Most of the attacks in the literature for public key cryptography assumes that the exponentiation algorithm handles the key bit by bit.

For my master final project, I would like to conduct a project to analyze the viability of clustering attacks when considering window bit exponentiation algorithms such as the k-ary algorithm.

In order to test the viability of the attacks, three datasets will be considered:

1. Simulated traces
2. Software traces (Using a STM32F board)
3. Hardware traces (Using the CW305 Artix board)

For the 2nd and 3rd datasets the ChipWhisperer-Husky would be used to perform the captures.

Three sizes of k will be considered for the analysis (2, 3 and 4). Resulting in 4, 8 and 16 precomputed values or key value chunks to classify.

The generated dataset, code artifacts or models will be published under a MIT license (or equivalent open license).

As far as I know, there is no public dataset with this characteristics.

Introduction

Through side-channel analysis (SCA) [1], a class of attacks exploiting physical characteristics of electronic devices, an attacker can retrieve information on internal values a device is handling. When this data is sensitive, for instance when it comprises cryptographic key material in an embedded cryptosystem or weights in a trained machine learning model deployed for inference, appropriate countermeasures should be applied before deployment. SCA attacks and their countermeasures are well studied in the field of cryptographic engineering and consist of power analysis attacks that require access to the power circuit, and electro-magnetic (EM) attacks, which can be performed non-invasively and have a higher locality.

When a device loaded with a trained machine learning model is accessible to an attacker, as can occur when it is deployed for inference in the edge, the architecture and weights of the model can be extracted through SCA. The obtained information can either be copied, resulting in a loss of expensive intellectual property, or be used subsequently to help create so-called adversarial attacks [2].

Although SCA attacks have recently been shown to succeed on various devices for inference [3, 4] and researchers have started applying known countermeasures from the realm of cryptography to neural net systems [5], this area remains a nascent field of study with many alleys for impactful research. Furthermore, the proliferation of edge devices for inference, e.g. Google's Edge TPU [6], Xilinx's Versal AI Edge [7] and Nvidia's Jetson Nano [8], establishes a clear relevance for the study of their vulnerability against SCA attacks for both industry and academia.

Proposal

The goal of this project is to investigate the vulnerability of neural processing units against electromagnetic side-channel attacks. To this end, the student will first analyse architectures of several AI edge devices and isolate promising building blocks to target with an EM attack. Then, the student will implement these building blocks on an FPGA and perform actual EM analysis. When a successful attack is uncovered, the student can choose between several paths forward depending on his/her interest: either the attack is further developed or countermeasures are applied. In the former case, more blocks of a chosen architecture will be implemented and attacked on the FPGA, and with further refinement, a strategy will be thought out to ultimately perform the attack on its corresponding real-world device. In the latter case, a suitable countermeasure will be implemented and evaluated with EM analysis.

Motivation

The meaning and utility of data have evolved drastically throughout the years. When the value of a certain topic rises, the difficulty of safeguarding it arises. The motivation behind our work takes its shape by means of this securing problem. At the present time, the collected data requires not only storing but also needs to be interpreting. And this process is beyond one's power to be carried through because of its size and sensitiveness. Hereby, these tasks are inherited to artificial intelligence algorithms. Despite the fact that these issues appear to be primarily software-dependent, they must all be implemented in hardware contexts. Right at this point, our project is carried out to take the responsibility for contributing the security-enhancing studies by approaching from the dark side. This investigation is focused on Neural Processing Units and their physical security vulnerabilities. In the subject of cryptography engineering, physical security analyses/attacks, and their protective measures have been extensively researched. Although several approaches have recently been demonstrated to operate on a variety of inference units, and academics have begun to deploy proven protections from the domain of cryptography for neural network system applications, this is still a new field of study with numerous avenues for promising findings.

