Constructive Side-Channel Analysis and Secure Design: 12th International Workshop, COSADE 2021, Lugano, Switzerland, October 25–27, 2021, Proceedings (Security and Cryptology)
معرفی کتاب «Constructive Side-Channel Analysis and Secure Design: 12th International Workshop, COSADE 2021, Lugano, Switzerland, October 25–27, 2021, Proceedings (Security and Cryptology)» نوشتهٔ Shivam Bhasin (editor), Fabrizio De Santis (editor)، منتشرشده توسط نشر Springer International Publishing AG در سال 1291. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
This book constitutes revised selected papers from the 11th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2021, held in Lugano, Switzerland, in October 2021. The 14 full papers carefully reviewed and selected from 31 submissions are presented in this volume together with the 4 extended keynote abstracts. The workshop covers the following subjects: cryptography, side-channel analysis, cryptographic implementations, fault attacks, implementation attacks, post-quantum cryptography, hardware accelerators, etc. Preface Organization Presentation Abstracts Introduction to OpenTitan – An Open-Source Silicon Root of Trust Project Is Revolutionary Hardware for Fully Homomorphic Encryption Important? What Else is Needed? Post-quantum Cryptography with Contemporary Co-processors Analyzing the Harmfulness of Glitches in the Context of Side-Channel Analysis Keynotes Securing the Next Trillion of Chips via In-Memory and Immersed-in-Logic Design – Beyond Traditional Design Boundaries Defending CyberPhysical Systems and Infrastructures from Cyber Attacks Contents Side-Channel Analysis SideLine: How Delay-Lines (May) Leak Secrets from Your SoC 1 Introduction 2 Background 2.1 Power Side-Channel Attacks 2.2 On-Chip Voltage Sensing 2.3 Related Works 3 Delay-Lines in High-End SoC Devices 3.1 Memory Controller Basics 3.2 Delay-Blocks in Low-Bandwidth Memory Controllers 3.3 DLLs in High-Bandwidth Memory Controllers 4 Experimental Setup 4.1 Tested Devices 4.2 OpenSSL AES Architecture 4.3 Threat Model 5 DLL-Based Power Side-Channel Attack 5.1 Validating DLL Effectiveness: Monitoring Temperature 5.2 Improving Sampling Rate and Synchronisation Using DMA 5.3 Bare Metal OpenSSL AES Attack Setup 5.4 DLL-Based SCA Attack on Zynq SoC 5.5 Conclusion on DLL-Based SCA 6 Delay-Block-Based Power Side-Channel Attack 6.1 From Delay-Block to TDC Sensor 6.2 Linux-Based OpenSSL AES Attack Setup 6.3 Delay-Block-Based SCA Attacks on STM32MP1 SoC 7 Discussion 7.1 Performance and Limitations of SideLine 7.2 Hardware and Software Mitigations 8 Conclusion References First Full-Fledged Side Channel Attack on HMAC-SHA-2 1 Introduction 2 Preliminaries 2.1 SHA-2 2.2 HMAC 2.3 Additional Notation 3 Description of the Attack 3.1 The Aim and the Strategy 3.2 Profiling Stage—Building the Template Tables 3.3 Attack Stage 3.4 Extension of the Attack to the Multiple Rounds per Clock Implementation 4 Experimental Results 4.1 Setup 4.2 Choosing the Points of Interest 4.3 Working with Multiple Hypotheses 4.4 Trace Acquisition and Analysis 5 Suggested Mitigation 6 Conclusions References Learning When to Stop: A Mutual Information Approach to Prevent Overfitting in Profiled Side-Channel Analysis 1 Introduction 1.1 Related Works 1.2 Contributions 2 Background 2.1 Deep Learning in the Context of Side-Channel Analysis 2.2 Datasets 2.3 Information Theory 3 Information Theory of Deep Neural Networks 3.1 Information Bottleneck Principle 3.2 Information Path for Side-Channel Analysis Data 3.3 Improving the Generalization in Deep Learning-Based SCA 4 Experimental Validation 4.1 Estimating Mutual Information 4.2 Results for the Publicly Available Datasets 4.3 Discussion 5 Conclusions and Future Work A Bin Size Estimators B From Information Path to the Best Epoch to Stop the Training C On the Length of the Generalization Interval D DPAv4 Results References Fault Attacks Transform Without Encode is not Sufficient for SIFA and FTA Security: A Case Study 1 Introduction 2 Recapitulating SIFA and FTA 2.1 SIFA Attacks 2.2 FTA Attacks 3 The DATE 2021 Countermeasure 4 Attacks on DATE 2021 Countermeasure 4.1 The Target Implementation 4.2 The Fault Locations 4.3 The SIFA Attack 4.4 The FTA Attack 4.5 Fault Injection on Redundant Branches 5 The Impact on Different Implementations 5.1 Software Implementations 5.2 Hardware Implementations 6 Conclusion References Generalizing Statistical Ineffective Fault Attacks in the Spirit of Side-Channel Attacks 1 Introduction 2 Related Works 2.1 Statistical Ineffective Fault Attacks 2.2 Other Works Linking Faults and Side-Channel Analysis 3 Improving SIFA Against AES 3.1 Enabling 8-Bit SIFA 3.2 Results on an Unprotected Implementation 3.3 Results on a Protected Implementation 4 SIFA as Another Side-Channel Attack 4.1 A Side-Channel Attack 4.2 Application to RSA-STD's Modular Exponentiation 4.3 Application to CRT-RSA's Garner Recombination 5 Discussion