Strong non-interference and type-directed higher-order masking

Gilles Barthe; Sonia Belaïd; François Dupressoir; Pierre Alain Fouque; Benjamin Grégoire; Pierre Yves Strub; Rébecca Zucchini

doi:10.1145/2976749.2978427

Strong non-interference and type-directed higher-order masking

Gilles Barthe
, Sonia Belaïd
, François Dupressoir
, Pierre Alain Fouque
, Benjamin Grégoire
, Pierre Yves Strub
, Rébecca Zucchini

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.

Original language	English
Title of host publication	CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	116-129
Number of pages	14
ISBN (Electronic)	9781450341394
DOIs	https://doi.org/10.1145/2976749.2978427
Publication status	Published - 24 Oct 2016
Externally published	Yes
Event	23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria Duration: 24 Oct 2016 → 28 Oct 2016

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
Volume	24-28-October-2016
ISSN (Print)	1543-7221

Conference

Conference	23rd ACM Conference on Computer and Communications Security, CCS 2016
Country/Territory	Austria
City	Vienna
Period	24/10/16 → 28/10/16

Access to Document

10.1145/2976749.2978427

Cite this

Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P. A., Grégoire, B., Strub, P. Y., & Zucchini, R. (2016). Strong non-interference and type-directed higher-order masking. In CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 116-129). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 24-28-October-2016). Association for Computing Machinery. https://doi.org/10.1145/2976749.2978427

@inproceedings{426b87a8b512469db6621972fa77ccbb,

title = "Strong non-interference and type-directed higher-order masking",

abstract = "Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.",

author = "Gilles Barthe and Sonia Bela{\"i}d and Fran{\c c}ois Dupressoir and Fouque, \{Pierre Alain\} and Benjamin Gr{\'e}goire and Strub, \{Pierre Yves\} and R{\'e}becca Zucchini",

note = "Publisher Copyright: {\textcopyright} 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 23rd ACM Conference on Computer and Communications Security, CCS 2016 ; Conference date: 24-10-2016 Through 28-10-2016",

year = "2016",

month = oct,

day = "24",

doi = "10.1145/2976749.2978427",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "116--129",

booktitle = "CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security",

}

Barthe, G, Belaïd, S, Dupressoir, F, Fouque, PA, Grégoire, B, Strub, PY & Zucchini, R 2016, Strong non-interference and type-directed higher-order masking. in CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, vol. 24-28-October-2016, Association for Computing Machinery, pp. 116-129, 23rd ACM Conference on Computer and Communications Security, CCS 2016, Vienna, Austria, 24/10/16. https://doi.org/10.1145/2976749.2978427

Strong non-interference and type-directed higher-order masking. / Barthe, Gilles; Belaïd, Sonia; Dupressoir, François et al.
CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2016. p. 116-129 (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 24-28-October-2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Strong non-interference and type-directed higher-order masking

AU - Barthe, Gilles

AU - Belaïd, Sonia

AU - Dupressoir, François

AU - Fouque, Pierre Alain

AU - Grégoire, Benjamin

AU - Strub, Pierre Yves

AU - Zucchini, Rébecca

PY - 2016/10/24

Y1 - 2016/10/24

N2 - Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.

AB - Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves cryptographic material by measuring and analyzing the power consumption of the device on which the cryptographic algorithm under attack executes. An effective countermeasure against DPA is to mask secrets by probabilistically encoding them over a set of shares, and to run masked algorithms that compute on these encodings. Masked algorithms are often expected to provide, at least, a certain level of probing security. Leveraging the deep connections between probabilistic information flow and probing security, we develop a precise, scalable, and fully automated methodology to verify the probing security of masked algorithms, and generate them from unprotected descriptions of the algorithm. Our methodology relies on several contributions of independent interest, including a stronger notion of probing security that supports compositional reasoning, and a type system for enforcing an expressive class of probing policies. Finally, we validate our methodology on examples that go significantly beyond the state-of-the-art.

U2 - 10.1145/2976749.2978427

DO - 10.1145/2976749.2978427

M3 - Conference contribution

AN - SCOPUS:84995528466

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 116

EP - 129

BT - CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 23rd ACM Conference on Computer and Communications Security, CCS 2016

Y2 - 24 October 2016 through 28 October 2016

ER -

Barthe G, Belaïd S, Dupressoir F, Fouque PA, Grégoire B, Strub PY et al. Strong non-interference and type-directed higher-order masking. In CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2016. p. 116-129. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/2976749.2978427

Strong non-interference and type-directed higher-order masking

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this