Embedded Cryptography 1 - Colin O'Flynn

. .

Résumé :

Preface xiii
Emmanuel PROUFF, Gu?na?l RENAULT, Matthieu RIVAIN and Colin O'FLYNN

Part 1 Software Side-Channel Attacks 1

Chapter 1 Timing Attacks 3
Daniel PAGE

1.1. Foundations 3

1.1.1. Execution latency in theory 4

1.1.2. Execution latency in practice 5

1.1.3. Attacks that exploit data-dependent execution latency 6

1.2. Example attacks 10

1.2.1. Example 1.1: an explanatory attack on password validation 10

1.2.2. Example 1.2: an attack on xtime-based AES 12

1.2.3. Example 1.3: an attack on Montgomery-based RSA 14

1.2.4. Example 1.4: a padding oracle attack on AES-CBC 17

1.3. Example mitigations 20

1.4. Notes and further references 21

1.5. References 24

Chapter 2 Microarchitectural Attacks 31
Yuval YAROM

2.1. Background 31

2.1.1. Memory caches 31

2.1.2. Cache hierarchies 32

2.1.3. Out-of-order execution 33

2.1.4. Branch prediction 34

2.1.5. Other caches 34

2.2. The Prime+Probe attack 34

2.2.1. Prime+Probe on the L1 data cache 35

2.2.2. Attacking T-table AES 36

2.2.3. Prime+probe on the LLC 38

2.2.4. Variants of Prime+Probe 39

2.3. The Flush+Reload attack 41

2.3.1. Attack technique 41

2.3.2. Attacking square-and-multiply exponentiation 42

2.3.3. Attack variants 43

2.3.4. Performance degradation attacks 44

2.4. Attacking other microarchitectural components 45

2.4.1. Instruction cache 45

2.4.2. Branch prediction 46

2.5. Constant-time programming 47

2.5.1. Constant-time select 47

2.5.2. Eliminating secret-dependent branches 48

2.5.3. Eliminating secret-dependent memory access 49

2.6. Covert channels 50

2.7. Transient-execution attacks 51

2.7.1. The Spectre attack 51

2.7.2. Meltdown-type attacks 53

2.8. Summary 54

2.9. Notes and further references 54

2.10. References 57

Part 2 Hardware Side-Channel Attacks 65

Chapter 3 Leakage and Attack Tools 67
Davide BELLIZIA and Adrian THILLARD

3.1. Introduction 67

3.2. Data-dependent physical emissions 67

3.2.1. Dynamic power 68

3.2.2. Static power 70

3.2.3. Electro-magnetic emissions 72

3.2.4. Other sources of physical leakages 73

3.3. Measuring a side-channel 75

3.3.1. Power analysis setup 75

3.3.2. Probes and probing methodologies 75

3.4. Leakage modeling 78

3.4.1. Mathematical modeling 78

3.4.2. Signal-to-noise ratio 81

3.4.3. Open source boards 83

3.4.4. Open source libraries for attacks 85

3.5. Notes and further references 86

3.6. References 87

Chapter 4 Supervised Attacks 91
Eleonora CAGLI and Lo?c MASURE

4.1. General framework 91

4.1.1. The profiling ability: a powerful threat model 91

4.1.2. Maximum likelihood distinguisher 94

4.2. Building a model 98

4.2.1. Generative model via Gaussian templates 98

4.2.2. Discriminative model via logistic regression 100

4.2.3. From logistic regression to neural networks 102

4.3. Controlling the dimensionality 105

4.3.1. Points of interest selection with signal-to-noise ratio 106

4.3.2. Fisher's linear discriminant analysis 107

4.4. Building de-synchronization-resistant models 108

4.5. Summary of the chapter 112

4.6. Notes and further references 113

4.7. References 115

Chapter 5 Unsupervised Attacks 117
C?cile DUMAS

5.1. Introduction 117

5.1.1. Supervised attacks 117

5.1.2. Unsupervise...