In his keynote speech at CHES 2004, Kocher advocated that side-channel attacks were an illustration that formal cryptography was not as secure as it was believed because some assumptions (e.g., no auxiliary information is available during the computation) were not modeled. This failure is caused by formal methods' focus on models rather than implementations. In this paper we present formal methods and tools for designing protected code and proving its security against power analysis. These formal methods avoid the discrepancy between the model and the implementation by working on the latter rather than on a high-level model. Indeed, our methods allow us (a) to automatically insert a power balancing countermeasure directly at the assembly level, and to prove the correctness of the induced code transformation; and (b) to prove that the obtained code is balanced with regard to a reasonable leakage model. We also show how to characterize the hardware to use the resources which maximize the relevancy of the model. The tools implementing our methods are then demonstrated in a case study on an 8-bit AVR smartcard for which we generate a provably protected present implementation that reveals to be at least 250 times more resistant to CPA attacks.
翻译:Kocher在2004年CHES的主旨演讲中主张,侧道攻击是一个例证,表明正式加密系统不如人们所相信的那样安全,因为一些假设(例如,计算过程中没有辅助信息)没有模型化,造成这一失败的原因是正式方法侧重于模型而不是实施模型。在本文中,我们介绍了设计受保护代码和证明其安全不受权力分析影响的正式方法和工具。这些正式方法通过研究后者而不是高层次模型来避免模式与实施之间的差异。事实上,我们的方法使我们能够(a) 在组装一级自动插入一种平衡反措施的权力,并证明诱导代码转换的正确性;以及(b) 证明获得的代码与合理的渗漏模型是平衡的。我们还展示了如何用硬件来使用资源来最大限度地提高模型的适切性。然后,在一项关于8比的 AVR智能卡的案例研究中展示了我们执行方法的工具,我们为此产生了一种可被证实的保护性地保护的当前实施方法,显示至少250倍于《全面和平协议》攻击的抗力。
相关内容
微信扫码咨询专知VIP会员