Sommaire

Description

  • Orateur

    Ileana Buhan - Radboud University Nijmegen

With the growing prevalence of software-based cryptographic implementations in high-level languages, understanding the role of architectural and micro-architectural components in side-channel security is critical. The role of compilers in case of software implementations towards contribution to side-channel leaks is not investigated. While timing-based side-channel leakage due to compiler effects has been extensively studied, the impact of compiler optimizations on power-based leakage remains underexplored, primarily due to challenges in isolating the architectural power component. In this work, we present ARCHER, an architecture-level tool for side-channel analysis and root cause identification of cryptographic software on RISC-V processors. ARCHER integrates two key functionalities: (1) Side-Channel Analysis using TVLA and its variants to detect leakage, and (2) Data Flow Analysis to track intermediate values and explain observed leaks. ARCHER supports pre-silicon analysis of high-level and assembly code, offering algorithm-agnostic insights through interactive visualizations and detailed reports on execution statistics, leakage points, and their causes.
Using ARCHER, we analyze binary transformations across five optimization levels (-O0, -O1, -O2, -O3, -Os) to isolate the architectural effects of compiler optimizations from the micro-architectural influences of the target device. This study, spanning both unprotected and masked AES implementations, reveals actionable insights into how optimizations affect power-based leakage. Notably, we identify a previously undocumented vulnerability in the ShiftRow operation of masked AES, introduced by compiler optimizations. This vulnerability, confirmed through correlation analysis on simulated power traces, is validated on physical hardware using an ASIC implementation of the PicoRV32 core, confirming that architectural-level vulnerabilities translate to real-world leakage.

Infos pratiques

Prochains exposés

  • Hardware Trojan Horses and Microarchitectural Side-Channel Attacks: Detection and Mitigation via Hardware-based
    Methodologies

    • 24 janvier 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Orateur : Alessandro PALUMBO - CentraleSupélec, IRISA, Inria

    Hardware Trojan Horses that are software-exploitable can be inserted into microprocessors, allowing attackers to run unauthorized code or escalate privileges. Additionally, it has been demonstrated that attackers could observe certain microprocessor features - seemingly unrelated to the program's execution - to exfiltrate secrets or private data. So, even devices produced in secure foundries could[…]

    • SemSecuElec

    • Side-channel

    • Micro-architectural vulnerabilities

    • Hardware trojan

  • Covert Communication Channels Based On Hardware Trojans: Open-Source Dataset and AI-Based Detection

    • 28 février 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Orateur : Alan Díaz Rizo - Sorbonne Université Lip6

    The threat of Hardware Trojan-based Covert Channels (HT-CCs) presents a significant challenge to the security of wireless communications. In this work, we generate in hardware and make open-source a dataset for various HT-CC scenarios. The dataset represents transmissions from a HT-infected RF transceiver hiding a CC that leaks information. It encompasses a wide range of signal impairments, noise[…]

    • SemSecuElec

    • Machine learning

    • Hardware trojan

  • Measurement the thermal component of clock jitter used as entropy source by TRNGs

    • 28 février 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Orateur : Arturo GARAY - STMicroelectronics

    Introduction Measuring the thermal component of clock jitter as an entropy source for True Random Number Generators (TRNGs) is compulsory for the security and evaluation of clock-jitter based TRNGs. However, identifying and isolating the local thermal noise component from other noise sources, particularly flicker noise, while performing a precise measurement remains a challenge. Current[…]

    • SemSecuElec

    • TRNG

  • Cryptanalytical extraction of complex Neural Networks in black-box settings

    • 28 mars 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Espace de conférences

    Orateur : Benoit COQUERET - INRIA, Thales CESTI

    With the widespread development of artifical intelligence, Deep Neural Networks (DNN) have become valuable intellectual property (IP). In the past few years, software and hardware-based attacks targetting at the weights of the DNN have been introduced allowing potential attacker to gain access to a near-perfect copy of the victim's model. However, these attacks either fail against more complex[…]

    • SemSecuElec

    • Side-channel

    • Machine learning

Voir les exposés passés
Haut de page