SÉANCES DE L’ANNÉE

 

JUIN 2024
 

“On jitter transfer in Ring Oscillator” by David Lubicz (DGA-MI)

Date : 21 juin 2024
Place : Amphithéâtre Rennes

The “jitter transfer principle” states the statistical equivalence between two designs of oscillator based TRNG. A first design consists in two noisy oscillators a first one sampling the other while the second design is a noisy oscillator sampled by a perfectly stable clock signal. This last design is used in particular in [1] in order to compute the entropy rate produced by the thermal noise whereas the first design is commonly used for the implementations and measures. The jitter transfer principle allows to enjoy the good features of the two designs that is being able to measure the jitter and use a stochastic model to compute the entropy rate. A version of jitter transfer principle can be found in [1] but the given formula to translate the statistical parameters of the phase noise does not cover most practical cases and it does not come with the error bounds necessary to certify the computations. In this presentation, we make a more thorough and effective treatment of the jitter transfer principle and give further applications in particular to the computation of the entropy rate of a multiring oscillator-based TRNG.

[1] Mathieu Baudet, David Lubicz, Julien Micolod, and André Tassiaux. On the Security280 of Oscillator-Based Random Number Generators. Journal of Cryptology, 24(2):398–425

 

JUIN 2024
 

“Side-Channel Analysis against Confidentiality of Embedded Deep Learning Models” by Raphaël Joud

Date : 21 juin 2024
Place : Amphithéâtre Rennes

The usage of Deep Learning (DL) models on embedded systems keeps getting more and more popular. Their security must be ensured as those models may be required to perform sensitive tasks or handle confidential data. This question is notably brought up in European regulation projects. However, securing DL models is not considered at the design phase and their deployment exposes them to physical attacks in addition to numerous algorithmic attacks that already exist. This talk focuses on confidentiality threats of DL models leveraging on physical attacks, especially side-channel analysis. Characteristics behind model performance are targeted with a fidelity objective, meaning that such a scenario aims to obtain a clone rather than just steal model performance. Studies are divided into three distinct topics. First, we study architecture extraction considering quantized models in a restrictive black-box context. Such evaluations have been made using only basic pattern recognition methods applied to circuit electromagnetic emanations. Then, we focus on parameter extraction from DL models embedded in 32-bit microcontrollers (Cortex-M7). Leveraging on an iterative strategy, we highlight several challenges induced by complete model extraction through side-channel analysis. From these results, we consider some countermeasures aiming at strengthening embedded DL model confidentiality.

 

MAI 2024
 

“L’observation des signaux de canaux auxiliaires dans un espace fréquentiel” by Anne Frassati (CEA)

Date : 24 mai 2024
Place : Amphithéâtre Rennes

La cryptographie embarquée sur les cartes à puce peut être vulnérable à des attaques par observation, basées sur l’interprétation des informations récupérées pendant l’exécution de l’algorithme. Cette fuite d’information est en général mesurée au niveau matériel sous la forme d’un signal de consommation de courant ou de rayonnement électromagnétique. Actuellement les méthodes pour exploiter ces signaux et retrouver des éléments secrets reposent essentiellement sur des outils statistiques.

Cependant l’information utilisée est partielle, car ces techniques exploitent principalement le signal dans l’espace temporel. Les signaux (appelés « traces » dans le cadre des attaques par observation) étant de plus en plus complexes, bruités et désynchronisés, et également très variables d’un composant à l’autre, l’application de méthodes de traitement de signal, en particulier d’une analyse temps/fréquence, permet d’obtenir des informations complémentaires provenant de l’espace fréquentiel. L’utilisation de ces informations (techniques de filtrage, compression des signaux, détection de motifs dans le but d’une resynchronisation optimale, ou encore pour le découpage des traces dans le cadre d’attaques dites « horizontales ») peut ainsi conduire à une amélioration des attaques.

MAI 2024
 

“Optimizing data leakage exploitation in screaming-channel attacks” by Jérémy Guillaume (Centrale Supélec, IETR)

Date : 24 mai 2024
Place : Amphithéâtre Rennes

Screaming-channel attacks are a particular instance of side-channel attacks on mixed-signal devices that integrate RF modules on the same die as digital modules. In this context, the leakage reaches the RF module, which unintentionally modulates, amplifies, and transmits it, enabling side-channel attacks at a distance of several meters from the victim. In this work, we investigate the leakage properties to enable more realistic attacks. First, we focus on the synchronization problem during trace collection. As the attack relies on a radio link and the objective is to increase the distance from the victim, it is necessary to suppress the trigger signal used in traditional side-channel setups. For this, we propose Virtual Trigger (VT), a new method based on exploiting the knowledge of the precise time duration of the victim process. VT allows for simpler setups for screaming-channel attacks compared to previous works. In a second step, we focus on more realistic environments other than laboratory conditions. Here, the leakage can be polluted by stronger legitimate signals (WiFi, Bluetooth), which can jeopardize the attack. To mount screaming-channel attacks in these conditions, we explore the frequency diversity of the leakage and demonstrate that it is present in a wider range of frequencies than expected. This discovery considerably increases the number of potentially unpolluted frequencies that can be used to mount successful attacks. With this, we study different methods to combine these frequencies and demonstrate how to build successful attacks with fewer traces. Finally, we study the feasibility of this attack on mixed-signal and reconfigurable targets containing much stronger isolation between the digital and the analog parts, making the attack much more complex. Nevertheless, we demonstrate that the leakage is still present at the output of the RF interface.

APRIL 2024
 

“Les IEMIs : de la susceptibilité du composant au système” by Tristan DUBOIS (IMS Bordeaux)

Date : 19 april 2024
Place : Room Petri/Turing

Les interférences électromagnétiques intentionnelles sont des rayonnements électromagnétiques émis dans le but de générer des dysfonctionnements au sein des objets électroniques. En fonction des signaux utilisés pour générer ces interférences, les dysfonctionnements peuvent aller de la destruction à de simples perturbations du fonctionnement de l’objet testé. Bien que plusieurs études et publications présentent des résultats de destruction et de perturbation de composants et objets électroniques, les formes d’onde d’agression sont généralement « relativement simples » (purement sinusoïdale, impulsionnelle modulée, …). Très peu d’étude propose d’explorer l’effet de formes d’onde plus complexes d’agression électromagnétique sur la susceptibilité de composants électroniques. La présentation propose une approche « Bottom-Up » dont le but est d’étudier exhaustivement la susceptibilité au niveau composant et d’optimiser les formes d’onde d’agression pour une perturbation au niveau système. Ce travail devrait, à terme, permettre de déterminer une méthodologie et des formes d’onde à utiliser lors de tests de qualification, ainsi que de proposer des règles de conception pour durcir les objets électroniques.

