Table of contents

  • This session has been presented January 24, 2025 (11:00 - 12:00).

Description

  • Speaker

    Ileana Buhan - Radboud University Nijmegen

With the growing prevalence of software-based cryptographic implementations in high-level languages, understanding the role of architectural and micro-architectural components in side-channel security is critical. The role of compilers in case of software implementations towards contribution to side-channel leaks is not investigated. While timing-based side-channel leakage due to compiler effects has been extensively studied, the impact of compiler optimizations on power-based leakage remains underexplored, primarily due to challenges in isolating the architectural power component. In this work, we present ARCHER, an architecture-level tool for side-channel analysis and root cause identification of cryptographic software on RISC-V processors. ARCHER integrates two key functionalities: (1) Side-Channel Analysis using TVLA and its variants to detect leakage, and (2) Data Flow Analysis to track intermediate values and explain observed leaks. ARCHER supports pre-silicon analysis of high-level and assembly code, offering algorithm-agnostic insights through interactive visualizations and detailed reports on execution statistics, leakage points, and their causes.
Using ARCHER, we analyze binary transformations across five optimization levels (-O0, -O1, -O2, -O3, -Os) to isolate the architectural effects of compiler optimizations from the micro-architectural influences of the target device. This study, spanning both unprotected and masked AES implementations, reveals actionable insights into how optimizations affect power-based leakage. Notably, we identify a previously undocumented vulnerability in the ShiftRow operation of masked AES, introduced by compiler optimizations. This vulnerability, confirmed through correlation analysis on simulated power traces, is validated on physical hardware using an ASIC implementation of the PicoRV32 core, confirming that architectural-level vulnerabilities translate to real-world leakage.

Next sessions

  • CHERI: Architectural Support for Memory Protection and Software Compartmentalization

    • September 12, 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Robert Watson - University of Cambridge

    CHERI is a processor architecture protection model enabling fine-grained C/C++ memory protection and scalable software compartmentalization. CHERI hybridizes conventional processor, instruction-set, and software designs with an architectural capability model. Originating in DARPA’s CRASH research program in 2010, the work has progressed from FPGA prototypes to the recently released Arm Morello[…]

    • SoSysec

    • SemSecuElec

    • Compartmentalization

    • Micro-architectural vulnerabilities

    • Hardware architecture

  • CHERI standardization and software ecosystem

    • September 12, 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Carl SHAW - CODASIP

    This talk will describe the current status of the RISC-V International standardization process to add CHERI as an official extension to RISC-V. It will then explore the current state of CHERI-enabled operating systems, toolchains and software tool development, focusing on the CHERI-RISC-V hardware implementations of CHERI. It will then go on to give likely future development roadmaps and how the[…]

    • SoSysec

    • SemSecuElec

    • Compartmentalization

    • Micro-architectural vulnerabilities

  • PhaseSCA: Exploiting Phase-Modulated Emanations in Side Channels

    • October 24, 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Pierre Ayoub - LAAS-CNRS

    In recent years, the limits of electromagnetic side-channel attacks have been significantly expanded.However, while there is a growing literature on increasing attack distance or performance, the discovery of new phenomenons about compromising electromagnetic emanations remains limited. In this work, we identify a novel form of modulation produced by unintentional electromagnetic emanations: phase[…]

    • Side-channel

  • Conformité TEMPEST et compromission d’information au travers de l’arbre d’alimentation d’un équipement

    • November 28, 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Tristan PECHERAU, David HARDY - Thalès

    THALES conçoit des équipements cryptographiques et de radiocommunication tactiques, navales et aéronautiques, embarquant des éléments de chiffrement pour la sécurité des communications. Cette sécurité notamment d’un point de vue des émanations électromagnétiques est normée. Ces normes de sécurité de l’information, sont connues sous le nom de code “TEMPEST”, correspondant aux normes OTAN SDIP-27,[…]

  • Prise de contrôle d’un infodivertissement automobile à distance

    • November 28, 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Speaker : Philippe Trebuchet, Guillaume Bouffard - ANSSI

    Les véhicules connectés intègrent de nombreuses technologies de communications sans-fil à distance, comme celles exploitant les protocoles Bluetooth ou WiFi. Si le gain en confort d’utilisation et d’interaction est notable, la mise à disposition de ce type d’interfaces augmente les risques en matière de cybersécurité. Dans cet article, nous analysons l’implémentation de la pile Bluetooth embarquée[…]

    • SemSecuElec

    • Network

    • Embedded systems

Show previous sessions
Page top