Your search keyword '"Olivier Bronchain"' showing total 9 results

1. A stealthy Hardware Trojan based on a Statistical Fault Attack

Author

Charles Momin, François-Xavier Standaert, Olivier Bronchain, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Computer Networks and Communications, business.industry, Computer science, Applied Mathematics, Clock rate, 020206 networking & telecommunications, Context (language use), 0102 computer and information sciences, 02 engineering and technology, Adversary, Fault (power engineering), Chip, 01 natural sciences, Computational Theory and Mathematics, Cipher, 010201 computation theory & mathematics, Hardware Trojan, Embedded system, Stealthy Hardware Trojans, Statistical Fault Attacks, 0202 electrical engineering, electronic engineering, information engineering, business, Block cipher

Abstract

Integrated Circuits (ICs) are sensible to a wide range of (passive, active, invasive, non-invasive) physical attacks. In this context, Hardware Trojans (HTs), that are malicious modifications of a circuit by an untrusted manufacturer, are one of the most challenging threats to mitigate. HTs aim to alter the functionality of the infected chip in a malicious way, e.g. under specific conditions known by the adversary. Fault attacks are a typical attack vector. However, for a HT to be exploitable by an adversary, it also has to be stealthy. For example, a HT that would directly inject exploitable faults in a block cipher may be spotted by analyzing its functional behavior (i.e. the positions and the distribution of the faulty values appearing). In this paper, we propose a stealthy HT instance leading to successful and hidden Statistical Fault Attacks (SFA). More precisely, the faults are injected when the chip is running under condition for which metastabilty occurs (i.e. with a increased clock frequency), leading to the apparition of faults at random positions within the target implementation. In addition, an internal bit is set to a value known only by the adversary, allowing him to perform efficient SFA. Compared to classical SFA, the HT uses its control on the target to circumvent behavioral detection tests. Indeed, it also adds computation errors in the early rounds of the target cipher which are not exploitable via SFA.

Published

2021

2. Reducing risks through simplicity: high side-channel security for lazy engineers

Author

Olivier Bronchain, François-Xavier Standaert, and Tobias Schneider

Subjects

Security analysis, Computer Networks and Communications, business.industry, Computer science, Rounding, AES implementations, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Masking (Electronic Health Record), 020202 computer hardware & architecture, Reliability engineering, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, business, Field-programmable gate array, Computer communication networks, Software

Abstract

Countermeasures against side-channel attacks are in general expensive, and a lot of research has been devoted to the optimization of their security versus performance trade-off. Besides, a wide literature has also shown that implementing such countermeasures is an error-prone task and requires to deal with various engineering challenges (e.g., physical defaults, compositional errors, ...). This work aims to contribute to this second item, by evaluating the extent to which (almost) key-homomorphic primitives, and in particular a recent PRF instance based on the learning with rounding problem, can lead to easy-to-implement and easier-to-evaluate side-channel-secure designs. We confirm these properties by describing an FPGA implementation that does not require complex (compositional) reasoning in its analysis and can be masked securely under simple design conditions, and for which the evaluation directly scales to arbitrary number of shares. We provide a comprehensive performance and (worst-case) security analysis of our design and compare the obtained results with those of an AES implementation protected with the domain-oriented masking scheme. Results show that simplicity has a cost, which becomes less prohibitive as security requirements increase.

Published

2020

3. How to Fool a Black Box Machine Learning Based Side-Channel Security Evaluation

Author

François-Xavier Standaert, Gaëtan Cassiers, Charles-Henry Bertrand Van Ouytsel, Olivier Bronchain, UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique, and UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics

Subjects

Computer Networks and Communications, Computer science, 0102 computer and information sciences, 02 engineering and technology, Machine learning security, Black box side channel security evaluation, Machine learning, computer.software_genre, 01 natural sciences, Machine Learning, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Implementation, Security evaluation, Black box (phreaking), business.industry, Applied Mathematics, Deep learning, 020206 networking & telecommunications, Adversary, Computational Theory and Mathematics, 010201 computation theory & mathematics, Key (cryptography), Artificial intelligence, business, computer

Abstract

Machine learning and deep learning algorithms are increasingly considered as potential candidates to perform black box side-channel security evaluations. Inspired by the literature on machine learning security, we put forward that it is easy to conceive implementations for which such black box security evaluations will incorrectly conclude that recovering the key is difficult, while an informed evaluator / adversary will reach the opposite conclusion (i.e., that the device is insecure given the amount of measurements available).

