TY - GEN
T1 - Secure silicon
T2 - 2017 International Symposium on Electromagnetic Compatibility - EMC EUROPE, EMC Europe 2017
AU - Sauvage, Laurent
AU - Takarabt, Sofiane
AU - Souissi, Youssef
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/11/2
Y1 - 2017/11/2
N2 - Evaluating security vulnerabilities of software implementations at design step is of primary importance for applications developers, while it has received litte attention from scientific community. In this paper, wed escribe virtual prototyping of an implementation of scalar multiplication aiming to make it secure against simple side-channel attacks. Reproducing information leakage as close to reality as possible requires bitand clock-cycle accuracy, we got with Mentor Graphics Modelsim tool, simulating the execution of the software implementations on PULPino, an open-source 32-bit microcontroller based on the recently released RISC-V instruction set architecture. For each clock cycle, we compute the number of bit toggles into microcontroller, an image of the power consumption, and watch the program counter to identify the assembly instruction executed, then the corresponding C function. We first start with a naive double-and-add implementation relying on cryptographic primitives of the mbed TLS library, formerly PolarSSL before acquisition by ARM. The virtual analysis pinpoints differences in the way the double function on one side and the add function on the other side manage variables and internal operations, which can be used to extract the private key. We propose some modifications of the C code, hence independent of the considered microcontroller, then we compare the impact on performances with other solutions such as Montgomery ladder, most used in practice as more efficient.
AB - Evaluating security vulnerabilities of software implementations at design step is of primary importance for applications developers, while it has received litte attention from scientific community. In this paper, wed escribe virtual prototyping of an implementation of scalar multiplication aiming to make it secure against simple side-channel attacks. Reproducing information leakage as close to reality as possible requires bitand clock-cycle accuracy, we got with Mentor Graphics Modelsim tool, simulating the execution of the software implementations on PULPino, an open-source 32-bit microcontroller based on the recently released RISC-V instruction set architecture. For each clock cycle, we compute the number of bit toggles into microcontroller, an image of the power consumption, and watch the program counter to identify the assembly instruction executed, then the corresponding C function. We first start with a naive double-and-add implementation relying on cryptographic primitives of the mbed TLS library, formerly PolarSSL before acquisition by ARM. The virtual analysis pinpoints differences in the way the double function on one side and the add function on the other side manage variables and internal operations, which can be used to extract the private key. We propose some modifications of the C code, hence independent of the considered microcontroller, then we compare the impact on performances with other solutions such as Montgomery ladder, most used in practice as more efficient.
U2 - 10.1109/EMCEurope.2017.8094744
DO - 10.1109/EMCEurope.2017.8094744
M3 - Conference contribution
AN - SCOPUS:85040537595
T3 - 2017 International Symposium on Electromagnetic Compatibility - EMC EUROPE 2017, EMC Europe 2017
BT - 2017 International Symposium on Electromagnetic Compatibility - EMC EUROPE 2017, EMC Europe 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 September 2017 through 8 September 2017
ER -