidating experimental analysis in this direction, based on simulated and actual measurements. Our main conclusions are twofold. We first show that the concrete impact of heuristic scores such as produced with a correlation power analysis can lead to non-negligible post-processing errors. We then show that such errors can be mitigated in practice, with Bayesian extensions or specialized distinguishers (e.g. on-the-fly linear regression).

Published
2016

27. Towards Easy Leakage Certification

Author

Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, 18th International Conference on Cryptographic hardware and Embedded Systems (CHES 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Exploit, Computer science, business.industry, Cryptography, 02 engineering and technology, Certification, Side-channel attacks, 020202 computer hardware & architecture, Reliability engineering, Leakage certification, Information sensitivity, Power analysis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Leakage, Leakage (electronics)
Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published
2016

28. An Analysis of the Learning Parity with Noise Assumption Against Fault Attacks

Author

Berti, Francesco, Standaert, François-Xavier, 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Theoretical computer science, Cryptographic primitive, Algebraic structure, Computer science, Fault attack, 0102 computer and information sciences, 02 engineering and technology, Adversary, 01 natural sciences, Fault attacks, 020202 computer hardware & architecture, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Fault model, Parity (mathematics), Implementation, Block cipher
Abstract

We provide a first security evaluation of LPN-based implementations against fault attacks. Our main result is to show that such implementations inherently have good features to resist these attacks. First, some prominent fault models (e.g. where an adversary flips bits in an implementation) are ineffective against LPN. Second, attacks taking advantage of more advanced fault models (e.g. where an adversary sets bits in an implementation) require significantly more samples than against standard symmetric cryptographic primitives such as block ciphers. Furthermore, the sampling complexity of these attacks strongly suffers from inaccurate fault insertion. Combined with the previous observation that the inner products computed in LPN implementations have an interesting algebraic structure for side-channel resistance via masking, these results therefore suggest LPN-based primitives as interesting candidates for physically secure implementations.

Published
2016

29. Towards Fair and Efficient Evaluations of Leaking Cryptographic Devices - Overview of the ERC Project CRASH, Part I

Author

Standaert, François-Xavier, 6th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Abstract

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. In view of the cost and performance overheads caused by these protections, their fair evaluation is a primary concern for hardware and software designers. Yet, the physical nature of side-channel analysis also renders the security evaluation of cryptographic implementations very different than the one of cryptographic algorithms against mathematical cryptanalysis. That is, while the latter can be quantified based on (well-defined) time, data and memory complexities, the evaluation of side-channel analysis additionally requires to quantify the informativeness and exploitability of the physical leakages. This implies that a part of these security evaluations is inherently heuristic and dependent on engineering expertise. The development of sound tools allowing designers and evaluation laboratories to deal with this challenge was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction, starting with concrete evaluation methodologies that are well-adapted to the investigation of current embedded devices, and following with emerging trends for future implementations. Quite naturally, a large number of researchers and teams have worked on similar directions. For each of the topics discussed, I will add a couple of references to publications that I found inspiring/relevant. The list is (obviously) incomplete and only reflects my personal interests. I apologize in advance for omissions.

Published
2016

30. Towards Securing Low-Power Digital Circuits with Ultra-Low-Voltage Vdd Randomizers

Author

Kamel, Dina, de Streel, Guerric, Merino Del Pozo, Santos, Nawaz, Kashif, Standaert, François-Xavier, Flandre, Denis, Bol, David, 6th International Conference on Security, privacy, and Applied Cryptographic Engineering (SPACE 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Digital electronics, Signal processing, business.industry, Computer science, Linear regulator, Electrical engineering, 02 engineering and technology, Noise (electronics), Multiplicative noise, 020202 computer hardware & architecture, CMOS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Sensitivity (control systems), business, Low voltage
Abstract

