ROSITA: Towards automatic elimination of power-analysis leakage in ciphers

Madura A. Shelton; Niels Samwel; Lejla Batina; Francesco Regazzoni; Markus Wagner; Yuval Yarom

doi:10.14722/ndss.2021.23137

ROSITA: Towards automatic elimination of power-analysis leakage in ciphers

Madura A. Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni, Markus Wagner, Yuval Yarom

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

38 Citations (Scopus)

Abstract

Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present ROSITA, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use ROSITA to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1 000 000 traces with less than 21% penalty to the performance. For ChaCha, which has significantly more leakage, ROSITA eliminates over 99% of the leakage, at a performance cost of 64%.

Original language	English
Title of host publication	Proceedings 2021, 28th Network and Distributed System Security Symposium
Editors	David Balenson
Place of Publication	Reston VA USA
Publisher	The Internet Society
Number of pages	17
ISBN (Electronic)	1891562665, 9781891562662
DOIs	https://doi.org/10.14722/ndss.2021.23137
Publication status	Published - 2021
Externally published	Yes
Event	Usenix Network and Distributed System Security Symposium 2021 - Online, San Diego, United States of America Duration: 21 Feb 2021 → 25 Feb 2021 https://www.ndss-symposium.org/ndss2021/ https://www.ndss-symposium.org/ndss-program/ndss-2021/ (Proceedings)

Conference

Conference	Usenix Network and Distributed System Security Symposium 2021
Abbreviated title	NDSS 2021
Country/Territory	United States of America
City	San Diego
Period	21/02/21 → 25/02/21
Internet address	https://www.ndss-symposium.org/ndss2021/ https://www.ndss-symposium.org/ndss-program/ndss-2021/ (Proceedings)

Access to Document

10.14722/ndss.2021.23137

566110058-oaFinal published version, 2.66 MB

Cite this

@inproceedings{faf6e1c30ab64f41bf3e35806b0b5a4d,

title = "ROSITA: Towards automatic elimination of power-analysis leakage in ciphers",

abstract = "Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present ROSITA, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use ROSITA to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1 000 000 traces with less than 21\% penalty to the performance. For ChaCha, which has significantly more leakage, ROSITA eliminates over 99\% of the leakage, at a performance cost of 64\%.",

author = "Shelton, \{Madura A.\} and Niels Samwel and Lejla Batina and Francesco Regazzoni and Markus Wagner and Yuval Yarom",

note = "Funding Information: This research was supported by the Australian Research Council project numbers DE200101577, DP200102364, and DP210102670; the Research Center for Cyber Security at Tel-Aviv University established by the State of Israel, the Prime Minister{\textquoteright}s Office and Tel-Aviv University; and by a gift from Intel. Funding Information: Francesco Regazzoni received support from the European Union Horizon 2020 research and innovation program under CERBERO project (grant agreement number 732105). Publisher Copyright: {\textcopyright} 2021 28th Annual Network and Distributed System Security Symposium, NDSS 2021. All Rights Reserved.; Usenix Network and Distributed System Security Symposium 2021, NDSS 2021 ; Conference date: 21-02-2021 Through 25-02-2021",

year = "2021",

doi = "10.14722/ndss.2021.23137",

language = "English",

editor = "David Balenson",

booktitle = "Proceedings 2021, 28th Network and Distributed System Security Symposium",

publisher = "The Internet Society",

url = "https://www.ndss-symposium.org/ndss2021/, https://www.ndss-symposium.org/ndss-program/ndss-2021/",

}

Shelton, MA, Samwel, N, Batina, L, Regazzoni, F, Wagner, M & Yarom, Y 2021, ROSITA: Towards automatic elimination of power-analysis leakage in ciphers. in D Balenson (ed.), Proceedings 2021, 28th Network and Distributed System Security Symposium. The Internet Society, Reston VA USA, Usenix Network and Distributed System Security Symposium 2021, San Diego, California, United States of America, 21/02/21. https://doi.org/10.14722/ndss.2021.23137

ROSITA: Towards automatic elimination of power-analysis leakage in ciphers. / Shelton, Madura A.; Samwel, Niels; Batina, Lejla et al.
Proceedings 2021, 28th Network and Distributed System Security Symposium. ed. / David Balenson. Reston VA USA: The Internet Society, 2021.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - ROSITA

T2 - Usenix Network and Distributed System Security Symposium 2021

AU - Shelton, Madura A.

AU - Samwel, Niels

AU - Batina, Lejla

AU - Regazzoni, Francesco

AU - Wagner, Markus

AU - Yarom, Yuval

N1 - Funding Information: This research was supported by the Australian Research Council project numbers DE200101577, DP200102364, and DP210102670; the Research Center for Cyber Security at Tel-Aviv University established by the State of Israel, the Prime Minister’s Office and Tel-Aviv University; and by a gift from Intel. Funding Information: Francesco Regazzoni received support from the European Union Horizon 2020 research and innovation program under CERBERO project (grant agreement number 732105). Publisher Copyright: © 2021 28th Annual Network and Distributed System Security Symposium, NDSS 2021. All Rights Reserved.

PY - 2021

Y1 - 2021

N2 - Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present ROSITA, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use ROSITA to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1 000 000 traces with less than 21% penalty to the performance. For ChaCha, which has significantly more leakage, ROSITA eliminates over 99% of the leakage, at a performance cost of 64%.

AB - Since their introduction over two decades ago, side-channel attacks have presented a serious security threat. While many ciphers' implementations employ masking techniques to protect against such attacks, they often leak secret information due to unintended interactions in the hardware. We present ROSITA, a code rewrite engine that uses a leakage emulator which we amend to correctly emulate the micro-architecture of a target system. We use ROSITA to automatically protect masked implementations of AES, ChaCha, and Xoodoo. For AES and Xoodoo, we show the absence of observable leakage at 1 000 000 traces with less than 21% penalty to the performance. For ChaCha, which has significantly more leakage, ROSITA eliminates over 99% of the leakage, at a performance cost of 64%.

UR - https://www.scopus.com/pages/publications/85172031196

U2 - 10.14722/ndss.2021.23137

DO - 10.14722/ndss.2021.23137

M3 - Conference Paper

AN - SCOPUS:85172031196

BT - Proceedings 2021, 28th Network and Distributed System Security Symposium

A2 - Balenson, David

PB - The Internet Society

CY - Reston VA USA

Y2 - 21 February 2021 through 25 February 2021

ER -

ROSITA: Towards automatic elimination of power-analysis leakage in ciphers

Abstract

Conference

Access to Document

Other files and links

Cite this