Repository landing page
Custom Instruction Support for Modular Defense against Side-channel and Fault Attacks
Abstract
International audienceThe design of software countermeasures against active and passive adversaries is a challenging problem that has been addressed by many authors in recent years. The proposed solutions adopt a theoretical foundation (such as a leakage model) but often do not offer concrete reference implementations to validate the foundation. Contributing to the experimental dimension of this body of work, we propose a customized processor called SKIVA that supports experiments with the design of countermeasures against a broad range of implementation attacks. Based on bitslice programming and recent advances in the literature, SKIVA offers a flexible and modular combination of countermeasures against power-based and timing-based side-channel leakage and fault injection. Multiple configurations of side-channel protection and fault protection enable the programmer to select the desired number of shares and the desired redundancy level for each slice. Recurring and security-sensitive operations are supported in hardware through custom instruction-set extensions. The new instructions support bitslicing, secret-share generation, redundant logic computation, and fault detection. We demonstrate and analyze multiple versions of AES from a side-channel analysis and a fault-injection perspective, in addition to providing a detailed performance evaluation of the protected designs. To our knowledge, this is the first validated end-to-end implementation of a modular bitslice-oriented countermeasure- info:eu-repo/semantics/conferenceObject
- Conference papers
- Side-channel Leakage
- Fault Injection
- Bitslice Programming
- [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL]
- [INFO.INFO-AR]Computer Science [cs]/Hardware Architecture [cs.AR]
- [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]