With the exploding number of connected objects and sensitive applications, security against side-channel attacks becomes critical in low-cost and low-power IoT applications. For this purpose, established mathematical countermeasures such as masking and shuffling always require a minimum amount of noise in the adversary’s measurements, that may not be guaranteed by default because of good measurement setups and powerful signal processing. In this paper, we propose to improve the protection of sensitive digital circuits by operating them at a random ultra-low voltage (ULV) supplied by a \(V_{dd}\) randomizer. As the \(V_{dd}\) randomization modulates the switching current, it results in a multiplicative noise on both the current consumption amplitude and its time dependence. As ULV operation increases the sensitivity of the current on the supply voltage, it magnifies the generated noise while reducing the side-channel information signal thanks to the switching current reduction. As a proof-of-concept, we prototyped a simple \(V_{dd}\) randomizer based on a low-quiescent-current linear regulator with a digitally-controlled resistive feedback divider on which we apply a 4-bit random number stream. Using an information theoretic metric, the measurement results obtained in 65 nm low-power CMOS confirm that such randomizers can significantly improve the security of cryptographic implementations against standard side-channel attacks in case of low physical noise in the attacks’ setups, hence enabling the use of mathematical countermeasures.

Published
2016

31. Leakage-Resilient Symmetric Cryptography - Overview of the ERC Project CRASH, Part II

Author

Standaert, François-Xavier, 17th International Conference on Cryptology in India (INDOCRYPT 2016), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Abstract

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. The first solutions in this direction were typically aiming at reducing the amount of information leakage directly at the hardware level, and independent of the algorithm implemented. Over the years, a complementary approach (next denoted as leakage-resilience) emerged, trying to exploit the formalism of modern cryptography in order to design new constructions and security models in which the guarantees of provable security can be extended from mathematical objects towards physical ones. This naturally raises the question whether the formal results obtained in these models are practically relevant (both in terms of performance and security)? The development of sound connections between the formal models of leakage-resilient (symmetric) cryptography and the practice of side-channel attacks was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction. For this purpose, I will start with a separation result for the security of stateful and stateless primitives. I will then follow with a discussion of (i ) pseudorandom building blocks together with the theoretical challenges they raise, and (ii ) authentication, encryption and authenticated encryption schemes together with the practical challenges they raise. I will finally conclude by discussing emerging trends in the field of physically secure implementations. Quite naturally, a large number of researchers and teams have worked on similar directions. For most of the topics discussed, I will add a couple of references to publications that I found inspiring/relevant. The list is (obviously) incomplete and only reflects my personal interests. I apologize in advance for omissions.

Published
2016

32. Ridge-Based Profiled Differential Power Analysis

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Wang, Weijia, Yu, Yu, Standaert, François-Xavier, Gu, Dawu, Sen, XU, Zhang, Chi, Topics in Cryptology (CT-RSA) 2017 - The Cryptographers' Track at the RSA Conference 2017, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Wang, Weijia, Yu, Yu, Standaert, François-Xavier, Gu, Dawu, Sen, XU, Zhang, Chi, and Topics in Cryptology (CT-RSA) 2017 - The Cryptographers' Track at the RSA Conference 2017

Abstract

Profiled DPA is an important and powerful type of side-channel attacks (SCAs). Thanks to its profiling phase that learns the leakage features from a controlled device, profiled DPA outperforms many other types of SCA and are widely used in the security evaluation of cryptographic devices. Typical profiling methods (such as linear regression based ones) suffer from the overfitting issue which is often neglected in previous works, i.e., the model characterizes details that are specific to the dataset used to build it (and not the distribution we want to capture). In this paper, we propose a novel profiling method based on ridge regression and investigate its generalization ability (to mitigate the overfitting issue) theoretically and by experiments. Further, based on cross-validation, we present a parameter optimization method that finds out the most suitable parameter for our ridge-based profiling. Finally, the simulation-based and practical experiments show that ridge-based profiling not only outperforms `classical' and linear regression-based ones (especially for nonlinear leakage functions), but also is a good candidate for the robust profiling.

Published
2017

33. Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Barthe, Gilles, Dupressoir, François, Faust, Sebastian, Grégoire, Benjamin, Standaert, François-Xavier, Strub, Pierre-Yves, 36th Annual International Conference on the Theory and Applications of cryptographic Techniques (EUROCRYPT 2017), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Barthe, Gilles, Dupressoir, François, Faust, Sebastian, Grégoire, Benjamin, Standaert, François-Xavier, Strub, Pierre-Yves, and 36th Annual International Conference on the Theory and Applications of cryptographic Techniques (EUROCRYPT 2017)

