mistakes are proof that you are trying on verifying
play

Mistakes Are Proof That You Are Trying: On Verifying Software - PowerPoint PPT Presentation

Dec 03, 2023 •249 likes •525 views

Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes Resistance to Fault Injection Attacks Jakub Breier, Dirmanto Jap, and Shivam Bhasin Presenter: Wei He Physical Analysis and Cryptographic Engineering Nanyang

  1. Mistakes Are Proof That You Are Trying: On Verifying Software Encoding Schemes’ Resistance to Fault Injection Attacks Jakub Breier, Dirmanto Jap, and Shivam Bhasin Presenter: Wei He Physical Analysis and Cryptographic Engineering Nanyang Technological University, Singapore PROOFS’16 20 August 2016 1 / 27

  2. Table of Contents Software Encoding Schemes 1 Fault Simulation Methodology 2 Simulation and Experimental Results 3 Conclusion 4 J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 2 / 27

  3. Table of Contents Software Encoding Schemes 1 Fault Simulation Methodology 2 Simulation and Experimental Results 3 Conclusion 4 J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 3 / 27

  4. General Background • The first software information hiding scheme was presented in 2011 by Hoogvorst et al. 1 . • They suggested to adopt the dual-rail precharge logic (DPL) to reduce the dependance of the power consumption on the data. • Selmane et al. 2 showed that hardware DPL possesses properties that resist fault attacks naturally - however, this property has never been tested on software DPL. 1 P. Hoogvorst, J.-L. Danger, and G. Duc. Software Implementation of Dual-Rail Representation, COSADE 2011. 2 N. Selmane, S. Bhasin, S. Guilley, T. Graba, and J.-L. Danger. WDDL is Protected Against Setup Time Violation Attacks, FDTC’09. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 4 / 27

  5. Evaluated Proposals In our work we examined three software encoding schemes: • Bit sliced implementation of balanced assembly code that follows dual-rail precharge logic using look-up tables 3 , “Static-DPL XOR” implementation. • Balanced encoding achieved by adding complementary bits to processed data 4 , “Static-Encoding XOR” implementation. • Device-specific encoding, where the encoding function is selected based on device leakage 5 , “Device-Specific Encoding XOR” implementation. 3 P. Rauzy, S. Guilley, and Z. Najm. Formally Proved Security of Assembly Code Against Leakage, PROOFS 2014. 4 C. Chen, T. Eisenbarth, A. Shahverdi, and X. Ye. Balanced Encoding to Mitigate Power Analysis: A Case Study, CARDIS 2014. 5 H. Maghrebi, V. Servant, J. Bringer. There is wisdom in harnessing the strengths of your enemy: Customized encoding to thwart side-channel attacks, FSE 2016. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 5 / 27

  6. Contributions • We analyzed three proposed software encoding countermeasures against faults attacks. • We designed a code analyzer to understand the behavior of these countermeasures under common fault models. • We performed a practical analysis, using laser fault injection equipment on an AVR, to validate the results from simulations. • We highlighted weaknesses of the implementations and provided crucial insights on designing fault-resistant schemes. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 6 / 27

  7. “Static-DPL XOR” Implementation • All the logical gates are implemented by using look-up tables (LUT) with balanced addressing. • Bit-slicing – one byte carries only one bit of e ff ective information. • Only last two bits of each byte are used – 1 is encoded as 01 and 0 is encoded as 10. Table: Look-up tables for “DPL” implementation. index 0000 - 0100 0101 0110 0111 - 1000 1001 1010 1011 - 1111 and 00 01 10 00 10 01 00 or 00 01 01 00 01 10 00 xor 00 10 01 00 01 10 00 J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 7 / 27

  8. “Static-Encoding XOR” Implementation • One byte carries 4 bits of information. • Each nibble is balanced by adding complementary bits, in one of the two forms: b 3 ¯ b 3 b 2 ¯ b 2 b 1 ¯ b 1 b 0 ¯ b 0 and b 0 ¯ b 2 b 1 b 3 ¯ b 1 b 2 ¯ b 0 ¯ b 3 . • Following this rule, intermediate value at every point of time has Hamming weight 4. • The scheme is explained on Prince cipher, which can be realized by using a balanced XOR and a balanced table-lookup – we have examined both operations. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 8 / 27

  9. “Device-Specific Encoding XOR” Implementation • Side-channel leakage is balanced by minimizing the variance of the encoded intermediate values. • It is based on the fact that each register and each bit of register leaks the information di ff erently. • After the device profiling, the weight leakages β are used for calculating the encoding function. • In this implementation, the length of codewords can be specified by the implementer. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 9 / 27

