research-article

Hiding intermittent information leakage with architectural support for blinking

Authors:

Joseph McMahan,

Scott Davidson,

Timothy Sherwood,

Michael B. Taylor,

Ryan KastnerAuthors Info & Claims

ISCA '18: Proceedings of the 45th Annual International Symposium on Computer Architecture

Pages 638 - 649

https://doi.org/10.1109/ISCA.2018.00059

Published: 02 June 2018 Publication History

Abstract

As demonstrated by numerous practical attacks, the physical act of computation emits unintended and damaging information through infinitesimal variations in timing, power, and resource contention. While there are many techniques for preventing the leakage of information through power channels for specific cryptographic units, they are typically either built directly into the hardware logic or exploit intricate mathematical properties of the algorithm itself. However, such leaks are not uniform in time but, as we show, rather occur in specific bursts. Exploiting this observation we propose a set of software-controlled techniques allowing for the seamless disconnection and reconnection of general purpose programmable components in a system-on-chip. Such a system is capable of providing brief moments of electrical isolation during which the most critical computations can be performed free from both timing and power measurement. Of course, disconnection comes at a cost. To balance the resulting trade-off between overhead and security effectively, we describe a new analysis technique to uncover the "leakiest" intervals of time, we provide an algorithm to co-optimize the covering of these intervals and the performance/energy costs under a set of architecture imposed constraints, and explore the architectural and software ramifications of such intermittent disconnection. In the end we find that by hiding only between 15% and 30% of the trace, at a performance cost of between 15% and 50%, we are able to reduce the mutual information between the leakage model and key bits by 75% on average, and to nearly zero in specific cases.

References

[1]

Mehdi-Laurent Akkar, Régis Bevan, Paul Dischamp, and Didier Moyart. Power analysis, what is now possible... In International Conference on the Theory and Application of Cryptology and Information Security, pages 489--502. Springer, 2000.

Digital Library

[2]

Tiago Alves and Don Felton. TrustZone: Integrated Hardware and Software Security, July 2004.

[3]

Luca Benini, Alberto Macii, Enrico Macii, Elvira Omerbegovic, Fabrizio Pro, and Massimo Poncino. Energy-aware design techniques for differential power analysis protection. In Design Automation Conference, pages 36--41. IEEE, 2003. Design Automation Conference, 2003. Proceedings.

Digital Library

[4]

Shivam Bhasin, Jean-Luc Danger, Sylvain Guilley, and Zakaria Najm. Nicv: normalized inter-class variance for detection of side-channel leakage. In Electromagnetic Compatibility, Tokyo (EMC'14/Tokyo), 2014 International Symposium on, pages 310--313. IEEE, 2014.

[5]

Johannes Blömer, Jorge Guajardo, and Volker Krummel. Provably secure masking of aes. In Selected Areas in Cryptography, pages 69--83. Springer, 2005.

Digital Library

[6]

Eric Brier, Christophe Clavier, and Francis Olivier. Correlation power analysis with a leakage model. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 16--29. Springer, 2004.

[7]

Gavin Brown, Adam Pocock, Ming-Jie Zhao, and Mikel Luján. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. Journal of machine learning research, 13(Jan):27--66, 2012.

Digital Library

[8]

Robert Callan, Alenka Zajic, and Milos Prvulovic. A practical methodology for measuring the side-channel signal available to the attacker for instruction-level events. In Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium on, pages 242--254. IEEE, 2014.

Digital Library

[9]

Suresh Chari, Charanjit Jutla, Josyula Rao, and Pankaj Rohatgi. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology, pages 791--791. Springer, 1999.

Digital Library

[10]

Suresh Chari, Josyula R Rao, and Pankaj Rohatgi. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 13--28. Springer, 2002.

Digital Library

[11]

Jie Chen and Guru Venkataramani. CC-hunter: Uncovering covert timing channels on shared processor hardware. In Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium on, pages 216--228. IEEE, 2014.

Digital Library

[12]

Christophe Clavier, Jean-Sébastien Coron, and Nora Dabbous. Differential power analysis in the presence of hardware countermeasures. In Cryptographic Hardware and Embedded Systems, pages 13--48. Springer, 2000.

Digital Library

[13]

Christophe Clavier, Jean-Luc Danger, Guillaume Duc, M Abdelaziz Elaabid, Benoît Gérard, Sylvain Guilley, Annelie Heuser, Michael Kasper, Yang Li, Victor Lomné, et al. Practical improvements of side-channel attacks on aes: feedback from the 2nd dpa contest. Journal of Cryptographic Engineering, 4(4):259--274, 2014.

[14]

Jean-Sébasticn Coron, Paul Kocher, and David Naccache. Statistics and secret leakage. In Financial Cryptography, pages 157--173. Springer, 2001.

Digital Library

[15]

Stefania Perri Corsonello, Pasquale and Martin Margala. An integrated countermeasure against differential power analysis for secure smart-cards. In IEEE International Symposium on Circuits and Systems, page 4 pp. IEEE, 2006. IEEE International Symposium on Circuits and Systems.

