A Bit-Level Approach to Side Channel Based Disassembling

International audienceSide-Channel Based Disassembling (SCBD) is a powerful application of side-channel analysis that allows recovering instructions executed by a processor from its physical leakages, such as the electromagnetic field (EM) emitted by the chip. These attacks directly compromise code confidentiality, but they can also reveal to an adversary many critical information on the system's internals. In this work, we propose a new approach for SCBD that directly focuses the bit encoding of an instruction using local EM leakage. We exploit a very precise bit-level leakage model and derive from it new algorithms that aim at recovering the actual bit values. We also propose strategies to automate the complex tasks of finding the best EM probe positions and combining them to improve results. On a PIC16 target, our method succeed in recovering the bits of an instruction with an average rate of 99,41% per bit. Compared to the state of the art, our disassembler is easier to train, recovers more information about instructions than just opcode and requires almost no modifications to target other processor architectures. Thus, this kind of disassemblers might become a threat to more complex processors, where side-channel disassembling has not been proved to be feasible yet

PROACT - Physical attack resistance of cryptographic algorithms and circuits with reduced time to market

Electronic devices that populate the Internet of Things play increasingly important roles in our everyday lives. When these devices process, store, or communicate personal or company-critical data, digital security becomes a necessity. However, mechanisms to secure electronic systems have a significant influence on the cost of the system and come with an overhead in energy consumption, computational delay, and (silicon) chip area. Therefore, developing secure electronic systems is a balancing act between minimizing the overhead and maximizing the security. Moreover, in rapidly evolving markets, there is another parameter that can have a negative influence on the security strength of electronic devices, namely the time to market: it takes longer to bring a secure product to the market than to develop a product with no or little security measures in place.In the PROACT project, we tackle the challenge of maximizing the security strength while minimizing the overhead w.r.t. energy consumption, computational delay, and hardware resources, as well as reducing the time to market of digital electronic systems. We specifically focus on the fast development of efficient cryptographic hardware with protection against physical attacks, i.e., attacks that exploit the physical implementation of cryptographic algorithms. Physical attacks are categorized into (1) side-channel analysis attacks that target the extraction of secret information by monitoring side-channels like the power consumption, the electromagnetic emanation or the timing of the device, and (2) fault analysis attacks that aim at introducing computational errors that lead to the leakage of secret information. Physical security is of vital importance when potential attackers can easily get in the vicinity of an electronic system. This is the case in, e.g., medical sensor devices, wearables and implants, which are typically constrained in energy budget, cost and form factor, and are therefore the perfect use case for the results of PROACT.NWONWA.1215.18.014Computer Systems, Imagery and Medi