16 février 2024
16:15
Auditoire BARB91 1348 Louvain-la-Neuve
Preventing differential side-channel attacks in hardware: from generic to specific solutions by Charles Momin
Information security relies on cryptographic algorithms preventing third parties from diverting systems or knowledge from their intended use. These algorithms, deployed on electronic devices, are exposed to side-channel attacks that exploit the circuit's data-dependent physical behavior. In hardware, the countermeasures' ecosystem ranges from generic solutions applicable to any algorithm and providing adaptable security levels but typically implying significant overheads on the resulting circuit's performances, to others having lower overheads but requiring at least algorithmic tweaks and possibly coming with some inherent physical security but little flexibility. This thesis explores the challenges and trade-offs faced when implementing three intertwined yet different solutions. First, masking consists in randomizing the values manipulated by an implementation, making them difficult to exploit. This common generic strategy is applicable to any algorithm but involves significant overheads. Yet, we illustrate here that these can be amortized and that implementations providing a good tradeoff between area and latency are achievable.
Second, fresh re-keying is another strategy whereby an easy to protect re-keying function is used together with the long term key to generate a fresh session key used for few algorithm's executions only, thereby limiting the amount of exploitable key manipulations performed. Two distinct re-keying functions are evaluated here. On the one hand, a novel easy-to-mask function, whose implementation mitigates common limitations encountered with masking while keeping the possibility to adapt the security level.On the other hand, a function that limits by design the number of exploitable observations when attempting to mount an attack without relying on built-in protections but doesn't leave much room for adaptations. We show that physical security can be achieved with limited overheads but at the cost of using conservative instances parameters.
Jury members :
Prof. François-Xavier Standaert(UCLouvain), supervisor
Prof. David Bol (UCLouvain), chairperson
Prof. Thomas Peters (UCLouvain), secretary
Prof. Sylvain Guilley(TELECOM-Paris, France)
Prof. Amir Moradi (TechnischeUniversitatDarmstadt)
Pay attention :
The public defense of Charles Momin scheduled for Friday February 16 at 4:15 p.m. will also take place in the form of a video conference