  10. Table of Contents Software Encoding Schemes 1 Fault Simulation Methodology 2 Simulation and Experimental Results 3 Conclusion 4 J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 10 / 27

  11. Fault Simulations • Fault simulator was written in Java. • We used 8-bit AVR microcontroller assembly code. • The simulator injects faults in the target code under defined fault models. • We considered inputs and outputs already encoded. • We analyzed every instruction of code. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 11 / 27

  12. Fault Simulation Methodology Fault Injection Instruction Set Simulator Simulator Input Fault Model a = 10101010 bit flip b = 01010101 random byte fault instruction skip stuck-at fault T arget Code LDI r4 a LDI b r5 r5 r4 = 11010110 EOR r4 Validator ST c r4 r4 = 11000110 ' ... Fault Position x = 11110011 ? Valid/Invalid x = 11110011 Output Output Checker J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 12 / 27

  13. Inputs/Outputs • Static-DPL XOR: uses inputs/outputs in format 00000001 for 1 and 00000010 for 0 . There are only two possible values for a valid input, resulting in 4 di ff erent combinations of operands. • Static-Encoding XOR: has inputs/outputs in format a 0 and b 3 ¯ b 3 b 2 ¯ b 2 b 1 ¯ b 1 b 0 ¯ b 0 . Therefore, one a 3 ¯ a 3 a 2 ¯ a 2 a 1 ¯ a 1 a 0 ¯ variable in this encoding can take 16 di ff erent values, resulting in 256 input combinations. • Device-Specific Encoding XOR: we used 8-bit implementation, using 16 codewords, resulting in 256 input combinations. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 13 / 27

  14. Outputs We defined three possible output sets: • VALID – output follows the proper encoding of each implementation. • INVALID – output does not follow the proper encoding. • NULL – output is all zero. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 14 / 27

  15. Fault Models • Single/multiple bitflip – a content of the destination register of every operation was altered either to simulate single or multiple bit flip. • Instruction skip – we skipped one or two instructions. Again, we tested all the possible combinations of instruction skips. • Random byte fault – because of the specific encoding format, random byte faults are a subset of single/multiple bit flip faults. • Stuck-at fault – we changed the content of the destination register of all the instructions in the code, one instruction at a time. We tested two values, all zeros and all ones. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 15 / 27

  16. Table of Contents Software Encoding Schemes 1 Fault Simulation Methodology 2 Simulation and Experimental Results 3 Conclusion 4 J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 16 / 27

  17. Experimental Setup • DUT: Atmel ATmega328P microcontroller running at 16 MHz • Laser: Infrared 1064 nm diode pulse laser. • We found all the three kinds of faults, i.e. INVALID , VALID and NULL . • The sensitive area of the chip is approximately 1100 × 80 µ m 2 large, out of 3 × 3 mm 2 ( ≈ 0.98% of the whole chip area). J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 18 / 27

  18. Results Overview • We tested five di ff erent fault models and the faulty output could attain three possible states ( VALID, INVALID, NULL ). • For Static-Encoding XOR , majority of the faults are INVALID for all fault models. Few faults are VALID and a negligible number of faults are NULL – this situation corresponds with experimental results. • In Static-Encoding LUT and Static-DPL XOR , the simulations report a good mix of INVALID and NULL – however, number of VALID faults deviates from simulations to experiments. • In Device-Specific Encoding XOR , there is slightly inflated number of VALID faults in experiments. J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 19 / 27

  19. Static-Encoding XOR Simulations Experiment VALID 5.9% INVALID 93.6% NULL 0.6% J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 20 / 27

  20. Static-Encoding LUT Simulations Experiment VALID 32.4% INVALID 47.7% NULL 19.8% J. Breier, D. Jap, S. Bhasin (W. He) On Verifying Software Encoding Schemes’ Resistance to FIA 21 / 27

Recommend

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens 21st June 2018 Outline 2. Design process of seL4 3. Formal methods of the correctness proof 4. Layers of the correctness proof 5. Conclusion 1 1.

