Towards Automatic Power Analysis Leakage Elimination

Abstract

Side channel attacks were first described on timing based information leakage in 1996 by Paul Kocher. Similar leakage can also be observed through physical properties such as electro-magnetic emanations, acoustics and power consumption. Masking is a countermeasure that splits sensitive values into separate values called shares. However, due to the existence of unintended interactions in hardware, masked implementations may fail to reach their advertised security level. We propose an emulation based approach to find and eliminate leakage caused by unintended interactions. This thesis presents three main contributions, ELMO*, Rosita and Rosita++. ELMO* is a modified version of ELMO (McCann et al. USENIX Security 2017) which can emulate leakage from unintended interactions realistically. Rosita and Rosita++ are two code rewriting tools that can fix univariate and multivariate leakage by using emulated leakage from ELMO*. We tested Rosita on first-order masked implementations of AES, ChaCha and Xoodoo and the slowdown incurred by the fixes were 21.3%, 75% and 32.3%. Rosita eliminated more than 90% of all observed leakage on a STM32F030 Discovery Evaluation board. We evaluated Rosita++ on second-order masked implementations of Boolean-to-arithmetic masking, PRESENT and Xoodoo where it eliminated all leakage in Boolean-to-arithmetic and Xoodoo implementations. The slowdown incurred by fixes applied were 36%, 29% and 189%. It was also evaluated on a third-order masked synthetic example using 30 million power traces recorded from the target device, where Rosita++ fixed all detected leakage. Our contributions have been presented at NDSS 2021 and CCS 2021 conferences.