VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas COSIC, KULeuven Joint work with Vincent Rijmen (KU Leuven), Felix Wegener, Amir Moradi (RU Bochum) 1
Verification Tools • Why do we need verification tools? • When should we test implementations? • What kind of tools we need? 2
Side-channel attacks: what to verify? (Source: [DBR19]) Necessary conditions [ANR18] vs. Sufficient conditions [DBR19] e.g.: Non-completeness e.g.: !" (glitch-extended probes, secret) = 0 #/'+-& #$%&'('%) %* $+%,-& ≈ &-01+'(2 %+3-+ 3 3
SCA verification tools Noise free Noisy Technology independent Technology specific As accurate as the model Closer to reality Complete [BCD+13, MRS+18] ciphers Efficient [SBY+18] [ANR18] [DBR19] Exhaustive Small [BGI+18, BBF+18, C18] gadgets Reality Theory
SCA verification: how-to Verification mechanisms – the more the better! One does NOT suffice Complete [BCD+13, MRS+18] ciphers [SBY+18] Design & Implementation [ANR18] [DBR19] Small [BGI+18, BBF+18, C18] gadgets Reality Theory
References [ANR18] V. Arribas, S. Nikova, V. Rijmen: VerMI: Verification Tool for Masked Implementations. ICECS 2018 [BCD+13] G. Becker, J. Cooper, E. De Mulder, et al: Test vector leakage assessment (TVLA) methodology in practice. ICMC 2013 [BBF+18] G. Barthe, S. Belaid, P.-A. Fouque, B. Gregoire: maskVerif: a formal tool for analyzing software and hardware masked implementations. ESORICS 2019 [BGI+18] R. Bloem, H. Gros, R. Iusupov, B. Konighofer, S. Mangard, J. Winter: Formal Verification of Masked Hardware Implementations in the Presence of Glitches. EUROCRYPT 2018 [C18] J.-S. Coron: Formal Verication of Side-channel Countermeasures via Elementary Circuit Transformations. ACNS 2018 [DBR19] L. De Meyer, B. Bilgin, O. Reparaz: Consolidating Security Notions in Hardware Masking. CHES 2019 [MRS+18] A. Moradi, B. Richter, T. Schneider, F.-X. Standaert: Leakage Detection with the chi-squared-Test. CHES 2018 [SBY+18] D. Sijacic, J. Balasch, B. Yang, S. Ghosh, I. Verbauwhede: Towards Efficient and Automated Side Channel Evaluations at Design Time. PROOFS@CHES 2018
VerMI Verification Tool for Masked Implementations
VerMI - outline • VerMI • Threshold Implementations • Non-Completeness • Sequential Logic • Uniformity 8
VerMI 9
Verification Tool - C++ - Synopsys DC Compiler FPGA ASIC 10
Structural Model 11
Threshold Implementations Side-Channel Analysis (SCA) countermeasure Provable security with minimal assumptions on the HW Security in the presence of glitches 12
Threshold Implementations (1 st order) Boolean masking scheme Secret sharing and multi-party computation techniques S 1 (x 1 ,y 1 ,z 1 , ... ) (a 1 ,b 1 ,c 1 , ... ) • Correctness ⊕ ⊕ S 2 (x 2 ,y 2 ,z 2 , ... ) (a 2 ,b 2 ,c 2 , ... ) ⊕ ⊕ • Non-completeness … … … ⊕ ⊕ • S s Uniformity (x s ,y s ,z s , ... ) (a s ,b s ,c s , ... ) = = (x, y, z , ... ) (a, b, c , ... ) S (x, y, z , ... ) (a, b, c , ... ) 13