754 views • 64 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
Verifying Test Hypotheses - HOL/TestGen An Experiment in Test and Proof Thomas Malcher January

Verifying Test Hypotheses - HOL/TestGen An Experiment in Test and Proof Thomas Malcher January

Verifying Test Hypotheses - HOL/TestGen Verifying Test Hypotheses - HOL/TestGen An Experiment in Test and Proof Thomas Malcher January 20, 2014 1 / 20 Verifying Test Hypotheses - HOL/TestGen HOL/TestGen Outline Introduction Test Hypotheses

595 views • 20 slides
Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Verifying Automated Reasoning Results Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ https://github.com/marijnheule/proof-demo Automated Reasoning and Satisfiability, October 10, 2019 1 / 53 Outline Introduction Proof Checking

825 views • 80 slides
Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome

Europe and Finland 20 years of Monetary Union Turku Europe Forum 30 August 2018 Intervention of Francesco Papadia Mistakes Irrend lernt man (Learning through mistakes) Johann Wolfgang von Goethe 2 Rome Mistakes Italian fiscal

451 views • 22 slides
Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes weve made What is reddit? reddit is an online community Way back in 2005... Two UVA students applied for this thing called YCombinator They

1.68k views • 119 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
If you are not making mistakes, then you are not doing anything. Im positive that a DOER

If you are not making mistakes, then you are not doing anything. Im positive that a DOER

If you are not making mistakes, then you are not doing anything. Im positive that a DOER makes mistakes. John Wooden Oct. 2017 Agenda Introductions and GGOB Organization -- Sonoma/Napa/Marin games Assignment process tools

503 views • 28 slides
Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek,

Verifying concurrent Go code in Coq with Goose Tej Chajed , Joseph Tassarotti*, Frans Kaashoek, Nickolai Zeldovich MIT and *Boston College Systems verification, broadly impl proof specification 2 Systems verification requires connecting

859 views • 48 slides
RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required reading: "How Big Data Transformed Applying to College", Cathy O'Neil 1 LEARNING GOALS: LEARNING GOALS: Evaluate the risks of mistakes from

718 views • 61 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES MISTAKES Christian Kaestner With slides adopted from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning Engineering."

1.27k views • 84 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common

Lease-Up Lessons Learned Stephanie R. Barbabosa Head of Build to Rent at Lendlease 2 Common Area Mistakes 3 Interior Design Mistakes 4 Interior Unit Mistakes 5 Technology Mistakes an expensive one! 6 7 Target Market Mistakes 8 9

238 views • 10 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation

Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation

Infeasible Paths Elimination by Symb. Execution Techniques: Proof of Correctness and Preservation of Paths Romain Aissat, Frederic Voisin and Burkhart Wolff Univ - Paris-Sud / LRI 1 Abstract TRACER [8] is a tool for verifying safety

361 views • 21 slides
Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in

Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in

Mistakes, Obstacles and Conflicts Mistakes, Obstacles and Conflicts in using CMMI for Process in using CMMI for Process Improvement Improvement Itzhak Lavi, Sarit Aserraf, Alon Modai Israel Aircraft Industries SEPG North America 2008 SEPG

240 views • 21 slides
BLOCKCHAIN ALL YOUR PROBLEMS Proof Engine Tierion turns the blockchain into a global platform

BLOCKCHAIN ALL YOUR PROBLEMS Proof Engine Tierion turns the blockchain into a global platform

BLOCKCHAIN ALL YOUR PROBLEMS Proof Engine Tierion turns the blockchain into a global platform for verifying any data, file, or business process. Anchor Data In The Blockchain Scales to millions of records Receipts are portable

235 views • 9 slides
Success does not consist in never making mistakes but in never making the same one a second time.

Success does not consist in never making mistakes but in never making the same one a second time.

Success does not consist in never making mistakes but in never making the same one a second time. George Bernard Shaw Repeat offenders make mistakes by NOT: Utilising key learnings from Yr. 11 Mapping assessment schedules Linking

530 views • 23 slides
Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers Dining Philosophers Peter Welch and Neil Brown Peter Welch and Neil Brown School of Computing, University of Kent, UK School of Computing,

675 views • 44 slides
Lessons Learned from the War for the Ground in San Francisco " make honest mistakes ... talk

Lessons Learned from the War for the Ground in San Francisco " make honest mistakes ... talk

Lessons Learned from the War for the Ground in San Francisco " make honest mistakes ... talk about those mistakes openly and share what was done to correct those mistakes with other[s]" Froward, Handbook , "Establishing a Lesson

585 views • 30 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of

A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of

A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. 3. Each statement is derived via the derivation rules. Zero Knowledge Protocols 4. The proof is fixed, i.e, in any time,

642 views • 14 slides
Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving trigonometric functions. We learn to verify and spend time verifying trigonometric identities because the practice we get verifying trigonometric

661 views • 46 slides

More recommend