Abstract

In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes. For this purpose, we first argue that (i) the probing model is not straightforward to interpret, since it more naturally captures the intuitions of serial implementations, and (ii) the noisy leakage model is not always convenient, e.g. when combined with formal methods for the verification of cryptographic implementations. Therefore we introduce a new model, the bounded moment model, that formalizes a weaker notion of security order frequently used in the side-channel literature. Interestingly, we prove that probing security for a serial implementation implies bounded moment security for its parallel counterpart. This result therefore enables an accurate understanding of the links between formal security analyses of masking schemes and experimental security evaluations based on the estimation of statistical moments. Besides its consolidating nature, our work also brings useful technical contributions. First, we describe and analyze refreshing and multiplication algorithms that are well suited for parallel implementations and improve security against multivariate side-channel attacks. Second, we show that simple refreshing algorithms (with linear complexity) that are not secure in the continuous probing model are secure in the continuous bounded moment model. Eventually, we discuss the independent leakage assumption required for masking to deliver its security promises, and its specificities related to the serial or parallel nature of an implementation.

Published
2017

34. Gimli: a cross-platform permutation

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bernstein, Daniel J., Kölbl, Stefan, Lucks, Stefan, Maat Costa Massolino, Pedro, Mendel, Florian, Nawaz, Kashif, Schneider, Tobias, Schwabe, Peter, Standaert, François-Xavier, Todo, Yosuke, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bernstein, Daniel J., Kölbl, Stefan, Lucks, Stefan, Maat Costa Massolino, Pedro, Mendel, Florian, Nawaz, Kashif, Schneider, Tobias, Schwabe, Peter, Standaert, François-Xavier, Todo, Yosuke, and 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017)

Abstract

This paper presents Gimli, a 384-bit permutation designed to achieve high security with high performance across a broad range of platforms, including 64-bit Intel/AMD server CPUs, 64-bit and 32bit ARM smartphone CPUs, 32-bit ARM microcontrollers, 8-bit AVR microcontrollers, FPGAs, ASICs without side-channel protection, and ASICs with side-channel protection.

Published
2017

35. Side-Channel Attacks Against the Human Brain: the PIN Code Case Study

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Lange, Joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Lange, Joseph, Massart, Clément, Mouraux, André, Standaert, François-Xavier, and 8th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2017)

Abstract

We revisit the side-channel attacks with Brain-Computer Interfaces (BCIs) first put forward by Martinovic et al. at the USENIX 2012 Security Symposium. For this purpose, we propose a comprehensive investigation of concrete adversaries trying to extract a PIN code from electroencephalogram signals. Overall, our results confirm the possibility of partial PIN recovery with high probability of success in a more quantified manner (i.e., entropy reductions), and put forward the challenges of full PIN recovery. They also highlight that the attack complexities can significantly vary in function of the adversarial capabilities (e.g., supervised / profiled vs. unsupervised / non-profiled), hence leading to an interesting tradeoff between their efficiency and practical relevance. We then show that similar attack techniques can be used to threat the privacy of BCI users. We finally use our experiments to discuss the impact of such attacks for the security and privacy of BCI applications at large, and the important emerging societal challenges they raise.

Published
2017

36. Very High Order Masking: Efficient Implementation and Security Evaluation

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Journault, Anthony, Standaert, François-Xavier, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Journault, Anthony, Standaert, François-Xavier, and 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017)

Abstract

In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the bitslice cipher Fantomas. By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic timings for masked implementations with 32 shares. We then observe that the security level provided by such implementations is uneasy to quantify with current evaluation tools. We therefore propose a new \multi-model" evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature. This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters. Concretely, it leads us to conclude that these implementations withstand worst-case adversaries with > 264 measurements under falsifiable assumptions.

Published
2017

37. A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Poussier, Romain, Zhou, Yuanyuan, Standaert, François-Xavier, 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Poussier, Romain, Zhou, Yuanyuan, Standaert, François-Xavier, and 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017)

Abstract

The wide number and variety of side-channel attacks against scalar multiplication algorithms makes their security evaluations complex, in particular in case of time constraints making exhaustive analyses impossible. In this paper, we present a systematic way to evaluate the security of such implementations against horizontal attacks. As horizontal attacks allow extracting most of the information in the leakage traces of scalar multiplications, they are suitable to avoid risks of overestimated security levels. For this purpose, we additionally propose to use linear regression in order to accurately characterize the leakage function and therefore approach worst-case security evaluations. We then show how to apply our tools in the contexts of ECDSA and ECDH implementations, and validate them against two targets: a Cortex-M4 and a Cortex-A8 micro-controllers.