 

APRIL 2024
 

“Contrôle de PLL par injection répétée de fautes” by Louis DUBOIS (DGA/ANSSI)

Date : 19 april 2024
Place : Room Petri/Turing

Je présenterai une méthodologie permettant d’optimiser le coût de réalisation d’une attaque par injection de fautes, en se basant sur des moyens d’injection localisés spatialement (induction magnétique, effet photoélectrique, polarisation de substrat). Concrètement, j’étudie comment l’injection de fautes répétées sur une PLL – brique de base présente dans la plupart des circuits intégrés, et utilisée afin de générer des signaux d’horloges stables – permet d’en modifier la fréquence de sortie, et ce de manière contrôlée. Dans la mesure où la modification du signal d’horloge d’un circuit peut en modifiant le comportement, et induire des fautes, ces résultats ont des conséquences sur la sécurité, ainsi que la compatibilité EM, des composants. Enfin, je présenterai les résultats expérimentaux réalisés jusqu’alors : validation du modèle de contrôle de la fréquence de la PLL, et application pour l’injection de fautes logicielles sur des microcontrôleurs.

 

MARCH 2024
 

“Réflexions sur l’automatisation des analyses par canaux auxiliaires” by BOUSSAM Sana (INRIA/LIX, Institut Polytechnique de Paris et le CESTI Thales)

Date : 22 march 2024
Place : Room Petri/Turing

Les systèmes embarqués sont omniprésents de nos jours : on en trouve aussi bien dans des systèmes critiques (satellites, radios…) que dans l’IoT (objets connectés). Ces systèmes contiennent donc de plus en plus d’informations sensibles (données biométriques, bancaires…). Afin de les sécuriser, ces données sont chiffrées par des algorithmes cryptographiques mathématiquement sûrs. Cependant, l’implémentation de ces algorithmes au sein de ces systèmes rendent ces derniers vulnérables à un type d’attaques : les attaques par canaux auxiliaires (ou side-channel attacks). En effet, les attaques par canaux auxiliaires ne remettent pas en cause les preuves de sécurité des algorithmes cryptographiques. Elles visent plutôt à exploiter des faiblesses d’implémentations au sein des systèmes physiques. Pour ce faire, ces attaques vont cibler tous types de fuites physiques (consommation de courant, temps d’exécution, rayonnement électromagnétique…) générées par un algorithme cryptographique lors de son exécution afin d’extraire de l’information secrète. Récemment, l’application de techniques de deep learning a été investiguée dans le communauté side-channel afin de réduire les limitations relatives aux méthodes existantes. Parmis ces limitations, on retrouve par exemple la sélection de points de fuite ou encore la désynchronisation etc. Coûteuse et difficile à interpréter, la pertinence de ces techniques de deep learning peut néanmoins être remise en cause. À travers cette discussion, nous souhaitons mettre en évidence qu’une utilisation systématique du deep learning pour la réalisation d’attaque par canaux auxiliaires n’est pas requise. En effet, par une analyse poussée des systèmes ciblés, un adversaire peut identifier des techniques moins coûteuses et plus performantes en fonction du contexte d’application. La question de la substitution de ces approches par des méthodes justifiables et plus appropriées peut alors se poser. Pour illustrer ce propos, une analyse critique du papier [PCBP20] sera proposée afin de démontrer qu’une utilisation raisonnée, justifiée et interprétable des outils de deep learning permet d’accroître les performances d’une attaque utilisant initialement des méthodes complexes, coûteuse et difficilement interprétables. Cette analyse critique reprendra les travaux que nous avons menés dans [BERZ23, BCA23].

[BCA23] Sana Boussam and Ninon Calleja Albillos. Keep it unsupervised : Horizontal attacks meet simple classifiers. In Smart Card Research and Advanced Applications. Springer International Publishing, November 2023.

[BERZ23] Sana Boussam, Julien Eynard, Guénaël Renault, and Gabriel Zaid. Étude critique d’une méthode de machine learning appliquée à l’analyse par canaux auxiliaires. In Symposium sur la sécurité des technologies de l’information et des communications (SSTIC), pages 253–262, Rennes, France, May 2023.

[PCBP20] Guilherme Perin, Łukasz Chmielewski, Lejla Batina, and Stjepan Picek. Keep it Unsupervised: Horizontal Attacks Meet Deep Learning. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 343–372, December 2020.

MARCH 2024
 

“Low-latency masking with arbitrary protection order based on click elements” by Mateus Felipe SIMOES RODRIGUES (STMicroelectronics)

Date : 22 march 2024
Place : Room Petri/Turing

Masking is a significant countermeasure against side-channel attacks, due to its sound formal proof of security and the scalability of its protection parameters. However, effective masking increases implementation complexity by requiring additional silicon area, random number generators, and higher latency. Therefore, reducing masking implementation costs while preserving its robustness against side-channel attacks is a crucial area of research in hardware security applications.

This presentation proposes a low-latency masking design style with an arbitrary protection order, based on the two-phase bundled-data protocol. This approach relies on click elements to control the handshake logic, enabling the implementation of asynchronous circuits using conventional synthesis tools. Consequently, a hardware designer can obtain an effective single-cycle and protected implementation of cryptographic modules requiring smaller silicon area and potentially lower power consumption compared to the state-of-the-art.

Furthermore, this presentation details the asynchronous design methodology that can be applied in different scenarios to enhance the latency of secure hardware designs. Finally, the presentation demonstrates the assessment of side-channel leakage to evaluate the robustness of this approach based on click elements against side-channel attacks.

 

FEBRUARY 2024
 

“Cross-Layer Fault Analysis for Microprocessor Architectures” by Ihab Alshaer (LCIS/TIMA, Université Grenoble Alpes.)

Date : 26 january 2024
Place : Room Petri/Turing

With the widespread use of embedded system devices, hardware designers and software developers started paying more attention to security issues in order to protect these devices from potential threats.
Among these threats, physical attacks pose a significant risk, with fault injection attacks being a very powerful attack method. Nevertheless, an inaccurate understanding of the impact caused by fault injection can result in the proposal of either excessive or insufficient protections for these devices.
This, in turn, adversely affects the performance/cost ratio and/or the overall device security. To address this challenge, realistic fault models are indispensable for comprehending the effects of fault injection.
Such models play a crucial role in analyzing potential vulnerabilities in software codes and hardware designs, thereby enabling the protection of digital systems against such attacks while maintaining cost-effectiveness.
However, relying solely on limited observations of faulty microprocessors poses challenges when inferring fault models, ultimately limiting our understanding of the effects caused by these faults.

This presentation provides experimental evidence that highlights the challenges in characterizing and modeling the effects of fault injection when considering a single layer of system levels.
Therefore, a cross-layer analysis approach is introduced to bridge the gap between previous studies and enable a better understanding of the effects of the faults.
Furthermore, the presentation showcases the successful implementation of this methodology, resulting in the inference of reliable and novel fault models at both software and hardware levels of abstraction.
 

FEBRUARY 2024
 

“Injection de fautes sur System-on-Chip par perturbation électromagnétique et exploitation” by Clément Fanjas (CEA-Tech, Centre CMP, Équipe Commune CEA Tech – Mines Saint-Étienne, Université Grenoble Alpes, CEA, Leti)

Date : 26 january 2024
Place : Room Petri/Turing

L’injection de fautes est une famille d’attaque matérielle dont le but est de perturber physiquement un système pour l’amener dans un état avantageux pour l’attaquant.
Dans un contexte Forensic ce type d’attaque peut être intéressant pour les forces de l’ordre, notamment pour déchiffrer des données extraites de dispositifs mobiles saisis dans le cadre d’investigations judiciaires.
Cette présentation introduit comment l’injection de faute électromagnétique (EMFI) peut être utilisée pour exploiter les vulnérabilités de System-on-Chip (SoC) utilisés dans des smartphones, et ainsi contourner des fonctions de sécurité critiques comme des Secure-Boot.
Cette présentation se concentre dans un premier temps sur des outils développés dans ce but.
Ces outils s’appuient sur des analyses par canaux auxiliaires pour contourner le verrou posé par le contexte en boîte noire imposé dans le cadre d’une exploitation sur cible réelle.
Dans un deuxième temps est présenté le verrou posé par l’implémentation de SoC utilisant des DRAM en Package-on-Package, ainsi que des techniques permettant de contourner ce verrou.

 

JANUARY 2024
 

“Enhancing quality and security of the PLL-TRNG” by Quentin Dallison (THALES, Université Jean Monnet)

Date : 26 january 2024
Place : Room Petri/Turing

The security of any cryptographic system relies primarily on random number generators embedded in the device, typically an FPGA chip. In order to have high quality randomness not influenced by the activity in the logic area, using the jittered clock signal from PLLs is a good candidate for a physical source of randomness. They are separated from the rest of the device and configurable to suit the needs of the designer. In this talk, we present a new architecture of the PLL-based TRNG including a method to avoid correlation in the output through control of timing in the sampling process, as well as new embedded tests based on the enhanced stochastic model. We also propose a workflow to help find the best parameters, such as output bitrate and entropy rate. We show that bitrates of around 400 kb/s or more can be achieved, while guaranteeing min-entropy rates per bit higher than 0.98 as required by the latest security standards (AIS 20-31 2022).

 

JANUARY 2024
 

“Analyse et instrumentation de piles protocolaires embarquées: retour d’expérience et perspectives” by Romain Cayre (Eurecom)

Date : 26 january 2024
Place : Room Petri/Turing

Depuis quelques années, on assiste au développement et au déploiement de protocoles de communication sans fil d’un nouveau genre, visant à répondre aux besoins spécifiques liés à l’essor des objets connectés (faible consommation énergétique, coexistence, mobilité). Dans ce contexte, la connectivité sans fil est devenue centrale au sein des systèmes embarqués, menant au développement de systèmes sur puces embarquant des piles protocolaires complexes, souvent propriétaires et non documentées. La complexité croissante de ces composants logiciels et leur déploiement massif au sein de l’Internet des Objets a pour conséquence l’apparition d’une nouvelle surface d’attaque potentiellement critique, dont l’étude est indispensable. Cependant, l’intrication avec le matériel, la haute spécialisation et les nombreuses optimisations liés à ces piles protocolaires rendent leur analyse et leur instrumentation particulièrement difficile. Dans ce contexte, il devient nécessaire de développer une méthodologie adaptée, à l’interface entre informatique, électronique et traitement du signal.
Dans cette présentation, nous illustrerons cette méthodologie sur l’un des protocoles les plus déployés au sein de l’Internet des Objets: le Bluetooth Low Energy (BLE). Nous présenterons la synthèse de multiples travaux de recherche portant sur la sécurité des communications sans fil et des systèmes embarqués, sous la forme d’un retour d’expérience sur l’analyse de piles protocolaires BLE embarquées. Nous introduirons les architectures logicielles et matérielles utilisées au sein de systèmes sur puces massivement déployés (ESP32, nRF51/nRF52, Cypress & Broacom), et discuterons des perspectives pour la recherche en sécurité tant offensives que défensives ouvertes par l’instrumentation de ces composants critiques.

 

NOVEMBER 2023
 

“Control Flow Integrity verification scheme based on the RISC-V Trace Encoder” by Olivier Potin (Mines Saint-Etienne, centre CMP – Gardanne)

Date : 24 november 2023
Place : Room Petri/Turing

The increasingly complex nature of embedded systems is accompanied by a strong security requirement: the security level of systems must grow to counter new attacks that exploit hardware and/or software vulnerabilities. Among these threats, the so-called ‘physical’ attacks are considered particularly serious and potent in targeting the confidentiality, integrity, and authenticity of systems. Traditionally, research on side-channel analysis and fault injection has focused on cryptographic primitives. However, recently, fault attacks have been used to compromise the integrity of program execution, broadening the spectrum of applications susceptible to such attacks (bootloaders, firmware updates, etc.). The countermeasures exposed during the presentation enable the verification of whether a program is executed correctly and remains not tampered by these attacks. Their designs are approached using a co-design strategy that involves both software and hardware, taking into account potential interactions between the open micro-architecture of the RISC-V processor and the flexibility of software development (dedicated code, compilation strategy, etc.). The effectiveness of these countermeasures verifying the integrity of the control flow, the code integrity, and the execution integrity of program instructions on a RISC-V processor against fault injections will be detailed. These solutions are based on a module designed by the RISC-V community, known as the Trace Encoder. Several solutions with different levels of granularity and characteristics have been proposed. In comparison to existing solutions in the state of the art, our solutions require no modifications to the RISC-V compilation toolchain or user code.

 

NOVEMBER 2023
 

“Timing-based Power Side-Channels in FPGAs and beyond” by Dennis Gnad (Karlsruhe Institute of Technology (KIT))

Date : 24 november 2023
Place : Room Petri/Turing

FPGAs are getting more widely used for computing accelerators, even in the cloud, where sharing between multiple users is interesting for efficiency reasons. Of course, such setups also ask for new security evaluations. We show how a new class of internal attacks uses standard FPGA primitives to measure or manipulate on-chip voltage, and how that can be used for various side-channel attacks inside the FPGA, FPGA-SoCs, or even other chips on the same PCB. In detail, these attacks use very fine measurement of transistor delay as an indirect measurement of voltage. We show how these measurements can even be used for side channel attacks on devices behind galvanically isolated communication channels by measuring their signal jitter. In the end, there will be a demo presenting one of these attacks on real hardware.

 

JUNE 2022
 

“Ghosting the Spectre: fine-grained control over speculative execution” by Allison RANDAL (University of Cambridge)

Date : 3 june 2022
Place : Room Aurigny

A series of vulnerabilities related to speculative execution rose to attention in 2018. The techniques behind these vulnerabilities were not new, but the combined application of the techniques was more sophisticated, and the security impact more severe, than previously considered possible. Current mitigations for the speculative execution vulnerabilities only offer partial protection, have prohibitive performance penalties, and apply globally so mitigations must be chosen during hardware manufacture or data center deployment. Infrastructure, operating system, and application developers have little or no control over which mitigations are deployed, and therefore no choice in whether they endure the risk of speculation or suffer the performance penalty of mitigations. This talk considers three approaches that partially or completely eliminate speculative execution from modern hardware architectures, as a finer-grained approach to mitigating the speculative execution vulnerabilities.