References

[1] Introduction to differential power analysis and related attacks by Kocher et al. https://www.rambus.com/wp-content/uploads/2015/08/DPATechInfo.pdf
[2] Robust Physical-World Attacks on Deep Learning Visual Classification by Eykholt et al. https://arxiv.org/pdf/1707.08945.pdf
[3] CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information by Batina et al. https://arxiv.org/pdf/1810.09076.pdf
[4] Model-Extraction Attack Against FPGA-DNN Accelerator Utilizing Correlation Electromagnetic Analysis by Yoshida et al. https://ieeexplore.ieee.org/abstract/document/8735505
[5] MaskedNet: The First Hardware Inference Engine Aiming Power Side-Channel Protection by Dubey et al. https://arxiv.org/pdf/1910.13063.pdf
[6] Google Coral Edge TPU explained in depth. https://qengineering.eu/google-corals-tpu-explained.html
[7] Versal AI Edge Series https://www.xilinx.com/products/silicon-devices/acap/versal-ai-edge.html
[8] Introducing Jetson Xavier NX, the World’s Smallest AI Supercomputer https://developer.nvidia.com/blog/jetson-xavier-nx-the-worlds-smallest-ai-supercomputer/

Proposal

An increasing onus is being placed on ensuring that hardware-based cryptographic implementations are designed with countermeasures against both side channel attacks (SCA) and fault attacks (FA). This is particularly critical when considering embedded and IoT devices in the field, to which an attacker may more readily have physical access, where trust of communication or data from the device may be dependent on the secrecy of installed cryptographic material. However, adding such countermeasures on top of already resource hungry cryptographic algorithms presents additional challenges on these, often already constrained, devices. This has lead to substantial interest in lightweight cryptograhic (LWC) solutions, one such algorithm is TinyJAMBU. A side-channel resistant implementation of this algorithm utilising Domain Oriented Masking (DOM) is described in Abubakr A. et al. (2021).

It is noted that whilst Abubakr A. et al. (2021) demonstrates that the described implementation of TinyJAMBU is resistant to SCA owing to limited information leakage (determined using test-vector leakage assessment methodology), the resistance to combined SCA and fault template attack (FTA) is not investigated. Under this proposal, a combined SCA and FTA technique to attack the side-channel resistant implementation of TinyJambu will be researched with a view recovering the key or partial key. Similar techniques will be applied to an AES implementation with comparable countermeasures to determine if TinyJAMBU remains favourable, when compared to AES, under this type of attack. It is noted that there will be some differences in the way the techniques are executed between the two algorithms with a focus on propagation of faults through the S-box for AES and the nonlinear shift register (NLFSR) for TinyJAMBU.

This proposal takes inspiration from the work of Saha S. et al (2021) and will seek to reimagine the described techniques and methodologies in a way that is applicable to the target algorithms using the precise fault injection (and other) capabilities of the ChipWhisperer-Husky, alongside equipment that might be found on a typical electronics workbench, rather than the, less accessible, laser fault injection described.

Hardware implementations of the target algorithms will be implemented on the - CW305 Artix FPGA 7A35 Target Board as follows:

• TinyJAMBU - The resistant algorithm was already implemented on the CW305 (https://github.com/GMUCERG/) as part of Abubakr A. et al. (2021). Although the A100 version was used for this paper the A35 has sufficent overhead. Second and third order variants will be used for the comparison with AES.
• AES - A DOM protected hardware implementation of AES will be used, with the countermeasures set to be comparable to the target TinyJAMBU variants. A pre-existing implementation of DOM protected AES is available (https://github.com/hgrosz/aes-dom) along with significant reference material from NewAE regarding implementing AES on the CW305.

Publication

The body of work, including all methodology, results, code, and templates as well as detailed instructions on replicating the work, will be released in a git repository under the MIT license. If the work results in viable techniques that aren't covered by pre-existing NewAE material, a Juypter notebook will be produced in the style of the existing ChipWhisperer tutorials to support others with understanding and reproducing the techniques.

At least one blog post will be produced discussing 'lessons learnt' and challenges overcome. Additionally, at least one video will be created to give an overview of the project as a whole and showcase the setup used to produce described results. Links to any such supporting material will be included in the github Readme.md. If the work gains significant interest, I may also host a livestream in an AMA style.

Proposed Licenses

• Github Respository Content: MIT
• Blog Posts: Creative Commons Attribution 4.0 International (CC BY 4.0)
• Videos: Will be released under an appropriate Creative Commons license (TBA)

Extras

If a CW308 board were provided as part of the prize, it would be used to undertake additional, seperate work investigating lightweight implementations of cryptographic algorithms on the Atmel ATXmega128A4U-AU and MegaRF2564RFR2 8-bit microcontrollers. The initial aim would be to replicate the work of Ruminot-Ahumada et al. (2021) deploying AES-128 with SCA countermeasures on the ATXmega128A4U-AU, and performing SCA against it to capture baseline data. The same countermeasures would then be used with an existing ZigBee implementation on the MegaRF2564RFR2. Whereas Ruminot-Ahumada et al. (2021) specifically explored side-channel leaks during encryption and decryption, this work will be focused on data validation routines and will evaluate how effective the countermeasures are against SCA on the ZigBee Message Integrity Code (MIC) process. This work would be released under the same license(s) as that of the main proposal.