Published
2017

38. Towards Easy Leakage Certification

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, and Merino Del Pozo, Santos

Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published
2017

39. From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces

Author

UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, Advances in Cryptology - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2016), UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, and Advances in Cryptology - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2016)

Abstract

Leakage detection usually refers to the task of identifying data-dependent information in side-channel measurements, independent of whether this information can be exploited. Detecting Points-Of-Interest (POIs) in leakage traces is a complementary task that is a necessary first step in most side-channel attacks, where the adversary wants to turn this information into (e.g.) a key recovery. In this paper, we discuss the differences between these tasks, by investigating a popular solution to leakage detection based on a t-test, and an alternative method exploiting Pearson's correlation coecient. We rst show that the simpler t-test has better sampling complexity, and that its gain over the correlation-based test can be predicted by looking at the Signal-to-Noise Ratio (SNR) of the leakage partitions used in these tests. This implies that the sampling complexity of both tests relates more to their implicit leakage assumptions than to the actual statistics exploited.We also put forward that this gain comes at the cost of some intuition loss regarding the localization of the exploitable leakage samples in the traces, and their informativeness. Next, and more importantly, we highlight that our reasoning based on the SNR allows dening an improved t-test with signicantly faster detection speed (with approximately 5 times less measurements in our experiments), which is therefore highly relevant for evaluation laboratories. We nally conclude that whereas t-tests are the method of choice for leakage detection only, correlation-based tests exploiting larger partitions are preferable for detecting POIs.We conrm this intuition by improving automated tools for the detection of POIs in the leakage measurements of a masked implementation, in a black box manner and without key knowledge, thanks to a correlation-based leakage detection test.

Published
2016

40. Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts

Author

UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique, Pierrick, Méaux, Journault, Anthony, Standaert, François-Xavier, Carlet, Claude, Advances in Cryptology - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2016), UCL - SST/ICTM/ELEN-Pôle en ingénierie électrique, Pierrick, Méaux, Journault, Anthony, Standaert, François-Xavier, Carlet, Claude, and Advances in Cryptology - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2016)

Abstract

Symmetric ciphers purposed for Fully Homomorphic Encryption (FHE) have recently been proposed for two main reasons. First, minimizing the implementation (time and memory) overheads that are inherent to current FHE schemes. Second, improving the homomorphic capacity, i.e. the amount of operations that one can perform on homomorphic ciphertexts before bootstrapping, which amounts to limit their level of noise. Existing solutions for this purpose suggest a gap between block ciphers and stream ciphers. The first ones typically allow a constant but small homomorphic capacity, due to the iteration of rounds eventually leading to complex Boolean functions (hence large noise). The second ones typically allow a larger homomorphic capacity for the first ciphertext blocks, that decreases with the number of ciphertext blocks (due to the increasing Boolean complexity of the stream ciphers’ output). In this paper, we aim to combine the best of these two worlds, and propose a new stream cipher construction that allows constant and small(er) noise. Its main idea is to apply a Boolean (filter) function to a public bit permutation of a constant key register, so that the Boolean complexity of the stream cipher outputs is constant. We also propose an instantiation of the filter function designed to exploit recent (3rd-generation) FHE schemes, where the error growth is quasi-additive when adequately multiplying ciphertexts with the same amount of noise. In order to stimulate further investigation, we then specify a few instances of this stream cipher, for which we provide a preliminary security analysis. We finally highlight the good properties of our stream cipher regarding the other goal of minimizing the time and memory complexity of calculus delegation (for 2nd-generation FHE schemes). We conclude the paper with open problems related to the large design space opened by these new constructions.