[16]

Victor Costan, Ilia A Lebedev, and Srinivas Devadas. Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Security Symposium, pages 857--874, 2016.

Digital Library

[17]

John Demme, Robert Martin, Adam Waksman, and Simha Sethumadhavan. Side-channel vulnerability factor: A metric for measuring information leakage. ACM SIGARCH Computer Architecture News, 40(3):106--117, 2012.

Digital Library

[18]

Persi Diaconis and David Freedman. Finite exchangeable sequences. The Annals of Probability, pages 745--764, 1980.

[19]

Benedikt Gierlichs, Lejla Batina, Bart Preneel, and Ingrid Verbauwhede. Revisiting higher-order dpa attacks. In Cryptographers Track at the RSA Conference, pages 221--234. Springer, 2010.

Digital Library

[20]

Gilbert Goodwill, Benjamin Jun, Josh Jaffe, and Pankaj Rohatgi. A testing methodology for side channel resistance validation. In NIST noninvasive attack testing workshop, 2011.

[21]

Andreas Gornik, Amir Moradi, Jürgen Oehm, and Christof Paar. A hardware-based countermeasure to reduce side-channel leakage: Design, implementation, and evaluation. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 34(8):1308--1319, 2015.

Digital Library

[22]

Isabelle Guyon and André Elisseeff. An introduction to variable and feature selection. Journal of machine learning research, 3(Mar):1157--1182, 2003.

Digital Library

[23]

Arthur Hall. The origin and purposes of blinking. The British journal of ophthalmology, 29(9):445, 1945.

[24]

Michael Keating, David Flynn, Rob Aitken, Alan Gibbons, and Kaijian Shi. Low Power Methodology Manual: For System-on-Chip Design. Springer Publishing Company, Incorporated, 2007.

Digital Library

[25]

Jon Kleinberg and Eva Tardos. Algorithm Design. Addison-Wesley Longman Publishing Co., Inc., 2005.

Digital Library

[26]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Advances in Cryptology, pages 789--789. Springer, 1999.

Digital Library

[27]

Paul Kocher, Joshua Jaffe, Benjamin Jun, and Pankaj Rohatgi. Introduction to differential power analysis. Journal of Cryptographic Engineering, pages 1--23, 2011.

[28]

Stefan Mangard. Hardware countermeasures against dpa-a statistical analysis of their effectiveness. In ct-rsa, volume 2964, pages 222--235. Springer, 2004.

[29]

Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer-Verlag New York Inc, 2007.

[30]

Luke Mather, Elisabeth Oswald, and Carolyn Whitnall. Multi-target dpa attacks: Pushing dpa beyond the limits of a desktop computer. In International Conference on the Theory and Application of Cryptology and Information Security, pages 243--261. Springer, 2014.

[31]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. Innovative instructions and software model for isolated execution. HASP@ISCA, 10, 2013.

[32]

Thomas S Messerges, Ezzy A Dabbish, and Robert H Sloan. Investigations of power analysis attacks on smartcards. pages 151--161, 1999.

[33]

Patrick Emmanuel Meyer, Colas Schretter, and Gianluca Bontempi. Information-theoretic feature selection in microarray data using variable complementarity. IEEE Journal of Selected Topics in Signal Processing, 2(3):261--274, 2008.

[34]

Amir Moradi, Bastian Richter, Tobias Schneider, and François-Xavier Standaert. Leakage detection with the X<sup>2</sup>-test. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(1):209--237, 2018.

[35]

Amir Moradi and François-Xavier Standaert. Moments-correlating dpa. In Proceedings of the 2016 ACM Workshop on Theory of Implementation Security, pages 5--15. ACM, 2016.

Digital Library

[36]

Radu Muresan and Stefano Gregori. Protection circuit against differential power analysis attacks for smart cards. IEEE Transactions on Computers, 57(11):1540--1549, 2008.

Digital Library

[37]

Tamami Nakano, Makoto Kato, Yusuke Morito, Seishi Itoi, and Shigeru Kitazawa. Blink-related momentary activation of the default mode network while viewing videos. Proceedings of the National Academy of Sciences, 110(2):702--706, 2013.

[38]

Tamami Nakano, Yoshiharu Yamamoto, Keiichi Kitajo, Toshimitsu Takahashi, and Shigeru Kitazawa. Synchronization of spontaneous eyeblinks while viewing video stories. Proceedings of the Royal Society of London B: Biological Sciences, page rspb20090828, 2009.

[39]

Stefan Mangard Norbert Pramstaller Oswald, Elisabeth and Vincent Rijmen. A side-channel analysis resistant description of the aes s-box. In Fast Software Encryption, pages 199--228. Springer, 2005.

Digital Library

[40]

Michel Pollet. SimAVR. https://github.com/buserror/simavr, 2017.