Citations

Abubakr Abdulgadir, Sammy Lin, Farnoud Farahmand, Jens-Peter Kaps, Kris Gaj. 2021. Side-Channel Resistant Implementations of a Novel Lightweight Authenticated Cipher with Application to Hardware Security. In Proceedings of the Great Lakes Symposium on VLSI 2021 (GLSVLSI ’21), June 22–25, 2021, Virtual Event, USA. ACM, New York, NY, USA, 6 pages. https://doi.org/10.1145/3453688.3461761

Saha S., Bag A., Jap D., Mukhopadhyay D., Bhasin S. (2021) Divided We Stand, United We Fall: Security Analysis of Some SCA+SIFA Countermeasures Against SCA-Enhanced Fault Template Attacks. In: Tibouchi M., Wang H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science, vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_3

N. Ruminot-Ahumada, C. Valencia-Cordero and R. Abarzúa-Ortiz, "Side Channel Attack Countermeasure for Low Power Devices with AES Encryption," 2021 IEEE International Conference on Automation/XXIV Congress of the Chilean Association of Automatic Control (ICA-ACCA), 2021, pp. 1-7, https://doi.org/10.1109/ICAACCA51523.2021.9465337

Additional Note

Thanks for hosting this giveaway, with such incredible prizes, in such an exciting niche!

The Portuguese language has 252 million speakers. Among the Portuguese-speaking countries we can mention: Brazil, Portugal, Angola, Mozambique, Guinea-Bissau, East Timor, Equatorial Guinea, Macau, Cape Verde and São Tomé and Príncipe.

A survey carried out by the British Council found that only 5% of the 213 million Brazilians speak English and only 1% of the population is fluent in the language.

I'm going to use ChipWhisperer-Husky as a platform for a completely free training that will be delivered in Portuguese.

In this training, the basic concepts of fault injection and power analysis will be presented in native language to 252 million potential students.

This training aims to reduce the barriers raised by communication difficulties, presenting content in Portuguese for students of electronics, computing, information security, software development and other interested parties.

All content will be free, posted on platforms like youtube, as well as torrent files and seeders will be invited to keep the course on different portals.

An initial base of members interested in the hardware hacking theme (about 3400 people) already belongs to the group that I manage in the telegram and will be invited to review and publicize the project after it is recorded and edited.

the review of other devices built by NewAE can compose training topics, strengthening the brand as a provider of inexpensive solutions for hardware-based attacks.

as a professor, I have already recorded some classes talking about fault injection and other glitch attacks, however none of these classes had specialized tools for executing these attacks.

I have lectured on fault injection attacks at several conferences in Brazil, including H2HC (the oldest security conference in Brazil)

My works and training on fault injection found a barrier to proceed, until then I used a teensy 4 and some other electronic components to generate the glitch's, however to increase the complexity of attacks and be able to exemplify them in training, it would be necessary to have one equipment like the chipwhisperer-husky

I leave here some videos in Portuguese on the subject, I have been producing these videos over the last few years (it is possible to use the translation of subtitles from Portuguese to English so it will be possible to understand the videos).

https://www.youtube.com/watch?v=hnIWoEEcWO4
https://www.youtube.com/watch?v=7qTY_LdYG7Q
https://www.youtube.com/watch?v=20qMSG07hAs
https://www.youtube.com/watch?v=s2ZRAFQz2hU
https://www.youtube.com/watch?v=M-zC4AumktA
https://www.youtube.com/watch?v=LVciRKz_UZE

My proposal

I want to use ghidra to identify interesting points of injection using its psuedo C code (should be some what straight forward), after this I want to create an estimation of the total clock cycles it takes to run the program, then I want to be able to narrow length and timing for my glitch attack. My reasoning for this is because I noticed there is no real way to optimize glitch timing without brute forcing from beginning to end or beginning to some trigger then going down from there, which usually assumes you can patch the binary in some way.

