TWC: Medium: Automating Countermeasures and Security Evaluation Against Software Side-channel Attacks

TWC：中：针对软件旁路攻击的自动化对策和安全评估

• 批准号: 1563697
• 负责人: Yunsi Fei
• 金额: $ 120万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-06-01 至 2021-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1563697&HistoricalAwards=false
• 关键词: TWC; Medium; Automating; Countermeasures; Security

Side-channel attacks (SCA) have been a realistic threat to various cryptographic implementations that do not feature dedicated protection. While many effective countermeasures have been found and applied manually, they are application-specific and labor intensive. In addition, security evaluation tends to be incomplete, with no guarantee that all the vulnerabilities in the target system have been identified and addressed by such manual countermeasures. This SaTC project aims to shift the paradigm of side-channel attack research, and proposes to build an automation framework for information leakage analysis, multi-level countermeasure application, and formal security evaluation against software side-channel attacks.The proposed framework provides common sound metrics for information leakage, methodologies for automatic countermeasures, and formal and thorough evaluation methods. The approach unifies power analysis and cache-based timing attacks into one framework. It defines new metrics of information leakage and uses them to automatically identify possible leakage of a given cryptosystem at an early stage with no implementation details. The conventional compilation process is extended along the new dimension of optimizing for security, to generate side-channel resilient code and ensure its secure execution at run-time. Side-channel security is guaranteed to be at a certain confidence level with formal methods. The three investigators on the team bring complementary expertise to this challenging interdisciplinary research, to develop the advanced automation framework and the associated software tools, metrics, and methodologies. The outcome significantly benefits security system architects and software developers alike, in their quest to build verifiable SCA security into a broad range of applications they design. The project also builds new synergy among fundamental statistics, formal methods, and practical system security. The automation tools, when introduced in new courses developed by the PIs, help improving students' hands-on experience greatly. The project also leverages the experiential education model of Northeastern University to engage undergraduates, women, and minority students in independent research projects.

侧信道攻击（SCA）已经成为各种不具有专用保护功能的加密实现的现实威胁。虽然已经发现并手动应用了许多有效的对策，但它们是特定于应用程序且劳动密集型的。此外，安全评估往往是不完整的，无法保证目标系统中的所有漏洞都已被识别并通过此类手动对策解决。该项目旨在改变侧信道攻击研究的范式，提出建立一个针对软件侧信道攻击的信息泄漏分析、多层次对策应用和形式化安全评估的自动化框架，提供通用的信息泄漏度量、自动化对策方法和形式化的全面评估方法。该方法将功耗分析和基于缓存的定时攻击统一到一个框架中。它定义了新的信息泄漏指标，并使用它们在早期阶段自动识别给定密码系统的可能泄漏，而无需实现细节。传统的编译过程被扩展沿着新的安全优化维度，以生成侧信道弹性代码并确保其在运行时的安全执行。侧信道安全性通过形式化方法保证在一定的置信水平。团队中的三名研究人员为这项具有挑战性的跨学科研究带来了互补的专业知识，以开发高级自动化框架以及相关的软件工具、指标和方法。这一成果对安全系统架构师和软件开发人员都有很大的好处，因为他们希望将可验证的SCA安全性构建到他们设计的各种应用程序中。该项目还在基础统计、正式方法和实际系统安全之间建立了新的协同作用。自动化工具在PI开发的新课程中引入时，有助于极大地改善学生的实践经验。该项目还利用东北大学的体验式教育模式，让本科生、女性和少数民族学生参与独立的研究项目。

项目成果

Masking Feedforward Neural Networks Against Power Analysis Attacks

• DOI: 10.2478/popets-2022-0025
• 发表时间: 2021-11
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Konstantinos Athanasiou;T. Wahl;A. Ding;Yunsi Fei