MAY 2022
 

Security challenges and opportunities in emerging device technologies: a case study on flexible electronics by Nele Mentens (Leiden University, The Netherlands​, and KU Leuven, Belgium)

Date : 6 may 2022
Place : Room Pétri/Turing

While traditional chips in bulk silicon technology are widely used for reliable and highly efficient systems, there are applications that call for devices in other technologies. On the one hand, novel device technologies need to be re-evaluated with respect to potential threats and attacks, and how these can be faced with existing and novel security solutions and methods. On the other hand, emerging device technologies bring opportunities for building the secure systems of the future. This talk gives an overview of the minimal hardware resources that are needed to build secure systems and discusses a case study on flexible electronics on plastics.

MAY 2022
 

Side Channel Analysis: Instruction extraction and Information estimation by Valence Cristiani (CEA-LETI; Université de Montpellier, LIRMM)

Date : 6 may 2022
Place : Room Pétri/Turing

Side-channel usually aims at extracting cryptographic secrets from electronic devices through their physical leakages. However, these channels can leak other sensitive information. The first part of this talk will present a study of side channel-based disassembling (SCBD) that aims to recover instructions executed by a microcontroller. The main threat represented by SCBD is that it potentially allows to find a vulnerability in the executed code or to extract protected software IP.
In the second part, we take a step back and aboard the generic topics of the amount of information leaked by a system. Indeed, whatever the target variable (secret key, instructions.) and the utilized strategy, the amount of information one could gain from a side-channel trace is always bounded by the Mutual Information (MI) between the secret and the trace. This makes it, all punning aside, a key quantity for leakage evaluation. Unfortunately, traces are usually of too high dimension for existing statistical estimators to stay sound when computing the MI over full traces. However, recent works from the machine learning community have shown that it is possible to evaluate the MI in high dimensional space thanks to newest deep learning techniques. We will explore how this new estimator could impact the side-channel domain both for leakage assessment and for unsupervised mutual information-based attacks.

APRIL 2022
 

Bridging Deep Learning and Classical Profiled Side-Channel Attacks by Gabriel Zaid (Thales ITSEF, Toulouse)

Date : 8 april 2022
Place : Room Pétri/Turing

Over the recent years, the cryptanalysis community leveraged the potential of research on Deep Learning to enhance attacks. In particular, several studies have recently highlighted the benefits of Deep Learning based Side-Channel Attacks (DLSCA) to target real-world cryptographic implementations. While this new research area on applied cryptography provides impressive result to recover a secret key even when countermeasures are implemented (e.g. desynchronization, masking schemes), the lack of theoretical results make the construction of appropriate models a notoriously hard problem. In this talk, we propose to investigate a new research axis in order to bridge Deep Learning and Side-Channel Attacks. In particular, we explain the similarities between the generative models and the classical profiled attack (i.e. template attacks, stochastic attacks), and we develop the first DLSCA model that can be fully explained from side-channel theoretical results. This model reduces the black-box property of DL and eases the architecture design for every real-world crypto-system. Finally, a discussion is provided to define the benefits and the limitations of this new solution and a new perspective is proposed for DLSCA models.

FEBRUARY 2022
 

“Implémentations sécurisées et évaluation pré-silicium contre les attaques physiques.” by Sofiane Takarabt (Secure-IC)

Date: 4 february 2022
Place : Web-conference

Side-channel attacks remain a permanent threat against embedded systems, thus reliable protections should be implemented and must be minutely evaluated. In this presentation, we study different possible ways to evaluate against such threats. We show how an evaluation can be carried out to validate a security level of a protected hardware implementation. This approach allows us to estimate in advance the expected security level on a real circuit. We explore an efficient and more exhaustive way to test a masked implementation against vulnerabilities induced by glitches. We took advantage in this approach to setup a better model for this phenomenon, and to explain the form of the generated leakage based on a spectral characterization that can be applied also to real acquisitions. This allows us to explain why standard leakage models are ineffective, and why a prior characterization is required to be able to exploit this kind of flaw. With this better understanding of the leakage, we can design more compact and robust functions, that we validate on simulated and real electromagnetic traces.

APRIL 2018
 

“Masked Proofs and Their Physical Assumptions”
by Vincent Grosso (Radboud Univeriteit, Nijmegen)

Date: 20 april 2018
Rooms: Petri/Turing

Les attaques par canaux auxiliaires sont des menaces majeures contre les mises en uvre cryptographiques. Pour contrer ces attaques, le masquage est une contre-mesure populaire. Un de ces principaux avantages est de pouvoir prouver la sécurité apportée par cette contre-mesure. Ces preuves se basent sur un certain nombre d’hypothèses sur le matériel qui met en uvre le masquage. Dans cette présentation, nous allons nous intéresser à plusieurs effets mettant à mal ces hypothèses et voir leurs impacts sur la sécurité obtenue. Nous nous intéresserons aux problèmes des transitions, des glitches, du coupling et du bruit.

MAY 2018
 

Cryptographie légère intrinsèquement résistante aux attaques physiques pour l’Internet des Objets
by Benjamin Lac (CEA-Tech, Laboratoire Systèmes et Architectures Sécurisés (LSAS))

Date: 25 may 2018
Rooms: Petri/Turing

Avec des applications telles que les smart phones , compteurs intelligents, capteurs et autres systèmes industriels de type SCADA, le nombre d objets connectés à Internet atteindrait les 20 milliards d ici 2020. Les contraintes de taille, coût et consommation ainsi que les problématiques de sécurité liées au déploiement de ces objets à si grande échelle ont mené à la conception de systèmes de chiffrement efficaces et ayant une faible empreinte matérielle, assurant la confidentialité, l authenticité et l intégrité des données contenues et manipulées par ces objets. Cependant, ces systèmes de chiffrement dits ‘légers’ sont déployés au sein d objets qui sont généralement en milieu hostile, à portée de main de tout type d attaquant et ce sur des durées souvent indéterminées . Ainsi, la vulnérabilité de ces objets face aux attaques physiques est une autre problématique de sécurité aujourd’hui au centre des débats.
Au cours de cette présentation, nous caractériserons les besoins en sécurité des objets connectés et nous étudierons des cas concrets d’attaques physiques que nous avons introduites et menées en laboratoire sur une famille récente de systèmes de chiffrement légers, les LS-Designs, dont la structure permet d’implémenter plus efficacement le masquage. Nous analyserons ensuite une contremesure efficace et adaptée aux besoins de l’Internet des Objets que nous avons proposée pour se prémunir des injections de fautes et que nous avons nommée l’IRC pour “Internal Redundancy Countermeasure”. L’IRC permet de détecter ou corriger spatialement et temporellement les injections de fautes, et se combine efficacement avec le masquage afin de proposer une résistance contre la plupart des attaques physiques. Cependant, le coût de l’IRC dépend principalement du système de chiffrement ciblé, et c’est pourquoi nous avons introduit GARFIELD, un nouveau système de chiffrement que nous avons conçu pour diminuer le surcoût d’une sécurisation par l’IRC. Après avoir présenté les spécifications de GARFIELD, nous conclurons cette présentation par une analyse détaillée de la sécurité et des performances de ce nouveau système de chiffrement.