Tree Search 1 14
Non-completeness 1 15
Non-completeness E.g.: Multiplier ! " = $ " % " , % ' , ( " , ( ' = % " ( " ⊕ % " ( ' ⊕ % ' ( " ! ' = $ ' % ' , % * , ( ' , ( * = % ' ( ' ⊕ % ' ( * ⊕ % * ( ' ! * = $ * % " , % * , ( " , ( * = % * ( * ⊕ % " ( * ⊕ % * ( " Sensitive data Dependencies ! " ! ' ! * Shares % * % * % " % ' % * % " % ' % ' % " Vars. ( " ( ' ( * ( " ( ' ( ' ( * ( " ( * 16
Non-completeness E.g.: Multiplier ! " = $ " % " , % ' , ( " , ( ' = % " ( " ⊕ % " ( ' ⊕ % * ( " ! ' = $ ' % ' , % * , ( ' , ( * = % ' ( ' ⊕ % ' ( * ⊕ % * ( ' ! * = $ * % " , % * , ( " , ( * = % * ( * ⊕ % " ( * ⊕ % ' ( " Sensitive data Dependencies ! " ! ' ! * Shares % * % * % " % ' % * % " % * % ' % " % ' Vars. ( " ( ' ( * ( " ( ' ( ' ( * ( " ( * 17
HO Non-completeness E.g.: Multiplier (1st order) ! " = $ " % " , % ' , ( " , ( ' = % " ( " ⊕ % " ( ' ⊕ % ' ( " ! ' = $ ' % ' , % * , ( ' , ( * = % ' ( ' ⊕ % ' ( * ⊕ % * ( ' ! * = $ * % " , % * , ( " , ( * = % * ( * ⊕ % " ( * ⊕ % * ( " Sensitive data Dependencies ( ! ", , ! ' ) (! " , ! * ) (! ' , ! * ) Shares % * % * % * % " % ' % * % " % ' % " % ' % " % ' Vars. ( " ( ' ( * ( " ( ' ( * ( " ( ' ( * ( " ( ' ( * 18
HO Non-completeness E.g.: Multiplier (2nd order) ) " = ! # ( # ⊕ ! " ( # ⊕ ! # ( " ⊕ ! " ( $ ⊕ ! $ ( " ⊕ ! # ( $ ⊕ ! $ ( # ) # = ! $ ( $ ⊕ ! $ ( % ⊕ ! % ( $ ⊕ ! $ ( & ⊕ ! & ( $ ) $ = ! % ( % ⊕ ! # ( % ⊕ ! % ( # ⊕ ! # ( ' ⊕ ! ' ( # ) % = ! & ( & ⊕ ! " ( % ⊕ ! % ( " ⊕ ! " ( & ⊕ ! & ( " ) & = ! # ( & ⊕ ! & ( # ⊕ ! % ( & ⊕ ! & ( % ) ' = ! ' ( ' ⊕ ! $ ( ' ⊕ ! ' ( $ ⊕ ! % ( ' ⊕ ! ' ( % Sensitive data ) , = ! " ( " ⊕ ! " ( ' ⊕ ! ' ( " ⊕ ! & ( ' ⊕ ! ' ( & Shares ! " ! # ! $ ! % ! & ! ' Vars. ( " ( # ( $ ( % ( & ( ' 19 [BGN+] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, V. Rijmen, Higher-Order Threshold Implementations. In Asiacryopt 2014
HO Non-completeness E.g.: Multiplier (2nd order) [BGN+] ! " = $ % & % ⊕ $ " & % ⊕ $ % & " ⊕ $ " & ( ⊕ $ ( & " ⊕ $ % & ( ⊕ $ ( & % ! % = $ ( & ( ⊕ $ ( & ) ⊕ $ ) & ( ⊕ $ ( & * ⊕ $ * & ( Dependencies ! ( = $ ) & ) ⊕ $ % & ) ⊕ $ ) & % ⊕ $ % & + ⊕ $ + & % (! " , ! % ) ! ) = $ * & * ⊕ $ " & ) ⊕ $ ) & " ⊕ $ " & * ⊕ $ * & " ! * = $ % & * ⊕ $ * & % ⊕ $ ) & * ⊕ $ * & ) $ " $ % $ ( $ ) $ * ! + = $ + & + ⊕ $ ( & + ⊕ $ + & ( ⊕ $ ) & + ⊕ $ + & ) & " & % & ( & ) & * ! , = $ " & " ⊕ $ " & + ⊕ $ + & " ⊕ $ * & + ⊕ $ + & * ALL possible combinations must be checked (! % , ! * ) (! ) , ! , ) $ % $ ( $ ) $ * $ " $ ) $ * $ + & % & ( & ) & * & " & ) & * & + 20 [BGN+] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, V. Rijmen, Higher-Order Threshold Implementations. In Asiacryopt 2014
Subcircuit 21
AES Sbox [CRB+] [CRB+] T. D. Cnudde, O. Reparaz, B. Bilgin, S. Nikova, V. Nikov, and V. Rijmen. 22 Masking aes with d+1 shares in hardware. In CHES 2016.
