Composable Template Attack and Evaluation of Side Channel Trace Alignment

Abstract

Embedded systems are widely deployed in life-critical systems, but system constraints often limit the depth of security used in these devices, potentially leaving them open to numerous threats. Side channel attacks (SCAs) are a popular attack to extract sensitive information from embedded systems using only side channel leakage.To conduct a successful attack, common assumptions for side channel attacks are the attackers can readily and automatically identify the location of the sensitive operations in each leakage trace. However, this does not come naturally as the sensitive operations in leakage traces are susceptible to all kinds of system delays and may be located randomly. In this dissertation, we present a methodology for evaluating power obfuscation approaches that seek to obfuscate the location of sensitive operation within the power trace, thereby significantly increasing the complexity of automated trace alignment. This dissertation presents a new adversary model and proposes a new metric, mean trials to success (MTTS), to evaluate different power obfuscation methods in the context of automated trace alignment. We evaluate two common obfuscation methods, namely instruction shuffling and random instruction insertion, and we present a new obfuscation method using power shaping to intentionally mislead the attacker. Among common side channel attacks, profiled attacks, especially template attacks, have proven to be effective and widely applicable. In this dissertation, we present the composable template attack that relaxes this requirement by constructing the attack template as a composition of templates from individual architectural components, including processor, caches, and memories. The proposed approach enables an attacker to construct a template using only information of a system’s components and device models thereof. To deal with timing deviations in power traces due to unpredictable interrupts, cache misses, and microarchitectural behaviors, a novel elastic trace alignment, filtering, and points of interest selection process is utilized. Experimental results demonstrate the effectiveness and portability of composable templates attacks for 12 different system architecture configurations.