TWC: Medium: Automating Countermeasures and Security Evaluation Against Software Side-channel Attacks

TWC：中：针对软件旁路攻击的自动化对策和安全评估

• 批准号: 1563697
• 负责人: Yunsi Fei
• 金额: $ 120万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-06-01 至 2021-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1563697&HistoricalAwards=false
• 关键词: TWC; Medium; Automating; Countermeasures; Security

Side-channel attacks (SCA) have been a realistic threat to various cryptographic implementations that do not feature dedicated protection. While many effective countermeasures have been found and applied manually, they are application-specific and labor intensive. In addition, security evaluation tends to be incomplete, with no guarantee that all the vulnerabilities in the target system have been identified and addressed by such manual countermeasures. This SaTC project aims to shift the paradigm of side-channel attack research, and proposes to build an automation framework for information leakage analysis, multi-level countermeasure application, and formal security evaluation against software side-channel attacks.The proposed framework provides common sound metrics for information leakage, methodologies for automatic countermeasures, and formal and thorough evaluation methods. The approach unifies power analysis and cache-based timing attacks into one framework. It defines new metrics of information leakage and uses them to automatically identify possible leakage of a given cryptosystem at an early stage with no implementation details. The conventional compilation process is extended along the new dimension of optimizing for security, to generate side-channel resilient code and ensure its secure execution at run-time. Side-channel security is guaranteed to be at a certain confidence level with formal methods. The three investigators on the team bring complementary expertise to this challenging interdisciplinary research, to develop the advanced automation framework and the associated software tools, metrics, and methodologies. The outcome significantly benefits security system architects and software developers alike, in their quest to build verifiable SCA security into a broad range of applications they design. The project also builds new synergy among fundamental statistics, formal methods, and practical system security. The automation tools, when introduced in new courses developed by the PIs, help improving students' hands-on experience greatly. The project also leverages the experiential education model of Northeastern University to engage undergraduates, women, and minority students in independent research projects.

侧通道攻击（SCA）一直是对不具有专用保护的各种加密实现的现实威胁。尽管已经找到并手动使用了许多有效的对策，但它们是针对申请的特定和劳动力密集的。此外，安全评估往往是不完整的，无法保证目标系统中的所有漏洞已通过此类手动对策确定和解决。该SATC项目旨在改变侧渠道攻击研究的范例，并建议建立一个自动化框架，以进行信息泄漏分析，多级别的对策应用以及针对软件侧渠道攻击的正式安全评估。该拟议的框架为自动泄漏，自动化对策的方法提供了常见的声音指标，用于自动化对比和正式评估和正式评估方法。该方法将电源分析和基于缓存的时序攻击统一为一个框架。它定义了信息泄漏的新指标，并使用它们在早期阶段自动识别给定密码系统的可能泄漏，而无需实施细节。传统的汇编过程沿着优化安全性，生成侧通道弹性代码并确保其在运行时的安全执行的新维度扩展。侧通道安全性可以通过正式方法处于一定的信心水平。团队中的三名研究人员为这项具有挑战性的跨学科研究带来了互补的专业知识，以开发高级自动化框架以及相关的软件工具，指标和方法。该结果极大地使安全系统架构师和软件开发人员都受益，以寻求将可验证的SCA安全性构建为他们设计的广泛应用程序。该项目还建立了基本统计，正式方法和实际系统安全性的新协同作用。自动化工具在PIS开发的新课程中引入时，有助于改善学生的动手体验。该项目还利用东北大学的经验教育模型来吸引本科生，妇女和少数族裔学生参与独立的研究项目。

项目成果

Masking Feedforward Neural Networks Against Power Analysis Attacks

• DOI: 10.2478/popets-2022-0025
• 发表时间: 2021-11
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Konstantinos Athanasiou;T. Wahl;A. Ding;Yunsi Fei