Architectural and Micro-architectural Countermeasures against Physical Attack

Lead Research Organisation: University of Bristol
Department Name: Computer Science


Advances in cryptanalysis are often produced by mathematicians who seek techniques to unravel the hard problems on which modern cryptosystems are based. Attacks based on the concept of physical security move the art of cryptanalysis from the mathematical domain into the practical domain of implementation. By considering the implementation of cryptosystems rather than purely their specification, researchers have found they can mount physical attacks which are of low cost, in terms of time and equipment, and are highly successful in extracting useful results. Recent examples that demonstrate the real-world impact of such attacks are those against the KeeLoq range of RFID devices used for car and building access control, and MIFARE contactless smart-cards (e.g. the ``Oyster'' cards used by the London Underground).Side-channel attacks are a genre of physical attack based on the assumption that one can passively observe an algorithm being executed by some hardware device, and infer details about the internal state of computation from the features that occur. A typical side-channel attack consists of a collection phase that provides the attacker with profiles of execution, and an analysis phase which recovers otherwise secret information from the profiles. Focusing on power and EM based attacks in particular, countermeasures against side-channel attack are increasingly well understood on a case by case basis; at a high-level they can be classified as either hiding (breaking the link between execution and profiles) or masking (breaking the link between execution and algorithm). Approaches to hiding style countermeasures typically attempt to make each profile constant for all secrets, or entirely random; in both cases the premise is that a profile can no longer be correlated to the secret information.There are a number of approaches to implementing these sorts of countermeasure. At the highest-level, one can consider alternate algorithms (or implementation approaches) that realise hiding or masking in software. On one hand this approach is very algorithm-specific and can imply a significant performance penalty; on the other hand, no alterations are required to the hardware on which the software executes. At the lowest-level, one can consider using so-called secure logic styles; the basic idea is to replace CMOS cell libraries with alternatives which, for example, consume a constant amount of power regardless of the result they compute. The major disadvantage of this approach is the resulting overhead in terms of area; the major advantage is that the approach is largely algorithm-agnostic, i.e. is a general solution which can be automatically applied.The research programme within this proposal aims, in a sense, to adopt an approach between these two extremes. The crux of the research is the alteration of a general purpose processor so that countermeasures against side-channel attack are implemented at the micro-architectural level. The processor will retain the same Instruction Set Architecture (ISA) and hence the same functional characteristics, but the behavioural characteristics will prevent leakage of information via, for example, power analysis. Our focus is on aspects of the micro-architecture which can be randomised in some way. We suggest that this approach will afford a level of flexibility and algorithm agility representing an attractive trade-off between security and other metrics. Specifically, it permits high-level algorithmic countermeasures to be automatically supported by the hardened processor platform (meshing with the ideal of tiered countermeasures rather than a single panacea), while largely avoiding the overhead and sensitivity to underlying process technology traditionally associated with secure logic styles.
Description The original aims of this grant related broadly to countermeasures against side-channel attacks based on power-analysis (e.g., SPA and DPA); the workplan spanned software and hardware techniques, with an emphasis on the latter (and micro-processor design specifically). The outputs could be characterised as focused on three more specific themes, namely 1) side-channel attacks (e.g., on OpenSSL), 2) side-channel countermeasures (e.g., via embedded tokens using Yao circuits), and 3) more general design and implementation using novel platforms (e.g., TMFPGA) primitives (e.g., PUFs) and arithmetic (e.g., bit-slicing). Highlights include an attack on (still) deployed versions of OpenSSL within 2), and a now standardised protocol for DAA within 3).
Exploitation Route The first highlight above presented a cryptographic attack on a particular version of OpenSSL due to an implementation bug. This attack led to several notable security advisories; an example is for the widely used Debian distribution of Linux, for which a patch was already released. Interestingly the same underlying issue was recently identified in the Go implementation of ECC by researchers at Google (see, e.g., [1] @ ~23:00), highlighting how the associated concepts have been taken forward and remain relevant.

Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy