Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. sophia
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 2 - SOPHIA (Securing Software against Physical Attacks)

Teaser

Today, more and more products contain electronic components that are connected to the Internet. They form the so-called Internet of Things. While this leads to unprecedented opportunities to increase productivity and convenience, this also leads to unprecedented threats...

Summary

Today, more and more products contain electronic components that are connected to the Internet. They form the so-called Internet of Things. While this leads to unprecedented opportunities to increase productivity and convenience, this also leads to unprecedented threats. Information security is a central challenge for our society. It is crucial not only for the data that is processed in our computers but due to the IoT, information security also affects the physical world. When considering applications like autonomous driving, it even affects our physical safety.

Information security for our computing systems is provided at different levels. However, it can also be compromised at different levels of abstraction. In particular, it can be compromised due to physical properties of a device. For example, the power consumption of a device might reveal information about the data that is processed inside a device. Also, the timing behavior of a program might leak information. An attacker may also manipulate a security mechanism of a device by shortly changing the supply voltage of a device while this security mechanism is active in a device. All these examples constitute so-called side channels. In these attacks, a physical property of a device is exploited in order to overcome a security mechanism.
The goal of the project SOPHIA is to research the theoretical foundations of side channel attacks and novel side channel techniques in order to find efficient and effective countermeasures that allow the execution of software without leaking information via side channels.

Work performed

The research of SOPHIA can be grouped in multiple research fields. The main research fields include novel randomization techniques as a countermeasure against attacks that aim at revealing secret information by analyzing the power consumption of a device. We have found a novel protection technique and we have even been able to provide a proof that implementations of this technique are secure. Another field is the exploration of timing side-channel attacks that can be conducted remotely. In the context of this research, we found two vulnerabilities in current processors that have been published as Meltdown and Spectre. The publication of these attacks in January 2018 has created significant media attention as these attacks affected billions of devices worldwide. The research to explore the approach of these attacks further is still ongoing.
A third central result of the project is related to novel techniques and countermeasures in the context of fault induction. Fault induction can occur for example by changing the supply voltage of a device. We found out that existing redundancy countermeasures for implementations of symmetric encryption schemes are not sufficient to provide protection against fault attacks. In fact, we have shown that current randomization and redundancy techniques are all ineffective if the attacker follows a novel attack approach, which we term “statistical ineffective fault attacks”. The research on finding countermeasures against this approach is ongoing.

Final results

Overall, this project has led to many results that significantly changed that state-of-the art. The most fundamental ones are:

* the exploitation of speculation in processors to overcome isolation mechanisms in processors
* the exploitation of ineffective faults to reveal cryptographic keys
* the modeling of hardware glitches in order to proof the security of hardware implementations
* the formal verification of countermeasures against fault induction

The second half of the project will continue with the exploration of the found weaknesses of current systems in order to find sound countermeasures. The goal is to design a prototype processor in the end that implements this countermeasures and that is available for everybody based on an open-source license.

Website & more info

More info: http://www.iaik.tugraz.at/mangard.