Published

2021

4. On the Security of Off-the-Shelf Microcontrollers: Hardware Is Not Enough

Author

Antoine van Wassenhove, Balazs Udvarhelyi, François-Xavier Standaert, and Olivier Bronchain

Subjects

Black box (phreaking), Hardware architecture, Computer science, business.industry, Context (language use), 02 engineering and technology, 020202 computer hardware & architecture, Microcontroller, Identification (information), Test vector, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, business, Continuous wavelet transform, Computer hardware

Abstract

We complete the state-of-the-art on the side-channel security of real-world devices by analysing two 32-bit microcontrollers equipped with an unprotected co-processor. Our results show that (i) the lack of understanding of their hardware architecture can be circumvented with standard detection tools – for this purpose, we combine a simple variation of the Test Vector Leakage Assessment methodology with Signal-to-Noise Ratio estimations, which enables the efficient identification of attack vectors; (ii) standard distinguishers then lead to powerful key recoveries with less than 5,000 traces; and (iii) preprocessing like the continuous wavelet transform can be useful in such a black box evaluation context.

Published

2021

5. Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography A Practical Guide Through the Leakage-Resistance Jungle

Author

Chun Guo, Olivier Pereira, Olivier Bronchain, Gaëtan Cassiers, Vincent Grosso, Davide Bellizia, Thomas Peters, Charles Momin, François-Xavier Standaert, Université Catholique de Louvain = Catholic University of Louvain (UCL), Centre National de la Recherche Scientifique (CNRS), Laboratoire Hubert Curien [Saint Etienne] (LHC), Institut d'Optique Graduate School (IOGS)-Université Jean Monnet [Saint-Étienne] (UJM)-Centre National de la Recherche Scientifique (CNRS), Shandong University, Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM), Fonds National de la Recherche Scientifique [Bruxelles] (FNRS), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Authenticated encryption, business.industry, Computer science, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Encryption, Mathematical proof, Computer security, computer.software_genre, 01 natural sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Symmetric-key algorithm, 010201 computation theory & mathematics, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Implementation, computer, Physical security

Abstract

International audience; Triggered by the increasing deployment of embedded cryptographic devices (e.g., for the IoT), the design of authentication, encryp-tion and authenticated encryption schemes enabling improved security against side-channel attacks has become an important research direction. Over the last decade, a number of modes of operation have been proposed and analyzed under different abstractions. In this paper, we investigate the practical consequences of these findings. For this purpose, we first translate the physical assumptions of leakage-resistance proofs into minimum security requirements for implementers. Thanks to this (heuris-tic) translation, we observe that (i) security against physical attacks can be viewed as a tradeoff between mode-level and implementation-level protection mechanisms, and (ii) security requirements to guarantee confidentiality and integrity in front of leakage can be concretely different for the different parts of an implementation. We illustrate the first point by analyzing several modes of operation with gradually increased leakage-resistance. We illustrate the second point by exhibiting leveled implementations, where different parts of the investigated schemes have different security requirements against leakage, leading to performance improvements when high physical security is needed. We finally initiate a comparative discussion of the different solutions to instantiate the components of a leakage-resistant authenticated encryption scheme.

