Accession Number:

AD1107774

Title:

Sleak: A Side-Channel Leakage Evaluator and Analysis Kit

Descriptive Note:

Technical Report

Corporate Author:

MITRE CORP BEDFORD MA BEDFORD United States

Personal Author(s):

Report Date:

2014-01-01

Pagination or Media Count:

9.0

Abstract:

Side-channel attacks SCA present a major threatto secure embedded systems. Effective software countermeasuresagainst SCA are well known in theory, but in practice are difficultto implement properly due to issues such as unexpected compilertransformations andor platform-specific leakage sources.Although several recent examples from industry and academiashow that SCA is becoming increasingly simple and inexpensive toperform as an attacker, evaluating the security of a system againstSCA can still be expensive and time-consuming. Furthermore,most evaluation techniques must be performed near the end ofthe development schedule which adds significant risk.In this paper, we present a new technique for testing softwarefor SCA vulnerabilities in a fast, inexpensive, and automatedmanner. This testing could be applied to evaluate software-basedSCA countermeasures even without access to source code, asmay be the case with proprietary software libraries that aredelivered pre-built, and without the use of side-channel collectionequipment. Our implementation of the SLEAK tool demonstratesthe efficacy of this technique by detecting vulnerabilities in anAES implementation that utilizes a masking countermeasure. Wediscuss the advantages and limitations of our technique and weconclude that it can be used to detect and understand the sourcesof many common SCA vulnerabilities early in the development schedule.

Subject Categories:

Distribution Statement:

APPROVED FOR PUBLIC RELEASE