AES Sbox Shares !"3_1 0 !"3_2 0 !"3_3 0 !"3_4 0 !"3_1 1 !"3_2 1 !"3_3 1 !"3_4 1 !"3_1 2 !"3_2 2 !"3_3 2 !"3_4 2 !"3_1 3 !"3_2 3 !"3_3 3 !"3_4 3 !"3_)*+_1 0 !"3_)*+_2 0 Variables !"3_)*+_1 1 !"3_)*+_2 1 !"3_)*+_1 2 !"3_)*+_2 2 !"3_)*+_1 3 !"3_)*+_2 3 !"3_,*"_1 0 !"3_,*"_2 0 !"3_,*"_1 1 !"3_,*"_2 1 !"3_,*"_1 2 !"3_,*"_2 2 !"3_)*+_1 3 !"3_)*+_2 3 23
Uniformity (1 st order) E.g.: Multiplier ! " = $ " % " , % ' , ( " , ( ' = % " ( " ⊕ % " ( ' ⊕ % ' ( " ! ' = $ ' % ' , % * , ( ' , ( * = % ' ( ' ⊕ % ' ( * ⊕ % * ( ' ! * = $ * % " , % * , ( " , ( * = % * ( * ⊕ % " ( * ⊕ % * ( " 24
Simulation Event-Driven simulation Flip-Flops treated as buffers 25
Uniformity Three shares implementation by G. Bertoni et. al. [BDP+] Changing of the Guards by J. Daemen [Daemen] Four shares implementation by B. Bilgin et. al. [BDN+] [BDP+] G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. Building power analysis resistant implementations of Keccak. Second SHA-3 candidate conference, August 2010. [BDN+] B. Bilgin, J. Daemen, V. Nikov, S. Nikova, V. Rijmen, and G. V. Assche. Efficient and First-order DPA resistant implementations of Keccak. In CARDIS, volume 8419 of LNCS. June 2014. [Daemen] J. Daemen. Changing of the guards: A simple and efficient method for achieving uniformity in threshold sharing. In CHES, volume 10529 of LNCS. September 2017. 26
Uniformity 27
VerFI Verification Tool for Fault Injection
Evaluation FAULT EVALUATION SIDE-CHANNEL EVALUATION maskVerif: automated analysis of Framework for the analysis and software and hardware higher-order evaluation of algebraic fault attacks masked implementations [Zhang et al. IEEE Trans. on Information [Barthe et al. ePrint 2018/562] Forensics And Security 2016] Formal Verification of Masked Hardware XFC: A Framework for eXploitable Implementations in the Presence of Fault Characterization in Block Ciphers. Glitches [Khanna et al. DAC 2017] [Bloem et al. EUROCRYPT2018] VerMI: Verification Tool for Masked ExpFault: An Automated Framework for Implementations Exploitable Fault Characterization in [Arribas et al. ICECS 2018] Block Ciphers [Saha et al. CHES 2018] Towards Efficient and Automated Side Channel Evaluations at Design Time CASCADE [Šija č i ć et al. PROOFS 2018] TVLA [Cooper et al. International Cryptographic Module Conference 2013] 29
Framework VerFI 30
Faults Machine Ø Create faults Ø Fault free simulation Ø Fault injection Ø Fault simulation Ø Fault classification 31
Recommend
More recommend