Biographie : Titulaire d’un Master CRYPTIS, parcours Mathématiques, Cryptologie, Codage et Applications, obtenu à la Faculté des Sciences et Techniques de Limoges, Benjamin Lac travaille aujourd’hui au sein du département Systèmes et Architectures Sécurisées (SAS) localisé à Gardanne (13) dans le cadre d’un doctorat Mines Saint-Étienne issu d’une collaboration entre le CEA, la DGA et l’Inria.
Son étude porte sur la définition des besoins en matière de sécurité et performances pour la cryptographie légère dans le contexte de l Internet des Objets, l analyse de la résistance de divers systèmes de chiffrement légers face aux attaques physiques et la conception et l analyse de solutions pour se prémunir de ces attaques.

JUNE 2018
 

“HardBlare, a hardware/software co-design approach for Information Flow Control”
by Guillaume Hiet – Pascal Cotret (Centrale-Supelec)

Date: 22 june 2018
Rooms: Petri/Turing

One way to increase the security level of computer systems is to rely on both software and hardware mechanisms. In this context, the HardBlare project proposes a software hardware co-design methodology to ensure that security properties are preserved all along the execution of the system but also during file storage. The HardBlare project is a multidisciplinary project between CentraleSupélec IETR SCEE research team, Centrale-Supélec Inria CIDRE research team and UBS Lab-STICC laboratory. Our approach is based on Dynamic Information Flow Tracking (DIFT) that generally consists in attaching marks to denote the type of information that are saved or generated within the system. These marks are then propagated when the system evolves and information flow control is performed in order to guarantee a safe execution and storage within the system.

Existing solutions based on hardware modifications are hardly adopted in industry. This is for a large part due to the cost of these hardware modifications but also to the cost induced by the redevelopment of the whole software stack to be adapted to the specific hardware. To tackle this problem, the HardBlare project builds on top of a standard software and hardware platform. The goal is to make no modification of the main processor core and to implement hardware DIFT in a dedicated coprocessor using FPGA. The main challenge in such approach is to narrow the semantic gap between the main processor and the co-processor. To address this issue, we take profit of ARM CoreSight debug components and static analysis to reduce instrumentation time overhead. We developed an end-to-end system including a dedicated DIFT co-processor on FPGA, a modified Linux kernel with DIFT support for file system and a modified LLVM compiler to perform the static analysis of monitored software.



“Security of Hardware/Software Interfaces : Research Chair of the Cybersecurity Research Cluster”
by Guillaume Hiet (Centrale-Supelec)

Date: 22 june 2018
Rooms: Petri/Turing

We proposed to host a thematic semester on attacks based on the interaction between software and hardware. The goal would be to host one workshop, one summer school for young researchers, as well as multiple seminars and longer stays for researchers, spanning September 2019 to March or April 2020. This thematic semester will be funded by the DGA in the context of the Cybersecurity Research Cluster. The subject of the talk will be to present the organisation of this semester, the different research axes that will be covered as well as the possible interactions with people interested in that subject.

SEPTEMBER 2018
 

“Schindler-Itoh/Wiemers revisited: recovering full RSA/ECC private key from noisy side-channel observations ”
by Victor Lomné et Thomas Roche (NinjaLab)

Date: 28 september 2018
Room: Métivier

Side-channel attacks on public-key cryptography (i.e. modular exponentiation for RSA or scalar multiplication for ECC) often boils down to distinguishing the 0s from the 1s in the binary representation of the secret exponent (resp. secret scalar).
When state-of-the-art countermeasures are implemented, this detection must be errorless: thanks to masking techniques, erroneous masked exponents (resp. masked scalars) are useless.
In 2011, Schindler and Itoh tackle this issue and propose an algorithm to recover the unmasked exponent (resp. scalar) from many erroneous masked exponents (resp. masked scalars). Schindler and Wiemers improve these results in 2014 and then in 2017.
In our talk we will introduce the context of side-channel attacks over public-key cryptography, present the results of Schindler et al. and propose improvements.

 

DECEMBER 2018
 

“Étude des cellules oscillantes pour la génération d’aléa dans les circuits électroniques numériques”
by Ugo Mureddu (Univ Lyon, UJM-Saint-Etienne, CNRS, Laboratoire Hubert Curien)

Date: 14 december 2018
Room: Métivier

Les objets connectés sont omniprésents dans notre société actuelle (ex : véhicules, transports en commun, santé, domotique, smartphone, moyen de paiement, etc.). La connexion et l’accès à distance des appareils d’usage quotidien améliore considérablement notre confort et notre efficacité dans notre vie professionnelle comme personnelle. Cependant, cela peut également nous confronter à des problèmes de sécurité sans précédent. Les risques liés à la large expansion des systèmes embarqués et de l’internet des objets sont double :
L’accès d’une personne non autorisée aux données pour la lecture, la copie, l’écriture ou l’effacement complet. L’utilisation de l’objet connecté pour une action non prévue par celui-ci, sa mise hors service du système ou bien sa destruction.
Pour répondre à de tels risques, il est nécessaire de mettre en place des mécanismes de sécurité permettant le chiffrement des données sensibles, ainsi qu’une authentification et une autorisation pour chaque appareil de l’internet des objets. Fort heureusement, les fonctions cryptographiques permettent de répondre à ces besoins en garantissant confidentialité, authenticité, intégrité et non-répudiation.
Dans ce contexte, les générateurs physiques d’aléa sont essentiels puisqu’ils assurent le bon fonctionnement des fonctions cryptographiques. En effet, ils exploitent des sources de bruit analogique présentes dans les circuits électroniques pour générer : des clés secrètes permettant de chiffrer les données, ou encore, des identifiants uniques permettant l’authentification des circuits. La sécurité des fonctions cryptographiques repose sur la qualité des clés et identifiant générés par ces générateurs d’aléa. Les nombres produits par ces générateurs doivent être imprévisibles. A défaut, les clés utilisées pour chiffrer les données pourraient être cassées et les identifiants recopiés.
C’est pourquoi il est d’une extrême nécessité d’étudier les générateurs physiques d’aléa et vérifier leur résistance aux attaques. Dans cette présentation, nous discuterons de la sensibilité du cœur de la plupart des générateurs physiques d’aléa, les cellules oscillantes, à deux types de menaces physiques: le phénomène de verrouillage et l’analyse électromagnétique. Nous dresserons ensuite une liste de recommandations pour aider les futurs designers de générateurs physiques d’aléa à réduire au maximum leur sensibilité à ces deux types de vulnérabilités.


“Une approche pour l’accélération matérielle pour le chiffrement homomorphe”
by Joël Cathebras (CEA List)

Date : 14 december 2018
Room : Métivier

Le chiffrement homomorphe est un outil cryptographique permettant la manipulation de données en aveugle. Son utilisation généralisée permettrait de proposer des solutions de calcul déporté impliquant des données confidentielles, par exemple des données génomiques pour la médecine personnalisée. Cependant, le chiffrement homomorphe doit faire face à de grandes complexités mémoires et calculatoires. La taille d’une donnée chiffrée est environ 10^5 fois plus importante que la donnée réelle, et une opération sur chiffré est environ 10^6 fois plus lourde que l’opération claire équivalente. Dans cet exposé, nous présenterons d’abord succinctement les problématiques d’accélération matérielle pour le chiffrement homomorphe et les différentes approches existantes. Nous exposerons ensuite plus particulièrement une approche couplant le système de représentation non-positionnel RNS et la multiplication de polynômes par transformée de Fourier sur corps-finis (NTT). Nous nous intéresserons notamment à la question du passage à l’échelle au regard de la grande dynamique des paramètres. Les perspectives d’implémentation apportées par cette approche viendront conclure cet exposé.