Published
2016

41. Towards Easy Leakage Certification

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, 18th International Conference on Cryptographic hardware and Embedded Systems (CHES 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Durvaux, François, Standaert, François-Xavier, Merino Del Pozo, Santos, and 18th International Conference on Cryptographic hardware and Embedded Systems (CHES 2016)

Abstract

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

Published
2016

42. Towards Securing Low-Power Digital Circuits with Ultra-Low-Voltage Vdd Randomizers

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Kamel, Dina, de Streel, Guerric, Merino Del Pozo, Santos, Nawaz, Kashif, Standaert, François-Xavier, Flandre, Denis, Bol, David, 6th International Conference on Security, privacy, and Applied Cryptographic Engineering (SPACE 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Kamel, Dina, de Streel, Guerric, Merino Del Pozo, Santos, Nawaz, Kashif, Standaert, François-Xavier, Flandre, Denis, Bol, David, and 6th International Conference on Security, privacy, and Applied Cryptographic Engineering (SPACE 2016)

Abstract

With the exploding number of connected objects and sensitive applications, security against side-channel attacks becomes critical in low-cost and low-power IoT applications. For this purpose, established mathematical countermeasures such as masking and shuffling always require a minimum amount of noise in the adversary’s measurements, that may not be guaranteed by default because of good measurement setups and powerful signal processing. In this paper, we propose to improve the protection of sensitive digital circuits by operating them at a random ultra-low voltage (ULV) supplied by a Vdd randomizer. As the Vdd randomization modulates the switching current, it results in a multiplicative noise on both the current consumption amplitude and its time dependence. As ULV operation increases the sensitivity of the current on the supply voltage, it magnifies the generated noise while reducing the side-channel information signal thanks to the switching current reduction. As a proof-of-concept, we prototyped a simple Vdd randomizer based on a low-quiescent-current linear regulator with a digitally-controlled resistive feedback divider on which we apply a 4-bit random number stream. Using an information theoretic metric, the measurement results obtained in 65nm low-power CMOS confirm that such randomizers can significantly improve the security of cryptographic implementations against standard side-channel attacks in case of low physical noise in the attacks’ setups, hence enabling the use of mathematical countermeasures.

Published
2016

43. Towards Fair and Efficient Evaluations of Leaking Cryptographic Devices - Overview of the ERC Project CRASH, Part I

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Standaert, François-Xavier, 6th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Standaert, François-Xavier, and 6th International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2016)

Abstract

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. In view of the cost and performance overheads caused by these protections, their fair evaluation is a primary concern for hardware and software designers. Yet, the physical nature of side-channel analysis also renders the security evaluation of cryptographic implementations very different than the one of cryptographic algorithms against mathematical cryptanalysis. That is, while the latter can be quantified based on (well-defined) time, data and memory complexities, the evaluation of side-channel analysis additionally requires to quantify the informativeness and exploitability of the physical leakages. This implies that a part of these security evaluations is inherently heuristic and dependent on engineering expertise. The development of sound tools allowing designers and evaluation laboratories to deal with this challenge was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction, starting with concrete evaluation methodologies that are well-adapted to the investigation of current embedded devices, and following with emerging trends for future implementations. Quite naturally, a large number of researchers and teams have worked on similar directions. For each of the topics discussed, I will add a couple of references to publications that I found inspiring/relevant. The list is (obviously) incomplete and only reflects my personal interests. I apologize in advance for omissions.

Published
2016

44. Taylor Expansion of Maximum Likelihood Attacks for Masked and Shuffled Implementations

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bruneau, Nicolas, Guilley, Sylvain, Heuser, Annelie, Rioul, Olivier, Standaert, François-Xavier, Teglia, Yannick, 22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Bruneau, Nicolas, Guilley, Sylvain, Heuser, Annelie, Rioul, Olivier, Standaert, François-Xavier, Teglia, Yannick, and 22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2016)

Abstract

The maximum likelihood side-channel distinguisher of a template attack scenario is expanded into lower degree attacks according to the increasing powers of the signal-to-noise ratio (SNR). By exploiting this decomposition we show that it is possible to build highly multivariate attacks which remain efficient when the likelihood cannot be computed in practice due to its computational complexity. The shuffled table recomputation is used as an illustration to derive a new attack which outperforms the ones presented by Bruneau et al. at CHES 2015, and so across the full range of SNRs. This attack combines two attack degrees and is able to exploit high dimensional leakage which explains its efficiency.