Published

2020

6. Spook: Sponge-Based Leakage-Resistant Authenticated Encryption with a Masked Tweakable Block Cipher

Author

Thomas Peters, Balazs Udvarhelyi, Friedrich Wiemer, Charles Momin, Chun Guo, Gregor Leander, Gaëtan Cassiers, Davide Bellizia, Gaëtan Leurent, Sébastien Duval, François-Xavier Standaert, Olivier Bronchain, Itamar Levi, Francesco Berti, Olivier Pereira, Institute of Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM), Université Catholique de Louvain = Catholic University of Louvain (UCL), Shandong University, Ruhr-Universität Bochum [Bochum], Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), This work has been funded in part by European Union and the Walloon Region through the ERC Project 724725 (acronym SWORD), the FEDER Project USERMedia (convention 501907-379156), the H2020 project REASSURE and the Wallinov TRUSTEYE project., European Project: 724725,SWORD(2017), European Project: 731591,REASSURE(2017), and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Authenticated encryption, lcsh:Computer engineering. Computer hardware, Computer science, lcsh:TK7885-7895, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, masking countermeasure, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], leakage-resistance, NIST lightweight cryptography standardization effort, 0202 electrical engineering, electronic engineering, information engineering, Leakage (electronics), Block cipher, Leakage-resistance, Bitslice ciphers, Masking countermeasure, Low energy, business.industry, Applied Mathematics, 020202 computer hardware & architecture, Computer Science Applications, low energy, Computational Mathematics, 010201 computation theory & mathematics, Embedded system, bitslice ciphers, business, Software

Abstract

This paper defines Spook: a sponge-based authenticated encryption with associated data algorithm. It is primarily designed to provide security against side-channel attacks at a low energy cost. For this purpose, Spook is mixing a leakageresistant mode of operation with bitslice ciphers enabling efficient and low latency implementations. The leakage-resistant mode of operation leverages a re-keying function to prevent differential side-channel analysis, a duplex sponge construction to efficiently process the data, and a tag verification based on a Tweakable Block Cipher (TBC) providing strong data integrity guarantees in the presence of leakages. The underlying bitslice ciphers are optimized for the masking countermeasures against side-channel attacks. Spook is an efficient single-pass algorithm. It ensures state-of-the-art black box security with several prominent features: (i) nonce misuse-resilience, (ii) beyond-birthday security with respect to the TBC block size, and (iii) multiuser security at minimum cost with a public tweak. Besides the specifications and design rationale, we provide first software and hardware implementation results of (unprotected) Spook which confirm the limited overheads that the use of two primitives sharing internal components imply. We also show that the integrity of Spook with leakage, so far analyzed with unbounded leakages for the duplex sponge and a strongly protected TBC modeled as leak-free, can be proven with a much weaker unpredictability assumption for the TBC. We finally discuss external cryptanalysis results and tweaks to improve both the security margins and efficiency of Spook., IACR Transactions on Symmetric Cryptology, Volume 2020, Special Issue 1

Published

2020

7. Side-Channel Countermeasures’ Dissection and the Limits of Closed Source Security Evaluations

Author

François-Xavier Standaert, Olivier Bronchain, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Certification, lcsh:Computer engineering. Computer hardware, lcsh:T58.5-58.64, Computer science, Worst-Case (Multivariate) Analysis, lcsh:Information technology, 020206 networking & telecommunications, lcsh:TK7885-7895, 02 engineering and technology, Dissection (medical), Computer security, computer.software_genre, medicine.disease, Security Evaluations, Side channel countermeasures, Affine Masking, Side-Channel Attacks, Shuffling, Open Source Design, 0202 electrical engineering, electronic engineering, information engineering, medicine, 020201 artificial intelligence & image processing, computer

Abstract

We take advantage of a recently published open source implementation of the AES protected with a mix of countermeasures against side-channel attacks to discuss both the challenges in protecting COTS devices against such attacks and the limitations of closed source security evaluations. The target implementation has been proposed by the French ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) to stimulate research on the design and evaluation of side-channel secure implementations. It combines additive and multiplicative secret sharings into an affine masking scheme that is additionally mixed with a shuffled execution. Its preliminary leakage assessment did not detect data dependencies with up to 100,000 measurements. We first exhibit the gap between such a preliminary leakage assessment and advanced attacks by demonstrating how a countermeasures’ dissection exploiting a mix of dimensionality reduction, multivariate information extraction and key enumeration can recover the full key with less than 2,000 measurements. We then discuss the relevance of open source evaluations to analyze such implementations efficiently, by pointing out that certain steps of the attack are hard to automate without implementation knowledge (even with machine learning tools), while performing them manually is straightforward. Our findings are not due to design flaws but from the general difficulty to prevent side-channel attacks in COTS devices with limited noise. We anticipate that high security on such devices requires significantly more shares., IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2020, Issue 2