MARCH 2019
 

“True Random Number Generators enabled hardware security ”
by Bohan Yang (Hardware Security and Cryptographic Processor Lab, Institute of Microelectronics, Tsinghua University, China)

Date: 29 march 2019
Room: Métivier

True randomness is all about unpredictability, which can neither be qualified nor quantified by examining statistics of a sequence of digits. Unpredictability is a property of random phenomena, which is measured in bits of information entropy. Application of randomness spans from art to numerical computing and system security. Random numbers enable various cryptographic algorithms, protocols and secured implementations by providing secret keys, initialization vectors, random challenges and masks. As embedded electronics continue to be integrated into our daily lives, security becomes an indispensable requirement for an embedded system. According to the renowned Kerckhoffs’ principle, a cryptographic system should be secure even if the attacker knows everything about the system, except the key. In modern computers and embedded systems, this key is usually generated by executing a True Random Number Generator. Therefore, it is essential that unpredictable random numbers are available in secure embedded systems. Unfortunately, designing a TRNG is not trivial and different from conventional digital circuit design, since most digital circuits are primarily developed to behave in a deterministic digital manner. Instead of pursuing a stable and predictable behavior of the circuit, the TRNG design aims for a stable and robust unpredictability. Producing unpredictable output is usually undesired for an integrated circuit, and is sometimes regarded as a design failure. Having mistakes or being careless at any step of the TRNG design and fabrication procedure may lead to insufficient entropy or/and a malfunctioned TRNG. A True Random Number Generator (TRNG) circuit is designed to be sensitive to a particular physical phenomenon when it is in use, and to be resistant to process variations and other unwanted random physical phenomena. In order to tackle the lack of compact and efficient TRNGs on FPGAs, we proposed a novel TRNG based on edge sampling.

APRIL 2019
 

“TRAITOR : a multi clock-glitch attack platform reproducing EMI effects at low-cost”
by Ludovic Claudepierre (INRIA)

Date: 05 april 2019
Rooms: Pétri/Turing

Electromagnetic injection (EMI) is a common and non-invasive technique used to perform fault attacks. In that case, an electromagnetic wave is radiated by an antenna in the close vicinity of the targeted microcontroller (STM32 in our case).
The clock signal is generated thanks to a Phase-Locked-Loop (PLL). The PLL is highly sensitive to EMI and then induces severe disruption on the clock signal just after the injection. It appears that these clock glitches are the cause of faults observed at the software level.
TRAITOR is a light and highly configurable platform which can reproduce, using FPGA, a clock signal with the same disruptions than obtained by EMI. The signal generated replaces the clock source of the STM32.
User can then perform several glitches at different time in order to fault a program at run-time and induce vulnerabilities. It can especially be applied to code with counter-measure to only one injection fault and then bypass this counter-measure. At the end, multiple fault injection could completely transform an innocent piece of code and make it malicious.



“Improved Blind Side-Channel Analysis by Exploitation of Joint Distributions of Leakages”
by Léo Reynaud (Faculté des sciences de Limoges)

Date: 05 april 2019
Rooms: Pétri/Turing

Les attaques side channel classiques nécessitent généralement la connaissance du clair (ou du chiffré) afin de calculer des données internes qui seront comparées à des fuites. Des attaques permettent cependant de s’affranchir de ces connaissances, les attaques par distributions jointes. Ces attaques supposent un attaquant capable d’inverser le modèle de consommation, mais aucune connaissance sur les entrées et les sorties du chiffrement. Un autre effet de ces attaques est qu’il est possible de les appliquer en milieu de chiffrement, ce qui peut s’avérer utile lorsque des protections sont appliquées uniquement aux extrémités pour des raisons de coût. Le principe réside dans le fait que la distribution des poids de Hamming (pour un modèle de consommation en poids de Hamming) d’une variable en début puis en fin de tour n’est pas uniforme, elle est même fonction de la clé utilisée. L’étude de ces distributions permet donc de discriminer la clé. Aujourd’hui le maximum de vraisemblance est l’outil qui semble être le plus approprié pour déduire la clé. Cette attaque peut aussi être menée dans certains cas d’implémentations protégées par du masquage booléen. Dans certains cas plus robustes, il est possible d’adapter cette attaque pour qu’elle fonctionne quand même. Pour cela, on utilise des distributions qui sont dites quadrivariées. La présentation aura donc pour but l’introduction à l’attaque de base, ainsi qu’à son adaptation contre des protections de type masquage d’ordre 1.


MAY 2019
 

“Title: Do Not Trust Modern System-on-Chips
Subtitle: Electromagnetic fault injection against a System-on-Chip”
by Ronan Lashermes (INRIA)

Date: 10 may 2019
Rooms: Pétri/Turing

Electromagnetic fault injection (EMFI) is a well known technique to disturb the behavior of a chip and weaken its security. These attacks are still mostly done on simple microcontrollers since the fault effects is relatively simple and understood.
Unlocking EMFI on modern System-on-Chips (SoCs), the fast and complex chips ubiquitous today, requires to understand the impact of the faults. In this paper, we target the BCM2837 SoC with four Cortex-A53 cores from ARM. We propose an experimental setup and a forensic process to create exploitable faults and assess their impact on the micro-architecture.
The observed behaviors are radically different to what was previously obtained on microcontrollers. Subsystems (L1 caches, L2 cache, memory management unit (MMU)) can be individually targeted leading to new fault models. We highlight the differences in the fault impact with or without an Operating system (OS), therefore showing the importance of the software layers in the exploitation of a fault. The complexity and speed of a SoC does not protect them against hardware attackers, quite the contrary.
After describing the effect of faults on SoC caches and MMU, we propose countermeasures to protect the system against EMFI attacks.


“Automated software protection for the masses against side-channel attacks”
by Nicolas Belleville (Univ Grenoble Alpes, CEA, List)

Date: 10 may 2019
Rooms: Pétri/Turing

This presentation will present an approach and a tool that answer the need for effective, generic, and easily applicable protections against side-channel attacks. The protection mechanism is based on code polymorphism, so that the observable behaviour of the protected component is variable and unpredictable to the attacker. Our approach combines lightweight specialized runtime code generation with the optimization capabilities of static compilation. It is extensively configurable. Experimental results show that programs secured by our approach present strong security levels and meet the performance requirements of constrained systems.