Published
2016

45. Leakage-Resilient Symmetric Cryptography - Overview of the ERC Project CRASH, Part II

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Standaert, François-Xavier, 17th International Conference on Cryptology in India (INDOCRYPT 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Standaert, François-Xavier, and 17th International Conference on Cryptology in India (INDOCRYPT 2016)

Abstract

Side-channel analysis is an important concern for the security of cryptographic implementations, and may lead to powerful key recovery attacks if no countermeasures are deployed. Therefore, various types of protection mechanisms have been proposed over the last 20 years. The first solutions in this direction were typically aiming at reducing the amount of information leakage directly at the hardware level, and independent of the algorithm implemented. Over the years, a complementary approach (next denoted as leakage-resilience) emerged, trying to exploit the formalism of modern cryptography in order to design new constructions and security models in which the guarantees of provable security can be extended from mathematical objects towards physical ones. This naturally raises the question whether the formal results obtained in these models are practically relevant (both in terms of performance and security)? The development of sound connections between the formal models of leakage-resilient (symmetric) cryptography and the practice of side-channel attacks was one of the main objectives of the CRASH project funded by the European Research Council. In this talk, I will survey a number of results we obtained in this direction. For this purpose, I will start with a separation result for the security of stateful and stateless primitives. I will then follow with a discussion of (i ) pseudorandom building blocks together with the theoretical challenges they raise, and (ii ) authentication, encryption and authenticated encryption schemes together with the practical challenges they raise. I will finally conclude by discussing emerging trends in the field of physically secure implementations. Quite naturally, a large number of researchers and teams have worked on similar directions. For most of the topics discussed, I will add a couple of references to publications that I found inspiring/relevant. The list is (obviously) incomplete and only reflects my personal interests. I a

Published
2016

46. An Analysis of the Learning Parity with Noise Assumption Against Fault Attacks

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Standaert, François-Xavier, 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Berti, Francesco, Standaert, François-Xavier, and 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016)

Abstract

We provide a rst security evaluation of LPN-based implementations against fault attacks. Our main result is to show that such implementations inherently have good features to resist these attacks. First, some prominent fault models (e.g. where an adversary flips bits in an implementation) are ineffective against LPN. Second, attacks taking advantage of more advanced fault models (e.g. where an adversary sets bits in an implementation) require significantly more samples than against standard symmetric cryptographic primitives such as block ciphers. Furthermore, the sampling complexity of these attacks strongly suers from inaccurate fault insertion. Combined with the previous observation that the inner products computed in LPN implementations have an interesting algebraic structure for side-channel resistance via masking, these results therefore suggest LPN-based primitives as interesting candidates for physically secure implementations.

Published
2016

47. Inner Product Masking for Bitslice Ciphers and Security Order Amplification for Linear Leakages

Author

UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Wang, Weijia, Standaert, François-Xavier, Yu, Yu, Pu, Sihang, Liu, Junrong, Guo, Zheng, Gu, Dawu, 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016), UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, Wang, Weijia, Standaert, François-Xavier, Yu, Yu, Pu, Sihang, Liu, Junrong, Guo, Zheng, Gu, Dawu, and 15th International Conference on Smart Card Research and Advanced Applications (CARDIS 2016)

Abstract

Designers of masking schemes are usually torn between the contradicting goals of maximizing the security gains while minimizing the performance overheads. Boolean masking is one extreme example of this tradeo: its algebraic structure is as simple as can be (and so are its implementations), but it typically suers more from implementation weaknesses. For example knowing one bit of each share is enough to know one bit of secret in this case. Inner product masking lies at the other side of this tradeo: its algebraic structure is more involved, making it more expensive to implement (especially at higher orders), but it ensures stronger security guarantees. For example, knowing one bit of each share is not enough to know one bit of secret in this case. In this paper, we try to combine the best of these two worlds, and propose a new masking scheme mixing a single Boolean matrix product (to improve the algebraic complexity of the scheme) with standard additive Boolean masking (to allow ecient higher-order implementations). We show that such a masking is well suited for application to bitslice ciphers. We also conduct a comprehensive security analysis of the proposed scheme. For this purpose, we give a security proof in the probing model, and carry out an information leakage evaluation of an idealized implementation. For certain leakage functions, the latter exhibits surprising observations, namely information leakages in higher statistical moments than guaranteed by the proof in the probing model, which we can connect to the recent literature on low entropy masking schemes. We conclude the paper with a performance evaluation, which conrms that both for security and performance reasons, our new masking scheme (which can be viewed as a variation of inner product masking) compares favorably to state-of-the-art masking schemes for bitslice ciphers.

