Periodic Reporting for period 5 - SEAL (Sound and Early Assessment of Leakage for Embedded Software)
Periodo di rendicontazione: 2022-06-01 al 2024-02-29
Side channel attacks use, alongside information such as plaintexts or ciphertexts, leakage about the (secret) key-dependent intermediate state(s) and deliver a `key ranking' as a result. In the worst case, observing a few encryptions can make complete key recovery possible in practice. The academic research into combating these attacks so far has largely focused on approaches and tools to equip specialised cryptographic engineers with access to a specialist lab and tools.
The research intention of this CoG is to enable developers with limited domain-specific knowledge to assess and improve the side channel resilience of their code at design time without access to a fully equipped lab, by creating tools and methodologies that integrate a priori derived instruction-level leakage models into a standard compiler.
Enabling developers with limited domain-specific knowledge to design, assess and improve the side-channel resilience of their code should increase the quality of implementations, leading to improved practical security of commercial products. Such products are required for protecting the confidentiality, integrity, and authenticity of citizen’s digital communications.
The research intention of this CoG is to enable developers with limited domain-specific knowledge to assess and improve the side channel resilience of their code at design time without access to a fully equipped lab, by creating tools and methodologies that integrate a priori derived instruction-level leakage models into a standard compiler.
Enabling developers with limited domain-specific knowledge to design, assess and improve the side-channel resilience of their code should increase the quality of implementations, leading to improved practical security of commercial products. Such products are required for protecting the confidentiality, integrity, and authenticity of citizen’s digital communications.
The project delivered on all initial research objectives, which I will now detail one by one. We mention the most interesting scientific contributions.
Designing novel profiling strategies: we developed a novel modelling techniques that emphasises the explanatory power of the resulting models over their predictive power. The resulting models are thus capable of capturing and expressing complex relationships between intermediate states (i.e. components) of a microprocessor. The models are no longer suitable to produce proportional predictions, which implies they are useful for designers but not for adversaries. The resulting models also enable a connection with different types of “probes”, which are a fundamental concept in the context of formal verification for leakage resilience. To support the model building we invested in our capacity to better measure leakage (the results are included in the resp. scientific papers) and we investigated trade-offs for working in a pre-silicon context towards the end of the project.
Methods to support rapid evaluations: we invested heavily in further developing fast detection techniques, but also looked at fast and scalable key ranking. We further develop multi target strategies by researching deep net architectures that simultaneously learn information about multiple intermediate values, leading to a success at the CHES 2023 CTF contest. We investigated an existing information-theoretic framework for assessing implementations, as well as concrete adversaries based on estimating MI quantities and found there to be opportunities for improvement in terms of theory as well as the practical performance of the existing work. Consequently we developed an alternative approach, based on a different approach to MI estimation, which outperforms the state of the art.
Another part of our research revisited the challenge of integrating side channel information into cryptanalysis of systems that have a strong algebraic representation. Our results provide a novel hints-based framework for LWE based cryptographic systems, which are of particular importance in the context of post-quantum cryptography.
Integration of semantics, syntax, and tools into a standard compiler: we settled to work within the ARM-GCC framework, which supports all ARM Cortex M devices. In the final period of the project, we developed an annotation language that developers can use to annotate Assembly code. We developed a flexible API (the so-called SEAL API) that can be integrated in any processor emulator, and which turns an emulator into a leakage simulator: i.e. an emulator can then be utilised to produce execution traces that include all information (including, if available, annotations) necessary to produce a variety of leakage traces. A further component of our tool chain is a framework to express leakage models, which together with the execution traces then produce said leakage traces.
Demonstrators: we have a functioning version of the SEAL API and included this into two processor emulators. The first emulator is uELMO, which is a novel version of our previous emulator(s) (ELMO, and Giles resp.). uELMO includes so-called leakage-equivalent components and therefore supports models with a much higher explanatory power than what ELMO can support. The second emulator is for the popular IBEX core and is based on the Verilator. We also implemented several leakage models, leading to an end-to-end system to statistically test and formally verify cryptographic code utilising uELMO execution traces. Besides these tools, we also have a library of so-called gadgets available: these are provably secure building blocks for implementing cryptographic functionality. Our library has, in addition to theoretical claims, also be evaluated practically (using our developed detection techniques).
