TWC: Medium: Automating Countermeasures and Security Evaluation Against Software Side-channel Attacks

TWC：中：针对软件旁路攻击的自动化对策和安全评估

• 批准号: 1563697
• 负责人: Yunsi Fei
• 金额: $ 120万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-06-01 至 2021-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1563697&HistoricalAwards=false
• 关键词: TWC; Medium; Automating; Countermeasures; Security

Side-channel attacks (SCA) have been a realistic threat to various cryptographic implementations that do not feature dedicated protection. While many effective countermeasures have been found and applied manually, they are application-specific and labor intensive. In addition, security evaluation tends to be incomplete, with no guarantee that all the vulnerabilities in the target system have been identified and addressed by such manual countermeasures. This SaTC project aims to shift the paradigm of side-channel attack research, and proposes to build an automation framework for information leakage analysis, multi-level countermeasure application, and formal security evaluation against software side-channel attacks.The proposed framework provides common sound metrics for information leakage, methodologies for automatic countermeasures, and formal and thorough evaluation methods. The approach unifies power analysis and cache-based timing attacks into one framework. It defines new metrics of information leakage and uses them to automatically identify possible leakage of a given cryptosystem at an early stage with no implementation details. The conventional compilation process is extended along the new dimension of optimizing for security, to generate side-channel resilient code and ensure its secure execution at run-time. Side-channel security is guaranteed to be at a certain confidence level with formal methods. The three investigators on the team bring complementary expertise to this challenging interdisciplinary research, to develop the advanced automation framework and the associated software tools, metrics, and methodologies. The outcome significantly benefits security system architects and software developers alike, in their quest to build verifiable SCA security into a broad range of applications they design. The project also builds new synergy among fundamental statistics, formal methods, and practical system security. The automation tools, when introduced in new courses developed by the PIs, help improving students' hands-on experience greatly. The project also leverages the experiential education model of Northeastern University to engage undergraduates, women, and minority students in independent research projects.

旁道攻击 (SCA) 已经成为对不具有专用保护功能的各种加密实现的现实威胁。尽管已经找到并手动应用了许多有效的对策，但它们是特定于应用的并且是劳动密集型的。此外，安全评估往往是不完整的，无法保证目标系统中的所有漏洞都已被此类手动对策识别并解决。该SaTC项目旨在改变侧信道攻击研究的范式，并提出建立一个用于信息泄漏分析、多级对策应用和针对软件侧信道攻击的正式安全评估的自动化框架。该框架提供了信息泄漏的通用健全指标、自动对策方法以及正式和彻底的评估方法。该方法将功耗分析和基于缓存的定时攻击统一到一个框架中。它定义了信息泄漏的新指标，并使用它们在早期阶段自动识别给定密码系统的可能泄漏，而无需实现细节。传统的编译过程沿着安全性优化的新维度进行了扩展，以生成侧通道弹性代码并确保其在运行时的安全执行。通过形式化方法可以保证侧通道安全性处于一定的置信水平。团队中的三名研究人员为这项具有挑战性的跨学科研究带来了互补的专业知识，以开发先进的自动化框架和相关的软件工具、指标和方法。结果使安全系统架构师和软件开发人员受益匪浅，因为他们寻求将可验证的 SCA 安全性构建到他们设计的广泛应用程序中。该项目还在基础统计、形式化方法和实用系统安全性之间建立了新的协同作用。当PI开发的新课程中引入自动化工具时，可以极大地改善学生的实践体验。该项目还利用东北大学的体验式教育模式，让本科生、女性和少数民族学生参与独立研究项目。

项目成果

Masking Feedforward Neural Networks Against Power Analysis Attacks

• DOI: 10.2478/popets-2022-0025
• 发表时间: 2021-11
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Konstantinos Athanasiou;T. Wahl;A. Ding;Yunsi Fei