While looking into this topic for some time I came across this article that showed an interesting equation:

T = I x CPI x C

T = execution Time per program in seconds
I = Number of instructions executed
CPI = Average CPI for program
C = CPU Clock Cycle

Challenges

There are million of chips in the world how do you plan to get an average clock cycle for them all?

• I would want to create a database with specific chips and there instructions and there clock cycles for everyone to submit to and use if this could be built into a tool that would be better!

Database would be like chip>instructions>average cycles this is more of a long term pipe dream to be honest a kid from the hood can dream okay lol

the quick way is going to be to take a single standardized program that uses a subset of "the most used" instructions and run it against a ton of chips.

By using the CW305 I can focus on all/most of the instructions instead as a poc

How would you account for interruptions or jitters?

• We would have to get the Average cycles per instruction for a specific program I think a good baseline would be the classic glitch of if(x)

x86? Dynamic clock scaling?

• I have no idea I haven't even gotten that far yet to be honest 😅 this is all theoretical

Goals with the chip whisperer and CW305

• Use Ghidra to identify potential Injection Points using its Pseudo C code
• Take an average of the total clock cycles it takes to run specified program
• Try to match opcode with timing
• reduce size of timing from average CPI on specific program
• Try to adapt this method to all instructions

contact

Twitter: https://twitter.com/specters
or leave a comment here :D

Example Entry:

I would use the CW305 board to implement a soft-core RISC-V processor, and then demonstrate how running a software core on that device can be broken. I would be publishing the results in a git repo under the MIT license (may be adjusted if the RISC-V core I used changes), including the attack script.

The RISC-V core I plan on using is XXXX, which is already running on the Arty A35 board, which uses the same sized FPGA on the CW305. As the CW305 does not have external memory I need to allocate some of the internal BRAM, limiting the program size (no Linux running on this).

Different methods are known how to inject voltage glitches into a system. In a paper from CHES 2019 called "Shaping the Glitch" by Bozzato et al., the authors used arbitrary waveform glitches generated by a genetic algorithm. Unfortunately, the genetic algorithm and its parameters neither have been discussed in the paper nor have they been published elsewhere. The goal of this proposal is to implement this specific part of the paper and study its practical impact with the contest-provided tools. More precisely:

• CW305 Artix board, will be used for:

  • modify the board as needed for an 'external fault amplifier' (cf. rtfm.newae.com)
  • running AES or other suitable target algorithm at different frequencies (depending on initial tests)
  • inject arbitrary wave glitch and improve success rate based on optimizations of genetic algorithm
  • compare with glitch-methods built-into ChipWhisperer-Husky

• ChipWhisperer-Husky, will be used for:

  • for observing and recording injected glitches/results
  • for establishing a baseline of glitch-success rate based on the built-in glitch methods
  • [optional] investigate if integrating a DAC is possible with the 8 DIOs and clock signal (to avoid external instruments)

• Call with Colin & NewAE Staff for project support, will be used for:

  • discuss timeline and delivery of expected results
  • discuss circuit details and possible options for integration into Husky (see above)
  • agree on safety limits to not fry the FPGA
  • discuss API to possibly include in ChipWhisperer toolchain

Additional aspects may be considered based on overall time spent on this project and corresponding success. Therefore, other targets may be considered depending on availability and time. Instruments needed for this proposal (such as a reasonably good arbitrary wave generator from Siglent) are available and not expected from NewAE. Same for soldering equipment, etc.

Should this proposal be awarded the grand prize, it is possibly carried out by a team of two (still need to convince that other person :-). The results will be summarized in a paper and uploaded to eprint.iacr.org, acknowledging NewAEs support as part of this contest. Code and schematics will be uploaded to GITHUB under suitable open source license. The GITHUB repo will additionally include a tutorial (a Jupyter notebook) to replicate the results of this work more easily, thereby improving access by the greater security community.

I would like to improve my skills with the training

I'm a cybersecurity engineer (pentester) and I'm in love with the hardware security part. I've already bought your book as well as a chipwhisperer lite L1 kit.
I spent all my free time (limited as I have an awesome son) trying to learn side channel attacks. With the price that can be won, I hope I can build a new career in the hardware security field which, I think, has a promising future as the IoT industry grow a lot.