Published

2020

8. Side-channel analysis of a learning parity with physical noise processor

Author

Dina Kamel, Olivier Bronchain, Davide Bellizia, François-Xavier Standaert, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Computer Networks and Communications, Computer science, Gaussian, Open problem, Word error rate, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, symbols.namesake, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Randomness, business.industry, Authentication, 020202 computer hardware & architecture, Communication noise, Computer engineering, 010201 computation theory & mathematics, Learning parity with noise, Authentication protocol, symbols, business, Side-channel analysis, Probabilistic computation, Software

Abstract

Learning parity with physical noise (LPPN) has been proposed as an assumption on which to build authentication protocols based on the learning parity with noise (LPN) problem. Its first advantage is to reduce the randomness requirements of standard LPN-based protocols, by directly performing erroneous computations so that no (e.g. Bernoulli-distributed) errors have to be generated on chip. At ASHES 2018, an LPPN processor was presented and confirmed the possibility to efficiently generate erroneous computations with the appropriate error rate. Since LPPN computations are key-homomorphic, they are good candidates for improved side-channel security thanks to masking, since they could theoretically lead to masked implementations with overheads that are linear in the number of shares, the analysis of which was left as an open problem. In this paper, we confirm this good potential by analyzing the side-channel security of an LPPN processor. We (1) evaluate the leakage of different parts of the erroneous computations, (2) conclude that intermediate computations that can be targeted with a divide-and-conquer Gaussian template attack are a sweet spot for side-channel attacks, and (3) show that LPPN computations naturally reach a level of noise that makes masking effective, despite further noise addition could be beneficial to reach higher security at lower implementation cost.

Published

2020

9. Leakage Certification Revisited: Bounding Model Errors in Side-Channel Security Evaluations

Author

Clément Massart, Alex Olshevsky, François-Xavier Standaert, Julien M. Hendrickx, Olivier Bronchain, UCL - SST/ICTM/INMA - Pôle en ingénierie mathématique, and UCL - SST/ICTM/ELEN - Pôle en ingénierie électrique

Subjects

Implementation / side-channel analysis, Security evaluations, Mutual information, Computer science, business.industry, side-channel analysis, Estimator, Statistical model, Cryptography, 02 engineering and technology, 020202 computer hardware & architecture, Bounding overwatch, 0202 electrical engineering, electronic engineering, information engineering, Statistical inference, 020201 artificial intelligence & image processing, Side channel attack, business, implementation, mutual information, Algorithm, Random variable, security evaluations

Abstract

Leakage certification aims at guaranteeing that the statistical models used in side-channel security evaluations are close to the true statistical distribution of the leakages, hence can be used to approximate a worst-case security level. Previous works in this direction were only qualitative: for a given amount of measurements available to an evaluation laboratory, they rated a model as “good enough” if the model assumption errors (i.e., the errors due to an incorrect choice of model family) were small with respect to the model estimation errors. We revisit this problem by providing the first quantitative tools for leakage certification. For this purpose, we provide bounds for the (unknown) Mutual Information metric that corresponds to the true statistical distribution of the leakages based on two easy-to-compute information theoretic quantities: the Perceived Information, which is the amount of information that can be extracted from a leaking device thanks to an estimated statistical model, possibly biased due to estimation and assumption errors, and the Hypothetical Information, which is the amount of information that would be extracted from an hypothetical device exactly following the model distribution. This positive outcome derives from the observation that while the estimation of the Mutual Information is in general a hard problem (i.e., estimators are biased and their convergence is distribution-dependent), it is significantly simplified in the case of statistical inference attacks where a target random variable (e.g., a key in a cryptographic setting) has a constant (e.g., uniform) probability. Our results therefore provide a general and principled path to bound the worst-case security level of an implementation. They also significantly speed up the evaluation of any profiled side-channel attack, since they imply that the estimation of the Perceived Information, which embeds an expensive cross-validation step, can be bounded by the computation of a cheaper Hypothetical Information, for any estimated statistical model.

Published

2019