Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/133461
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Conference paper |
Title: | Rosita++: Automatic Higher-Order Leakage Elimination from Cryptographic Code |
Author: | Shelton, M.A. Chmielewski, Ł. Samwel, N. Wagner, M. Batina, L. Yarom, Y. |
Citation: | Proceedings of the ACM Conference on Computer and Communications Security, 2021, pp.685-699 |
Publisher: | Association for Computing Machinery |
Publisher Place: | New York, NY, United States |
Issue Date: | 2021 |
ISBN: | 9781450384544 |
ISSN: | 1543-7221 |
Conference Name: | CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security (15 Nov 2021 - 19 Nov 2021 : virtual online) |
Statement of Responsibility: | Madura A. Shelton, Łukasz Chmielewski, Niels Samwel, Markus Wagner, Lejla Batina, Yuval Yarom |
Abstract: | Side-channel attacks are a major threat to the security of cryptographic implementations, particularly for small devices that are under the physical control of the adversary. While several strategies for protecting against side-channel attacks exist, these often fail in practice due to unintended interactions between values deep within the CPU. To detect and protect from side-channel attacks, several automated tools have recently been proposed; one of their common limitations is that they only support first-order leakage. In this work, we present Rosita++, the first automated tool for detecting and eliminating higher-order leakage from cryptographic implementations. Rosita++ proposes statistical and software-based tools to allow high-performance higher-order leakage detection. It then uses the code rewrite engine of Rosita (Shelton et al. NDSS 2021) to eliminate detected leakage. For the sake of practicality we evaluate Rosita++ against second and third order leakage, but our framework is not restricted to only these orders. We evaluate Rosita++ against second-order leakage with threeshare implementations of two ciphers, present and Xoodoo, and with the second-order Boolean-to-arithmetic masking, a core building block of masked implementations of many cryptographic primitives, including SHA-2, ChaCha and Blake. We show effective second-order leakage elimination at a performance cost of 36% for Xoodoo, 189% for present, and 29% for the Boolean-to-arithmetic masking. For third-order analysis, we evaluate Rosita++ against the third-order leakage using a four-share synthetic example that corresponds to typical four-share processing. Rosita++ correctly identified this leakage and applied code fixes. |
Keywords: | Power analysis leakage; multivariate leakage; automatic countermeasures |
Description: | Session 3A: Side Channel |
Rights: | © 2021 Association for Computing Machinery. |
DOI: | 10.1145/3460120.3485380 |
Grant ID: | http://purl.org/au-research/grants/arc/DE200101577 http://purl.org/au-research/grants/arc/DP200102364 http://purl.org/au-research/grants/arc/DP210102670 |
Published version: | https://www.acm.org/ |
Appears in Collections: | Computer Science publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.