Pantea Kiaei

Yuan Yao, Mo Yang, Pantea Kiaei et al.

Lightweight block ciphers have been widely used in applications such as RFID tags, IoTs, and network sensors. Among them, with comparable parameters, the Light Encryption Device (LED) block cipher achieves the smallest area. However, implementation of encryption algorithms manifest side-channel leakage, therefore, it is crucial to protect their design against side-channel analyses. In this paper, we present a threshold implementation of the LED cipher which has 64-bit data input and 128-bit key. The presented design splits secret information among multiple shares to achieve a higher security level. We demonstrate that our implementation can protect against first-order power side-channel attacks. As a cost, the design area is almost doubled and the maximum operating frequency is degraded by 30%. To make our design verifiable, we have also open-sourced our design online.

Pantea Kiaei, Yuan Yao, Patrick Schaumont

Power-based side-channel is a serious security threat to the System on Chip (SoC). The secret information is leaked from the power profile of the system while a cryptographic algorithm is running. The mitigation requires efforts from both the software level and hardware level. Currently, there is no comprehensive solution that can guarantee the whole complex system is free of leakage and can generically protect all cryptographic algorithms. In this paper, we propose a real-time leakage detection and mitigation system which enables the system to monitor the side-channel leakage effects of the hardware. Our proposed system has extensions that provide a real-time monitor of power consumption, detection of side-channel leakage, and real-time adaptive mitigation of detected side-channel leakage. Our proposed system is generic and can protect any algorithm running on it.

Yuan Yao, Pantea Kiaei, Richa Singh et al.

Side-channel and fault injection attacks reveal secret information by monitoring or manipulating the physical effects of computations involving secret variables. Circuit-level countermeasures help to deter these attacks, and traditionally such countermeasures have been developed for each attack vector separately. We demonstrate a multipurpose ring oscillator design - Programmable Ring Oscillator (PRO) to address both fault attacks and side-channel attacks in a generic, application-independent manner. PRO, as an integrated primitive, can provide on-chip side-channel resistance, power monitoring, and fault detection capabilities to a secure design. We present a grid of PROs monitoring the on-chip power network to detect anomalies. Such power anomalies may be caused by external factors such as electromagnetic fault injection and power glitches, as well as by internal factors such as hardware Trojans. By monitoring the frequency of the ring oscillators, we are able to detect the on-chip power anomaly in time as well as in location. Moreover, we show that the PROs can also inject a random noise pattern into a design's power consumption. By randomly switching the frequency of a ring oscillator, the resulting power-noise pattern significantly reduces the power-based side-channel leakage of a cipher. We discuss the design of PRO and present measurement results on a Xilinx Spartan-6 FPGA prototype, and we show that side-channel and fault vulnerabilities can be addressed at a low cost by introducing PRO to the design. We conclude that PRO can serve as an application-independent, multipurpose countermeasure.

Mohsen Ahmadi, Pantea Kiaei, Navid Emamdoost

Mutation analysis is an effective technique to evaluate a test suite adequacy in terms of revealing unforeseen bugs in software. Traditional source- or IR-level mutation analysis is not applicable to the software only available in binary format. This paper proposes a practical binary mutation analysis via binary rewriting, along with a rich set of mutation operators to represent more realistic bugs. We implemented our approach using two state-of-the-art binary rewriting tools and evaluated its effectiveness and scalability by applying them to SPEC CPU benchmarks. Our analysis revealed that the richer mutation operators contribute to generating more diverse mutants, which, compared to previous works leads to a higher mutation score for the test harness. We also conclude that the reassembleable disassembly rewriting yields better scalability in comparison to lifting to an intermediate representation and performing a full translation.

Pantea Kiaei, Cees-Bart Breunesse, Mohsen Ahmadi et al.

Fault injection attacks can cause errors in software for malicious purposes. Oftentimes, vulnerable points of a program are detected after its development. It is therefore critical for the user of the program to be able to apply last-minute security assurance to the executable file without having access to the source code. In this work, we explore two methodologies based on binary rewriting that aid in injecting countermeasures in the binary file. The first approach injects countermeasures by reassembling the disassembly whereas the second approach leverages a full translation to a high-level IR and lowering that back to the target architecture.

Pantea Kiaei, Patrick Schaumont

In typical embedded applications, the precise execution time of the program does not matter, and it is sufficient to meet a real-time deadline. However, modern applications in information security have become much more time-sensitive, due to the risk of timing side-channel leakage. The timing of such programs needs to be data-independent and precise. We describe a parallel synchronous software model, which executes as N parallel threads on a processor with word-length N. Each thread is a single-bit synchronous machine with precise, contention-free timing, while each of the N threads still executes as an independent machine. The resulting software supports fine-grained parallel execution. In contrast to earlier work to obtain precise and repeatable timing in software, our solution does not require modifications to the processor architecture nor specialized instruction scheduling techniques. In addition, all threads run in parallel and without contention, which eliminates the problem of thread scheduling. We use hardware (HDL) semantics to describe a thread as a single-bit synchronous machine. Using logic synthesis and code generation, we derive a parallel synchronous implementation of this design. We illustrate the synchronous parallel programming model with practical examples from cryptography and other applications with precise timing requirements.