JUNE 2019
 

“Challenges related to random number generation for cryptographic applications”
by Elie Noumon Allini (Laboratoire Hubert Curien)

Date: 7 june 2019
Rooms: Pétri/Turing

The main purpose of cryptography is to ensure secure communication. In order to achieve this goal, cryptographic schemes make an intensive use of random numbers. Given that the security of these schemes highly depends on these numbers, it is important to produce high-quality random numbers. Knowing that most cryptographic modules are nowadays implemented in logic devices, we investigated True Random Number Generators (TRNGs) that can be implemented in this kind of technology. Because of the critical nature of TRNGs in cryptographic schemes, their source and their quality must be evaluated in details.
Historically, TRNGS were considered as black boxes which produce sequences of random numbers. There were therefore solely evaluated using statistical tests. However, this consideration turns out to be not acceptable for security. Modern approaches (e.g. AIS 31) consist in characterizing sources of randomness and randomness extraction mechanisms.
In this talk, we will highlight the main challenges and modern approaches in TRNG security evaluation. One of these challenges is the characterization of the source of randomness. It leads us to consider various electronic noises that need to be characterized and for which, the contribution to the overall entropy need to be assessed.


“Laser-Based Attacks Against FPGA Bitstream Encryption”
by Heiko Lohrke (Technische Universität Berlin)

Date: 7 june 2019
Rooms: Pétri/Turing

Field programmable gate arrays (FPGAs) use encryption to protect the configuration data or “bitstream” containing the design to be run on the device. This encryption aims at protecting the intellectual property and other secrets contained in the bitstream and preventing e.g. cloning or tampering with an FPGA implementation.
This talk will demonstrate how attackers can use failure analysis equipment, namely laser scanning microscopes (LSMs), to break the bitstream security on recent FPGAs. Two attacks will be presented: one for decryption key readout, and one for extraction of the plaintext data. Both attacks do not require any device preparation or silicon polishing, which technically makes them non-invasive attacks.
The attack against the decryption key makes use of thermal laser stimulation (TLS). TLS is a failure analysis technique which can be deployed by an adversary to read out stored secrets in the SRAM of a chip. As the attack target, the so-called battery-backed SRAM (BBRAM) key storage inside a 20 nm technology Xilinx Kintex UltraScale FPGA is chosen. It is demonstrated that an attacker is able to extract the stored 256-bit AES key by conducting just a single measurement. The required effort to develop the attack is shown to be less than 7 hours.
The attack for plaintext data extraction applies optical contactless probing techniques. Optical contactless probing, again a failure analysis technique, allows attackers to localize and probe secret data on a chip with a laser beam. The attack is conducted on the decryption ASIC of a 28 nm technology Xilinx Kintex 7 FPGA. It is demonstrated that the adversary is able to extract the plaintext data containing sensitive design information and intellectual property. Less than 10 working days are needed to conduct the optical analysis and reverse-engineer the security-related parts of the hardware.


NOVEMBER 2019
 

“One Fault Can Go A Long Way”
by Shivam Bhasin (Nanyang Technological University)

Date: 15 november 2019
Room: Métivier

*Abstract:* Fault attacks are considered among critical threat to embedded cryptography. This talk will be divided into in two parts. The first part of the talk will explore application of faults on advanced security primitives. We present persistent fault analysis introduced at CHES 2017 and its capability to bypass state of the art fault countermeasures as well as higher-order masking with one and only one fault injection. Further, we present novel exploits in lattice based post-quantum cryptographic primitives with one (or few) faults. The second part of the talk will present, to our knowledge, the first practical combined side-channel and differential fault attacks. With application to bit permutation based ciphers like PRESENT and GIFT, practical attacks exploiting laser fault injection with power side-channel will be presented.
*Biography :* Shivam Bhasin is a Senior Research Scientist and Programme manager (Cryptographic engineering) Centre for Hardware Assurance in Temasek laboratories, Nanyang Technical University (TL@NTU), Singapore since 2015. His research interests include embedded security, trusted computing and secure designs. He received his PhD from Telecom Paristech in 2011, Master’s from Mines Saint-Etienne, France in 2008. Before NTU, Shivam held position of Research Engineer in Institut Mines-Telecom, France. He was also a visiting researcher at UCL, Belgium (2011) and Kobe University, Japan (2013). Shivam also taught hardware security as an Adjunct Professor in IIT, Kharagpur, India (2018). He regularly publishes at top peer reviewed journals and conferences. Some of his research now also forms a part of ISO/IEC 17825 standard.

 

JANUARY 2020
Vers une meilleure compréhension de l’apprentissage profond appliqué aux attaques par observation.
by Loïc Masure (CEA)
Date: 10 january 2020
Room: Métivier

Les attaques par observation (SCA) exploitent les failles d’une primitive cryptographique embarquée sur un composant (type carte à puce, IoT, …), en mesurant des grandeurs physiques qui dépendent indirectement de la valeur de la clé secrète. C’est pourquoi il est primordial pour les développeurs de proposer des contre-mesures adaptées et d’évaluer leur efficacité face à un attaquant potentiel.
Au cours de la dernière décennie, les progrès effectués en apprentissage profond ont permis de bouleverser de nombreux domaines de l’informatique, dont les attaques par observation.
Malgré les récents progrès en apprentissage profond et leur application pour les attaques par observation, la communauté scientifique reste sceptique quant à l’intérêt de ces techniques, du fait de leur aspect « boîte-noire ». Cette absence d’explication, non propre à ce domaine d’application, est pourtant cruciale du point de vue de l’évaluateur ou du développeur pour identifier la faille dans l’implémentation.
Cette présentation a pour but de dresser une meilleure compréhension de l’apprentissage profond dans un contexte d’attaques par observation. Nous montrerons comment l’entraînement de tels estimateurs peut être analysé, de façon à estimer a priori la complexité d’une attaque à base de réseaux de neurones. Nous observerons également sur des simulations que ces modèles entraînés sans connaissance a priori des contre-mesures peuvent atteindre les bornes de sécurité théoriques prévues par la littérature, validant la pertinence de certaines contre-mesures comme le masquage ou la permutation aléatoire (shuffling) contre les réseaux de neurones.
Par ailleurs, nous verrons comment exploiter un réseau entraîné pour effectuer une caractérisation des traces efficace, même en présence de contre-mesures rendant d’autres techniques classiques inopérantes. Cela permet une meilleure compréhension des fuites d’information exploitées par le réseau et d’affiner le diagnostic de l’évaluateur ou du développeur, afin de proposer des corrections.

FEBRUARY 2020
libecc: a flexible open-source ECC library for embedded devices
by Ryad Benadjila and Arnaud Ebalard (ANSSI)
Date: 14 february 2020
Room: Pétri/Turing

libecc is a software library for elliptic curves based cryptography (ECC), with an API supporting signature algorithms specified in the ISO14888-3 standard.
Advanced usages of this library also include the possible implementation of elliptic curve based Diffie-Hellman protocols as well as any algorithm on top of prime fields based elliptic curves (or prime fields, or rings of integers).
The presentation will introduce the rationale behind the development of libecc, as well as its architecture. Compared to other cryptographic libraries providing similar features, the differentiating points are a focus on code simplicity, portability, and auditability (self-contained and pure C99 code); a clean layer separation for all needed mathematical abstractions and operations; and a security over performance motivation (with endeavour to offer decent throughput in addition to moderate RAM and ROM memory footprints).
Though some efforts have been made to have (most of) the core algorithms constant time, turning libecc into a library shielded against side-channel attacks (SCA) is still a work in progress. The choices that have been made to resist against SPA and DPA will be contextualized and discussed.
Finally, concrete examples of libecc integration in both internal and external projects will be examined.