Published
2016

48. A Survey of Recent Results in FPGA Security and Intellectual Property protection

Author

Durvaux, François, Kerckhof, Stéphanie, Regazzoni, Francesco, Standaert, François-Xavier, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Field Programmable Gate Arrays (FPGAs), FPGA Security, Intellectual Property protection
Abstract

Field Programmable Gate Arrays (FPGAs) are reconfigurable devices which have emerged as an interesting trade-off between the efficiency of Application Specific Integrated Circuits (ASICs) and the versatility of standard microprocessors [81]. Progresses over the last 10 years have improved their capabilities to the point where they can hold a complete System on a Chip (SoC) and thus become an attractive platform for an increasing number of applications (e.g. signal processing, image processing, aerospace, . . . ). In view of the important data manipulated by these devices, but also of the high amount of Intellectual Property (IP) they may contain, security-related questions have arisen. First, can we use FPGAs as security devices for e.g. securely and efficiently encrypting sensitive data (in particular when compared to software solutions)? Second, how can we guarantee that the IP corresponding to FPGA designs is protected (i.e. cannot be easily counterfeited)? Such questions have been the target of a large number of papers in literature, including several surveys, e.g. [13, 71, 83]. In this chapter, we take another look at them and review a number of important recent results related to security IPs and IP security in modern reconfigurable devices. The chapter is structured in three main sections. First, we brie y describe the structure of recent FPGAs. Next, we discuss security IPs in FPGAs, taking the example of symmetric encryption with the AES Rijndael, and including their performance evaluations and resistance against physical attacks. Finally, we emphasize recent trends for improving IP security in FPGAs, including bitstream security, the use of code watermarking techniques and the exploitation of Physically Unclonable Functions (PUFs).

Published
2014

49. Unified and optimized linear collision attacks and their application in a non-profiled setting

Author

Gérard, Benoît, Standaert, François-Xavier, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Abstract

Side-channel collision attacks are one of the most investigated techniques allowing the combination of mathematical and physical cryptanalysis. In this paper, we discuss their relevance in the security evaluation of leaking devices with two main contributions. On the one hand, we suggest that the exploitation of linear collisions in block ciphers can be naturally re-written as a Low Density Parity Check Code decoding problem. By combining this re-writing with a Bayesian extension of the collision detection techniques, we succeed in improving the efficiency and error tolerance of previously introduced attacks. On the other hand, we provide various experiments in order to discuss the practicality of such attacks compared to standard DPA. Our results exhibit that collision attacks are less efficient in classical implementation contexts, e.g. 8-bit microcontrollers leaking according to a linear power consumption model.We also observe that the detection of collisions in software devices may be difficult in the case of optimized implementations, because of less regular assembly codes. Interestingly, the soft decoding approach is particularly useful in these more challenging scenarios. Finally, we show that there exist (theoretical) contexts in which collision attacks succeed in exploiting leakages whereas all other non-profiled side-channel attacks fail.

Published
2013

50. Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box

Author

Renauld, Mathieu, Kamel, Dina, Standaert, François-Xavier, Flandre, Denis, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2011), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects
Security analysis, Theoretical computer science, CMOS, Computer engineering, Physical information, Computer science, Information leakage, Key (cryptography), Current-mode logic, Routing (electronic design automation), Full custom
Abstract

In a recent work from Eurocrypt 2011, Renauld et al. discussed the impact of the increased variability in nanoscale CMOS devices on their evaluation against side-channel attacks. In this paper, we complement this work by analyzing an implementation of the AES S-box, in the DDSLL dual-rail logic style, using the same 65-nanometer technology. For this purpose, we first compare the performance results of the static CMOS and dual-rail S-boxes. We show that full custom design allows to nicely mitigate the performance drawbacks that are usually reported for dual-rail circuits. Next, we evaluate the side-channel leakages of these S-boxes, using both simulations and actual measurements. We take advantage of state-of-the-art evaluation tools, and discuss the quantity and nature (e.g. linearity) of the physical information they provide. Our results show that the security improvement of the DDSLL S-box is typically in the range of one order of magnitude (in terms of "number of traces to recover the key"). They also confirm the importance of a profiled information theoretic analysis for the worst-case security evaluation of leaking devices. They finally raise the important question whether dual-rail logic styles remain a promising approach for reducing the side-channel information leakages in front of technology scaling, as hardware constraints such as balanced routing may become increasingly challenging to fulfill, as circuit sizes tend towards the nanometer scale.

Published
2012

Catalog

Books, media, physical & digital resources
See catalog results