Side channel attacks extracting secrets carried by the power consumption variations or electromagnetic emissions in embedded devices are a consolidated threat to the security of edge computing systems. Such attacks either employ a synthetic model for the device behavior to predict secret-dependent components of the measured power consumption (non-profiled attacks), or obtain such a model in a data-driven fashion (profiled attacks). Protections against both profiled and non-profiled attacks are characterized by a significant overhead, typically one or two orders of magnitude in computation time, and a comparatively significant engineering effort to deploy them. Furthermore, such protections are designed to hinder one of the two aforementioned attack strategies. In this work, we propose a compiler-based methodology to automate the application of a comparatively inexpensive countermeasure able to hinder both profiled and unprofiled attacks. We experimentally validate our approach employing the AES symmetric cipher as our case study, and a Cortex-M4 based microcontroller as the target device. Our solution increases the Measurements-to-Disclose security metric by at least 5000x in an attacker-optimal scenario, and proves to be immune to Bayesian template- and SVM-based profiled attacks.
Scrambling Compiler: Automated and Unified Countermeasure for Profiled and Non-Profiled Side Channel Attacks
Gabriele Magnani;Isabella Piacentini;Giovanni Agosta;Alessandro Barenghi;Gerardo Pelosi
2025-01-01
Abstract
Side channel attacks extracting secrets carried by the power consumption variations or electromagnetic emissions in embedded devices are a consolidated threat to the security of edge computing systems. Such attacks either employ a synthetic model for the device behavior to predict secret-dependent components of the measured power consumption (non-profiled attacks), or obtain such a model in a data-driven fashion (profiled attacks). Protections against both profiled and non-profiled attacks are characterized by a significant overhead, typically one or two orders of magnitude in computation time, and a comparatively significant engineering effort to deploy them. Furthermore, such protections are designed to hinder one of the two aforementioned attack strategies. In this work, we propose a compiler-based methodology to automate the application of a comparatively inexpensive countermeasure able to hinder both profiled and unprofiled attacks. We experimentally validate our approach employing the AES symmetric cipher as our case study, and a Cortex-M4 based microcontroller as the target device. Our solution increases the Measurements-to-Disclose security metric by at least 5000x in an attacker-optimal scenario, and proves to be immune to Bayesian template- and SVM-based profiled attacks.| File | Dimensione | Formato | |
|---|---|---|---|
|
main.pdf
accesso aperto
:
Pre-Print (o Pre-Refereeing)
Dimensione
2.82 MB
Formato
Adobe PDF
|
2.82 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