[41]

Thomas Popp and Stefan Mangard. Masked dual-rail pre-charge logic: Dpa-resistance without routing constraints. Cryptographic Hardware and Embedded Systems, pages 172--186, 2005.

Digital Library

[42]

NIST FIPS Pub. 197: Advanced Encryption Standard (AES). Federal information processing standards publication, 197(441):0311, 2001.

[43]

Ronald D. Williams Ratanpal, Girish B. and Travis N. Blalock. An on-chip signal suppression countermeasure to power analysis attacks. IEEE Transactions on Dependable and Secure Computing, 1(3):179--189, 2004.

Digital Library

[44]

Harvey Richard Schiffman. Sensation and perception: An integrated approach. John Wiley & Sons, 1990.

[45]

Adi Shamir. Protecting smart cards from passive power analysis with detached power supplies. In Cryptographic Hardware and Embedded Systems, pages 121--132. Springer, 2000.

Digital Library

[46]

François-Xavier Standaert, Tal Malkin, and Moti Yung. A unified framework for the analysis of side-channel key recovery attacks. In Eurocrypt, volume 5479, pages 443--461. Springer, 2009.

[47]

Kris Tiri, Moonmoon Akmal, and Ingrid Verbauwhede. A dynamic and differential cmos logic with signal independent power consumption to withstand differential power analysis on smart cards. In Solid-State Circuits Conference, pages 403--406, 2002.

[48]

Kris Tiri and Ingrid Verbauwhede. A logic level design methodology for a secure dpa resistant asic or fpga implementation. In Design, Automation and Test in Europe, volume 1, pages 246--251 Vol.1, 2004.

Digital Library

[49]

Mohit Tiwari, Jason K. Oberg, Xun Li, Jonathan Valamehr, Tim Levin, Ben Hardekopf, Ryan Kastner, Fredric T. Chong, and Timothy Sherwood. Crafting a usable microkernel, processor, and i/o system with strict and provable information flow security. In International Symposium of Computer Architecture (ISCA), 2011.

Digital Library

[50]

Carlos Tokunaga and David Blaauw. Secure aes engine with a local switched-capacitor current equalizer. In IEEE International Solid-State Circuits Conference, pages 64--65,65a, 2009.

[51]

Radu Muresan Vahedi, Haleh and Stefano Gregori. On-chip current flattening circuit with dynamic voltage scaling. In IEEE International Symposium on Circuits and Systems. IEEE, 2006.

[52]

Howard Hua Yang and John Moody. Data visualization and feature selection: New algorithms for nongaussian data. In Advances in Neural Information Processing Systems, pages 687--693, 2000.

Digital Library

[53]

Wayne Wolf Narayanan Vijaykrishnan Dimitrios N. Serpanos Yang, Shengqi and Yuan Xie. Power attack resistant cryptosystem design: A dynamic voltage and frequency switching approach. In Design, Automation and Test in Europe, pages 64--69 Vol. 3. IEEE, 2005. Design, Automation and Test in Europe.

Digital Library

Cited By

Pothukuchi RPothukuchi SVoulgaris PSchwing ATorrellas JMartínez JDuato JJohn L(2021)MayaProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00074(888-901)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00074
Vicarte JShome PNayak NTrippel CMorrison AKohlbrenner DFletcher CMartínez JDuato JJohn L(2021)Opening pandora's boxProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00035(347-360)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00035

Index Terms

Hiding intermittent information leakage with architectural support for blinking

Index terms have been assigned to the content through auto-classification.

Recommendations

Side-channel analysis of MAC-Keccak hardware implementations
HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy

As Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel ...
Micro-architectural Cache Side-Channel Attacks and Countermeasures
ASPDAC '21: Proceedings of the 26th Asia and South Pacific Design Automation Conference

Central Processing Unit (CPU) is considered as the brain of a computer. If the CPU has vulnerabilities, the security of software running on it is difficult to be guaranteed. In recent years, various micro-architectural cache side-channel attacks on the ...
CacheFX: A Framework for Evaluating Cache Security
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Over the last two decades, the danger of sharing resources between programs has been repeatedly highlighted. Multiple side-channel attacks, which seek to exploit shared components for leaking information, have been devised, mostly targeting shared ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '18: Proceedings of the 45th Annual International Symposium on Computer Architecture

June 2018

884 pages

ISBN:9781538659847

Publisher

IEEE Press

Publication History

Published: 02 June 2018

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISCA '18

ISCA '18: The 45th Annual International Symposium on Computer Architecture

June 2 - 6, 2018

California, Los Angeles

Acceptance Rates

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
89
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pothukuchi RPothukuchi SVoulgaris PSchwing ATorrellas JMartínez JDuato JJohn L(2021)MayaProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00074(888-901)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00074
Vicarte JShome PNayak NTrippel CMorrison AKohlbrenner DFletcher CMartínez JDuato JJohn L(2021)Opening pandora's boxProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00035(347-360)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00035

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten