Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel Attacks-Reference-Cited by-同舟云学术

Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel Attacks

Published:2023-12-05 Issue: Volume: Page:
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Gao Pengfei¹,Song Fu²,Chen Taolue³

Affiliation:

1. Bytedance, China

2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, China and University of Chinese Academy of Sciences, China

3. Birkbeck, University of London, UK

Abstract

Power side-channel attacks allow an adversary to efficiently and effectively steal secret information (e.g., keys) by exploiting the correlation between secret data and run-time power consumption, hence posing a serious threat to software security, in particular, cryptographic implementations. Masking is a commonly used countermeasure against such attacks, which breaks the statistical dependence between secret data and side-channel leaks via randomization. In a nutshell, a variable is represented by a vector of shares armed with random variables, called masking encoding, on which cryptographic computations are performed. While compositional verification for the security of masked cryptographic implementations has received much attention because of its high efficiency, existing compositional approaches either use implicitly fixed pre-conditions which may not be fulfilled by state-of-the-art efficient implementations, or require user-provided hard-coded pre-conditions which is time-consuming and highly non-trivial, even for expert. In this paper, we tackle the compositional verification problem of first-order masking countermeasures, where first-order means that the adversary is allowed to access only one intermediate computation result. Following the literature, we consider countermeasures given as gadgets, that are special procedures whose inputs are masking encodings of variables. We introduce a new security notion parameterized by an explicit pre-condition for each gadget, and composition rules for reasoning about masking countermeasures against power side-channel attacks. We propose accompanying efficient algorithms to automatically infer proper pre-conditions, based on which our new compositional approach can efficiently and automatically prove security for masked implementations. We implement our approaches as a tool MaskCV and conduct experiments on publicly available masked cryptographic implementations including 10 different full AES implementations. The experimental results confirm the effectiveness and efficiency of our approach.

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3635707

Reference97 articles.

1. 2022. MASKCV. https://figshare.com/s/1fc592780ab44ccfa39e 2022. MASKCV. https://figshare.com/s/1fc592780ab44ccfa39e

2. A code morphing methodology to automate power analysis countermeasures

3. Wolfgang Ahrendt Bernhard Beckert Richard Bubel Reiner Hähnle Peter H. Schmitt and Mattias Ulbrich (Eds.). 2016. Deductive Software Verification - The KeY Book - From Theory to Practice. Vol. 10001. Springer. Wolfgang Ahrendt Bernhard Beckert Richard Bubel Reiner Hähnle Peter H. Schmitt and Mattias Ulbrich (Eds.). 2016. Deductive Software Verification - The KeY Book - From Theory to Practice. Vol. 10001. Springer.

4. Anoud Alshnakat Dilian Gurov Christian Lidström and Philipp Rümmer. 2020. Constraint-Based Contract Inference for Deductive Verification. In Deductive Software Verification: Future Perspectives - Reflections on the Occasion of 20 Years of KeY. 149–176. Anoud Alshnakat Dilian Gurov Christian Lidström and Philipp Rümmer. 2020. Constraint-Based Contract Inference for Deductive Verification. In Deductive Software Verification: Future Perspectives - Reflections on the Occasion of 20 Years of KeY. 149–176.