References Countermeasures Protecting Secure ICs Against Side-Channel Attacks by Identifying and Quantifying Potential EM and Leakage Hotspots at Simulation Stage 1 Introduction 2 Magnetic Field Simulation of an IC 2.1 IC Structure and Lessons From Practice 2.2 Magnetic Field, Magnetic Flux and Electromotive Force 2.3 Current Extraction with RedHawk 3 Finding EM Leakages 3.1 Problem Statement and Noise-to-Add Concept 3.2 Combining Key Guess Ranking and Noise-to-Add Concepts 3.3 EM Leakages and Their Origin 4 Testcase and Validation of the EM Simulation Flow 4.1 Testcase 4.2 Collecting Current Traces with RedHawk 4.3 Impact of the Probe Height on EM Analysis 4.4 Impact of the Probe Diameter on EM Analysis 4.5 Comparison Between Front-Side and Back-Side EM Analysis 5 Evaluating the Potential Risks of a Leakage 5.1 Disclosing Root Causes of EM Leakages 6 Conclusion A Appendix References Low-Latency Hardware Masking of PRINCE 1 Introduction 2 Preliminaries 2.1 PRINCE 2.2 Probing Security 2.3 Threshold Implementation 2.4 d+1-Masking 3 Low-Latency TI Architecture 3.1 TI Sharing of the Sbox 4 Low-Latency GLM Architecture 4.1 GLM Sharing of the Sbox 5 Synthesis Results 6 Security Analysis 7 Conclusion References Security Analysis of Deterministic Re-keying with Masking and Shuffling: Application to ISAP 1 Introduction 2 Background 2.1 Notations 2.2 Profiled Template Attacks 2.3 Masking Countermeasure 2.4 Shuffling Countermeasure 3 Re-keying + Masking 3.1 Simulation Settings 3.2 Security Analysis 4 Re-keying + Shuffling 4.1 Implementation and Measurement Setup 4.2 Leakage Modeling 4.3 Permutation Index Recovery 4.4 Full Permutation Recovery 5 Conclusions References White-Box ECDSA: Challenges and Existing Solutions 1 Introduction 2 Grey-Box Inherited Attacks 2.1 Passive Analysis 2.2 Active Analysis 3 White-Box Main Challenges 3.1 Passive Analysis 3.2 Active Analysis 4 Existing Solutions 4.1 Countermeasures Against Passive Attacks 4.2 Countermeasures Against Active Attacks 5 Conclusion References Post-quantum Cryptography On Using RSA/ECC Coprocessor for Ideal Lattice-Based Key Exchange 1 Introduction 2 Algorithms 2.1 Notation and Preliminaries 2.2 Polynomial Multiplication Using the Structure 3 Considerations on Side-Channel Attacks 4 Complexity 4.1 Choice of 4.2 Complexity Estimates 4.3 Time-Memory Trade-Offs 4.4 Polynomial Subdivisions 5 Assessment 5.1 Context 5.2 From Theory to Practice: A Methodology 5.3 Experiments 6 Conclusion References Full Key Recovery Side-Channel Attack Against Ephemeral SIKE on the Cortex-M4 1 Introduction 1.1 Contributions 1.2 Related Work 2 Background 2.1 SIDH – Supersingular Isogeny Diffie-Hellman 2.2 SIKE – Supersingular Isogeny Key Encapsulation 2.3 Point of Attack 2.4 Correlation Power Analysis 3 Side-Channel Analysis 3.1 The Three Point Ladder 3.2 Vertical Attack 3.3 Horizontal Attack 4 Experimental Results 4.1 Hardware Setup 4.2 Target Implementation 4.3 Collection of Traces 4.4 Traces Polishing 4.5 Horizontal CPA Procedure 4.6 Results 5 Countermeasures 5.1 Recommended Countermeasure 5.2 Other Countermeasures 6 Conclusion A Appendix References Resistance of Isogeny-Based Cryptographic Implementations to a Fault Attack 1 Introduction 2 Preliminaries 2.1 Isogenies Between Elliptic Curves 2.2 The SIDH Key Exchange 2.3 SIKE 3 Ti's Theoretical Fault Attack 4 Experimental Setups 4.1 Fault Injection Simulation with C 4.2 Carrying Out the Fault Injection in a Laboratory 4.3 Analysis 4.4 Experimental Results 5 Countermeasures 6 Conclusion References Physical Unclonable Functions Analysis and Protection of the Two-Metric Helper Data Scheme 1 Introduction 2 Two-Metric Helper Data Method 3 Attacker Model 4 Analysis of the Two-Metric Helper Data Method 4.1 SCA Attack Vector of the Two-Metric Helper Data Method 4.2 Formalization of the Attack Success 4.3 Exploiting the Two-Metric Helper Data Method 4.4 SCA-Hardening for the Two-Metric Helper Data Method 4.5 Experimental Setup 4.6 Practical Attack Results 5 Protection of the Two-Metric Helper Data Scheme 5.1 Attack Vector on the Protection Mechanism 5.2 True Random Number Generator Based Protection 5.3 Towards a Lightweight Protection of the TMH Method 6 Security Analysis 6.1 Security Analysis of the TRNG-Based Protection 6.2 Security Analysis of the Lightweight LFSR 7 Conclusion A Attacker with Helper Data Access and No Temporal Masking References Enhancing the Resiliency of Multi-bit Parallel Arbiter-PUF and Its Derivatives Against Power Attacks 1 Introduction 2 Background on Arbiter-PUFs 3 Related Works 4 Motivation 5 Threat Model and Attack Methodology 6 Proposed Countermeasures 7 Experimental Setup 8 Experimental Results 9 Discussions 10 Conclusion and Future Directions References Author Index
دانلود کتاب Constructive Side-Channel Analysis and Secure Design: 12th International Workshop, COSADE 2021, Lugano, Switzerland, October 25–27, 2021, Proceedings (Security and Cryptology)