Securing Optimized Code Against Power Side Channels

2023 IEEE 36th Computer Security Foundations Symposium (CSF) Pub Date : 2022-07-06 DOI:10.1109/CSF57540.2023.00016

R. Tsoupidi, Roberto Castañeda Lozano, E. Troubitsyna, Panos Papadimitratos

{"title":"Securing Optimized Code Against Power Side Channels","authors":"R. Tsoupidi, Roberto Castañeda Lozano, E. Troubitsyna, Panos Papadimitratos","doi":"10.1109/CSF57540.2023.00016","DOIUrl":null,"url":null,"abstract":"Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA. These attacks take advantage of the algorithm implementation in hardware or software to extract secret information via side channels. Software masking is a mitigation approach against power side-channel attacks aiming at hiding the secret-revealing dependencies from the power footprint of a vulnerable implementation. However, this type of software mitigation often depends on general-purpose compilers, which do not preserve non-functional properties. Moreover, microarchitectural features, such as the memory bus and register reuse, may also leak secret information. These abstractions are not visible at the high-level implementation of the program. Instead, they are decided at compile time. To remedy these problems, security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes Secure by Construction Code Generation (SecCG), a constraint-based compiler approach that generates optimized yet protected against power side channels code. SecCG controls the quality of the mitigated program by efficiently searching the best possible low-level implementation according to a processor cost model. In our experiments with twelve masked cryptographic functions up to 100 lines of code on Mips32 and ARM Thumb, SecCG speeds up the generated code from 77% to 6.6 times compared to non-optimized secure code with an overhead of up to 13% compared to non-secure optimized code at the expense of a high compilation cost. For security and compiler researchers, this paper proposes a formal model to generate power side channel free low-level code. For software engineers, SecCG provides a practical approach to optimize performance critical and vulnerable cryptographic implementations that preserve security properties against power side channels.","PeriodicalId":179870,"journal":{"name":"2023 IEEE 36th Computer Security Foundations Symposium (CSF)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 36th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF57540.2023.00016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA. These attacks take advantage of the algorithm implementation in hardware or software to extract secret information via side channels. Software masking is a mitigation approach against power side-channel attacks aiming at hiding the secret-revealing dependencies from the power footprint of a vulnerable implementation. However, this type of software mitigation often depends on general-purpose compilers, which do not preserve non-functional properties. Moreover, microarchitectural features, such as the memory bus and register reuse, may also leak secret information. These abstractions are not visible at the high-level implementation of the program. Instead, they are decided at compile time. To remedy these problems, security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes Secure by Construction Code Generation (SecCG), a constraint-based compiler approach that generates optimized yet protected against power side channels code. SecCG controls the quality of the mitigated program by efficiently searching the best possible low-level implementation according to a processor cost model. In our experiments with twelve masked cryptographic functions up to 100 lines of code on Mips32 and ARM Thumb, SecCG speeds up the generated code from 77% to 6.6 times compared to non-optimized secure code with an overhead of up to 13% compared to non-secure optimized code at the expense of a high compilation cost. For security and compiler researchers, this paper proposes a formal model to generate power side channel free low-level code. For software engineers, SecCG provides a practical approach to optimize performance critical and vulnerable cryptographic implementations that preserve security properties against power side channels.

查看原文本刊更多论文

针对电源侧信道保护优化代码

侧信道攻击对加密算法造成严重威胁，包括AES和RSA等广泛使用的加密算法。这些攻击利用硬件或软件中的算法实现，通过侧信道提取秘密信息。软件屏蔽是一种针对功率侧信道攻击的缓解方法，旨在从易受攻击的实现的功率占用中隐藏泄露秘密的依赖关系。然而，这种类型的软件缓解通常依赖于不保留非功能属性的通用编译器。此外，微架构特性，如内存总线和寄存器重用，也可能泄露机密信息。这些抽象在程序的高级实现中是不可见的。相反，它们在编译时决定。为了解决这些问题，安全工程师通常会通过关闭编译器优化和/或执行本地编译后转换来牺牲代码效率。本文提出了一种基于约束的编译器方法SecCG (Secure by Construction Code Generation)，该方法可以生成优化的且受保护的功率侧信道代码。SecCG通过根据处理器成本模型有效地搜索可能的最佳底层实现来控制缓解程序的质量。在我们的实验中，在Mips32和ARM Thumb上使用了多达100行代码的12个掩码加密函数，与未优化的安全代码相比，SecCG将生成代码的速度从77%提高到6.6倍，与非安全优化代码相比，开销高达13%，代价是高昂的编译成本。针对安全性和编译器研究人员，本文提出了一种生成无功率侧信道的底层代码的形式化模型。对于软件工程师来说，SecCG提供了一种实用的方法来优化性能关键和易受攻击的加密实现，从而保持对电源侧信道的安全属性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量