MARCH 2021
 

“SideLine and the advent of software-induced hardware attacks”
by Joseph Gravellier (Mines Saint-Etienne – Thales )

Date: 19 march 2021
Place: Web-conference

In this talk, we will discuss software-induced hardware attacks and their impact for IoT, cloud and mobile security. More specifically, I will introduce SideLine, a new power side-channel attack vector that can be triggered remotely to infer cryptographic secrets. SideLine is based on the intentional misuse of delay-lines components embedded in SoCs that use external memory. I will explain how we exploit the delay-line relationship with on-chip power consumption to capture side-channel leakage, how we collect and store this information and how we use it to conduct power side-channel attacks. Different scenarios will be discussed along with the feasibility of remote hardware attacks in various scenarios.


“Calibration Done Right: Noiseless Flush+Flush Attacks”
by Guillaume Didier (DGA-IRISA)

Date: 19 march 2021
Place: Web-conference

Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and therefore in the error rate of Flush+Flush.
In this paper, we show that a naive implementation that does not take into account the topology of the interconnect yields very important error rates, especially on modern CPUs as the number of cores increases. We, therefore, reverse-engineer this topology and revisit the calibration phase of Flush+Flush for different attacker models to determine the correct threshold for clflush hits and misses. We evaluate that our method yields noiseless side-channel attacks by attacking the AES T-tables implementation of OpenSSL, and by building a covert channel. We obtain a maximal capacity of 3.15 Mbit/s with our improved method, compared to 1.4 Mbit/s with a naive implementation of Flush+Flush on an Intel Core i9-9900 CPU.

 

APRIL 2021
 

“Lattice-based NIST candidates: abstractions and ninja tricks”
by Thomas Prest (PQShield – United Kingdom)

Date: 23 april 2021
Place: Web-conference

I will present the remaining lattice-based candidates for standardization by NIST (2 signature schemes, 5 encryption schemes). At a high level, these can all be interpreted as straightforward instantiations of decades-old paradigms. But when we look under the hood, all of them make design choices which impact their security, efficiency and portability in distinct manners; we will discuss these. Finally, we will look at ninja tricks that can be pulled off with specific lattice-based schemes; in *some* contexts, these allow, with minimal changes to the schemes, to greatly decrease their communication overhead.


“Code-based postquantum cryptography : candidates to standardization”
by Nicolas Sendrier (INRIA)

Date: 23 april 2021
Place: Web-conference

At the third round of the NIST standardization process, three candidates remain with a security based on error correcting codes, all are key exchange mechanisms. We will explore them according to their security assumptions and properties. Among them, we find an historical scheme (Classic McEliece), as well as schemes using sparse and quasi-cyclic matrices (BIKE and HQC). We will examine pros and cons, as well as, for some of them, aspects of their implementation through possible use cases.


“Post-Quantum Cryptography Hardware: Monolithic Implementations vs. Hardware-Software Co-Design”
by Markku-Juhani Saarinen(PQShield – United Kingdom)

Date: 23 april 2021
Place: Web-conference

At PQShield, we’ve developed dedicated coprocessor(s) for lattice schemes, hash-based signatures, and code-based cryptography. These cryptographic modules are commercial rather than academic and designed to meet customer specifications such as a specific performance profile or Common Criteria and FIPS security certification requirements.
Hardware implementations of legacy RSA and Elliptic Curve cryptography were generally just “big integer” engines. Post-quantum algorithms use a much broader range of primitive operations and are generally more complex.
Monolithic hardware implementations are self-contained modules implementing the entire algorithm. A monolithic implementation has a clear security boundary but will lead to inflexibility and a relatively large area. On the other hand, a co-design approach will offload only those computations to special memory-mapped peripherals or custom instructions that benefit from it the most, e.g., SHAKE or large polynomial/vector/matrix circuitry. We discuss our experiences with both of these approaches, drawing from our engineering experience.

JUNE 2021
 

” Unique CAD-compatible SCA-security mechanisms, externally amplified coupling (EAC) attacks and (some) connection” by Itamar Levi (Bar-Ilan University (BIU))

Date : 25 june 2021
Place : Web-Conference

In this seminar I will first discuss unique computer aided design (CAD) compatible SCA security mechanisms. I will present an approach which can significantly increase the physical security-level of a design, be implemented with conventional design-tools and which does not require any special technological-support. The method consists with a correct by-design utilization of power-management libraries and tools; it embeds special and ultra low-cost randomization mechanisms in a local fashion into the RTL of a design. Therefore, making it mature and easy to master by any backend/frontend digital designer. This method is ideally suited for high security levels when used as a building block to reduce the SNR and amplify the noise in the leakage with mathematical solutions (e.g. masking). Theoretically, a limitation of the construction as a stand-alone is security-energy scaling, i.e. for very high security levels its energy cost is exponential. I will present a glimpse of our current work answering this challenge with an alternative construction which provide linear cost.
In the second part of the talk, I will discuss the threat of externally amplified coupling (EAC) attacks. A type of attack which is very dangerous for masked designs as it merges shares leakage which are otherwise supposed to be independent (weather hardware or software). I will review some of our work on the topic and will discuss the scalability of EAC attacks to high order masking designs, its dominance as compared to inherent (intra device) coupling and I will show some results from current experimentation with a dedicated ASIC test bad. Interestingly, the first and second part of the talk share a link which will be discussed.

 

OCTOBER 2021
 

” Rank metric cryptography and its implementations” by Nicolas Aragon (XLIM – Université de Limoges)

Date : 08 october 2021
Place : Room Petri/Turing

In 2017, the NIST (National Institute for Standards and Technology) started astandardization process in order to select post-quantum encryption and digital signature schemes. Among the proposed solutions, two rank-metric based encryption schemes were selected for the second round of the standardization process: ROLLOand RQC.
This raised questions about both the performance and the security of the implementations of rank-metric cryptography. While the performance has been significantly improved recently, the question of the resistance to side-channel attacks needs to be studied more deeply.
This talk will present an overview of the existing primitives in rank-based cryptography and the challenges of making a secure implementation of these primitives.

OCTOBER 2021
 

When Electromagnetic Signals Reveal Obfuscated Malware: Deep and Machine Learning Use cases
by Duy-Phuc Pham and Damien Marion (Univ Rennes, CNRS, Inria, IRISA Rennes)

Date: 22 october 2021
Place : Room Petri/Turing

The Internet of Things (IoT) is constituted of devices that are expo-nentially growing in number and in complexity. They use plentiful customized firmware and hardware, ignoring potential security issues, which make them a perfect victim for cybercriminals, especially malware authors.
We will describe a new usage of side channel information to identify threats that are targeting the device. Using our approach, a malware analyst is able to accuracy know about malware type and identity, even in the presence of obfuscation techniques which may avoid static or symbolic binary analysis. We captured 100,000 leakage traces from an IoT device infected by a miscellaneous and representative in-the-wild malware samples and realistic benign activity. Our technique does not need to modify the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors.
In our experiments, we were able to classify three generic malware types (and one benign class) with an accuracy of 99.82%. Even more, we show that our solution permits to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to the binary, which makes our approach particularly useful for malware analysts.

Les commentaires sont clos.