Modern embedded systems manage sensitive data increasingly often through cryptographic primitives. In this context, side-channel attacks, such as power analysis, represent a concrete threat, regardless of the mathematical strength of a cipher. Evaluating the resistance against power analysis of cryptographic implementations and preventing it, are tasks usually ascribed to the expertise of the system designer. This paper introduces a new security-oriented data-flow analysis assessing the vulnerability level of a cipher with bit-level accuracy. A general and extensible compiler-based tool was implemented to assess the instruction resistance against power-based side-channels. The tool automatically instantiates the essential masking countermeasures, yielding a ×2.5 performance speedup w.r.t. protecting the entire code.
Compiler-based Side Channel Vulnerability Analysis and Optimized Countermeasures Application
AGOSTA, GIOVANNI;BARENGHI, ALESSANDRO;PELOSI, GERARDO
2013-01-01
Abstract
Modern embedded systems manage sensitive data increasingly often through cryptographic primitives. In this context, side-channel attacks, such as power analysis, represent a concrete threat, regardless of the mathematical strength of a cipher. Evaluating the resistance against power analysis of cryptographic implementations and preventing it, are tasks usually ascribed to the expertise of the system designer. This paper introduces a new security-oriented data-flow analysis assessing the vulnerability level of a cipher with bit-level accuracy. A general and extensible compiler-based tool was implemented to assess the instruction resistance against power-based side-channels. The tool automatically instantiates the essential masking countermeasures, yielding a ×2.5 performance speedup w.r.t. protecting the entire code.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.