Opendata, web and dolomites
  1. home
  2. trasparenza
  3. open h2020
  4. reassure
  5. reports

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - REASSURE (Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience)

Teaser

Implementing cryptography on embedded devices is an ongoing challenge: every year new implementation flaws are discovered and new attack paths are being used by real life adversaries. Whilst cryptography can guarantee many security properties, it crucially depends on the...

Summary

Implementing cryptography on embedded devices is an ongoing challenge: every year new implementation flaws are discovered and new attack paths are being used by real life adversaries. Whilst cryptography can guarantee many security properties, it crucially depends on the ability to keep the used keys secret even in face of determined adversaries. Over the last two decades a new type of adversary has emerged, able to obtain, from the cryptographic implementation, side channel leakage such as recording of response times, power or EM signals, etc. To account for such adversaries, sophisticated security certification and evaluation methods (Common Criteria, EMVCo, FIPS…) have been established to give users assurance that security claims have withstood independent evaluation and testing. Recently the reliability of these evaluations has come into the spotlight: the Taiwanese citizen card proved to be insecure, and Snowden’s revelations about NSA\'s tampering with FIPS standards eroded public confidence.

REASSURE will
(1) improve the efficiency and quality of all aspects of certification using a novel, structured detect-map-exploit approach that will also improve the comparability of independently conducted evaluations,
(2) cater for emerging areas such as the IoT by automating leakage assessment practices in order to allow resistance assessment without immediate access to a testing lab,
(3) deliver tools to stakeholders, such as reference data sets and an open-source leakage simulator based on instruction-level profiles for a processor relevant for the IoT,
(4) improve standards by actively pushing the novel results to standardization bodies.

REASSURE\'s consortium is ideal to tackle such ambitious tasks. It features two major circuits manufacturers (NXP, MORPHO), a highly respected side channel testing lab (Riscure), an engaged governmental representative (ANSSI), and two of the most prominent research institutions in this field (UCL, University of Bristol).

Work performed

REASSURE\'s work is organized into a number of work packages, which directly address the four objectives.

(1) Improving efficiency
Efficiency in side channel evaluations is mainly characterised by time/effort and quality of the evaluation. The time/effort strongly depends on the number of side channel measurements that have to be acquired, but also how efficiently these traces are utilised. The quality of an evaluation is given by the confidence that one can have in it: the more attack vectors have been covered, and the more statistical guarantees can be given regarding attack outcomes, the higher the confidence will be. REASSURE contributed a number of novel techniques in this space. Most notably, ANSSI\'s research on neural network as a profiling tool led to high profile publications, and RISCURE is organising a capture the flag event at CHES 2018. We also put forward novel ideas for leakage detection techniques.

(2) Catering for emerging areas
Finding and correcting information leaks in implementations is a challenge even for domain experts. In up and coming areas such as the wide Internet of Things (IoT) domain there is also a great need to tackle the issue of side channels, yet developers and system architects lack the crypto domain-specific expertise to do so. REASSURE is developing ways to produce leakage simulation tools and associated robust statistical tools and techniques that could be made available for such communities to facilitate in-house evaluations. The consortium also released a white paper that explains the role and use of shortcut formulas in the context of leakage evaluations.

(3) Tools and data sets
Related to our work on leakage simulators we released a prototype simulator called ELMO, which simulates leakage for Cortex-M0 based processors. We also released a number of open-source data sets from AES implementations, but also DES and RSA. All these data sets are large enough and varied enough for research on the use of Neural Networks.

(4) Interaction with standardisation/evaluation activities
We have made contact with the relevant coordinators/bodies and are preparing to present REASSURE results next year.

Final results

Our work on Neural Networks has pushed beyond the state of the art. Their use may be transformative for evaluations because of their ability to deal with \'less than optimal\' measurements, in particular with measurements that show considerable misalignment. The CHES capture the flag event is designed to captivate the wider side channel community and will undoubtably encourage many in the community to engage with this transformative topic.
Our work on leakage detection is currently being amalgamated and prepared in the form of a tutorial for presentation at CARDIS 2018. This tutorial will feature some interactive elements for `home use\' and is intended to make the sound statistical reasoning about detected (or not) leaks more accessible for non-experts. We will continue to promote this material and expect this to become a reference for developers/testers and evaluators alike.

Website & more info

More info: http://reassure.eu/.