All project members contributed to dissemination via presentation of their respective results at various academic venues. The PI also gave talks at various opportunities (e.g. seminars in the UK and in Austria), I’d like to mention here an invitation to speak at an industry event at KTH in 2021, an invitation to deliver a two-part side channel tutorial at NIST in 2021, a keynote at the specialist venue SILC in 2021. The project released several artifacts via GitHub and made datasets available via Zenodo. The PI has another application (with significant industrial involvement) in the pipelines that leverages the leakage modelling technique, with the intention to apply it to a pre-silicon context.
Designing novel profiling strategies: we developed a novel modelling techniques that emphasises the explanatory power of the resulting models over their predictive power. The resulting models are thus capable of capturing and expressing complex relationships between intermediate states (i.e. components) of a microprocessor. The models are no longer suitable to produce proportional predictions, which implies they are useful for designers but not for adversaries. The resulting models also enable a connection with different types of “probes”, which are a fundamental concept in the context of formal verification for leakage resilience. To support the model building we invested in our capacity to better measure leakage (the results are included in the resp. scientific papers) and we investigated trade-offs for working in a pre-silicon context towards the end of the project.
Methods to support rapid evaluations: we invested heavily in further developing fast detection techniques, but also looked at fast and scalable key ranking. We further develop multi target strategies by researching deep net architectures that simultaneously learn information about multiple intermediate values, leading to a success at the CHES 2023 CTF contest. We investigated an existing information-theoretic framework for assessing implementations, as well as concrete adversaries based on estimating MI quantities and found there to be opportunities for improvement in terms of theory as well as the practical performance of the existing work. Consequently we developed an alternative approach, based on a different approach to MI estimation, which outperforms the state of the art.
Another part of our research revisited the challenge of integrating side channel information into cryptanalysis of systems that have a strong algebraic representation. Our results provide a novel hints-based framework for LWE based cryptographic systems, which are of particular importance in the context of post-quantum cryptography.
Integration of semantics, syntax, and tools into a standard compiler: we settled to work within the ARM-GCC framework, which supports all ARM Cortex M devices. In the final period of the project, we developed an annotation language that developers can use to annotate Assembly code. We developed a flexible API (the so-called SEAL API) that can be integrated in any processor emulator, and which turns an emulator into a leakage simulator: i.e. an emulator can then be utilised to produce execution traces that include all information (including, if available, annotations) necessary to produce a variety of leakage traces. A further component of our tool chain is a framework to express leakage models, which together with the execution traces then produce said leakage traces.
Demonstrators: we have a functioning version of the SEAL API and included this into two processor emulators. The first emulator is uELMO, which is a novel version of our previous emulator(s) (ELMO, and Giles resp.). uELMO includes so-called leakage-equivalent components and therefore supports models with a much higher explanatory power than what ELMO can support. The second emulator is for the popular IBEX core and is based on the Verilator. We also implemented several leakage models, leading to an end-to-end system to statistically test and formally verify cryptographic code utilising uELMO execution traces. Besides these tools, we also have a library of so-called gadgets available: these are provably secure building blocks for implementing cryptographic functionality. Our library has, in addition to theoretical claims, also be evaluated practically (using our developed detection techniques).
All project members contributed to dissemination via presentation of their respective results at various academic venues. The PI also gave talks at various opportunities (e.g. seminars in the UK and in Austria), I’d like to mention here an invitation to speak at an industry event at KTH in 2021, an invitation to deliver a two-part side channel tutorial at NIST in 2021, a keynote at the specialist venue SILC in 2021. The project released several artifacts via GitHub and made datasets available via Zenodo. The PI has another application (with significant industrial involvement) in the pipelines that leverages the leakage modelling technique, with the intention to apply it to a pre-silicon context.
From my point of view the connection between ordinal regression models and assumptions for formal verification techniques (aka types of probes) was unexpected and is particularly interesting because it enables to use our models not only for statistical analysis but also for formal verification. A follow-on project to explore this connection further is being submitted for funding. Another unexpected consequence was the application to explainable yet non-specific detection, which could revolutionise how leakage assessment is carried out in evaluations.
Our novel hints framework now offers provable complexity bounds for the integration of side channel information into LWE schemes. This could be also practically significant and we are, with funding from a further project, investigating the practical application of this framework in the context of post-quantum schemes.
Our novel hints framework now offers provable complexity bounds for the integration of side channel information into LWE schemes. This could be also practically significant and we are, with funding from a further project, investigating the practical application of this framework in the context of post-quantum schemes.