-
Systematic Use of Random Self-Reducibility against Physical Attacks
Authors:
Ferhat Erata,
TingHung Chiu,
Anthony Etim,
Srilalith Nampally,
Tejas Raju,
Rajashree Ramu,
Ruzica Piskac,
Timos Antonopoulos,
Wenjie Xiong,
Jakub Szefer
Abstract:
This work presents a novel, black-box software-based countermeasure against physical attacks including power side-channel and fault-injection attacks. The approach uses the concept of random self-reducibility and self-correctness to add randomness and redundancy in the execution for protection. Our approach is at the operation level, is not algorithm-specific, and thus, can be applied for protecti…
▽ More
This work presents a novel, black-box software-based countermeasure against physical attacks including power side-channel and fault-injection attacks. The approach uses the concept of random self-reducibility and self-correctness to add randomness and redundancy in the execution for protection. Our approach is at the operation level, is not algorithm-specific, and thus, can be applied for protecting a wide range of algorithms. The countermeasure is empirically evaluated against attacks over operations like modular exponentiation, modular multiplication, polynomial multiplication, and number theoretic transforms. An end-to-end implementation of this countermeasure is demonstrated for RSA-CRT signature algorithm and Kyber Key Generation public key cryptosystems. The countermeasure reduced the power side-channel leakage by two orders of magnitude, to an acceptably secure level in TVLA analysis. For fault injection, the countermeasure reduces the number of faults to 95.4% in average.
△ Less
Submitted 8 May, 2024;
originally announced May 2024.
-
A Tool for Automated Reasoning About Traces Based on Configurable Formal Semantics
Authors:
Ferhat Erata,
Arda Goknil,
Bedir Tekinerdogan,
Geylani Kardas
Abstract:
We present Tarski, a tool for specifying configurable trace semantics to facilitate automated reasoning about traces. Software development projects require that various types of traces be modeled between and within development artifacts. For any given artifact (e.g., requirements, architecture models and source code), Tarski allows the user to specify new trace types and their configurable semanti…
▽ More
We present Tarski, a tool for specifying configurable trace semantics to facilitate automated reasoning about traces. Software development projects require that various types of traces be modeled between and within development artifacts. For any given artifact (e.g., requirements, architecture models and source code), Tarski allows the user to specify new trace types and their configurable semantics, while, using the semantics, it automatically infers new traces based on existing traces provided by the user, and checks the consistency of traces. It has been evaluated on three industrial case studies in the automotive domain (https://modelwriter.github.io/Tarski/).
△ Less
Submitted 9 March, 2024;
originally announced March 2024.
-
Integrating Static Code Analysis Toolchains
Authors:
Matthias Kern,
Ferhat Erata,
Markus Iser,
Carsten Sinz,
Frederic Loiret,
Stefan Otten,
Eric Sax
Abstract:
This paper proposes an approach for a tool-agnostic and heterogeneous static code analysis toolchain in combination with an exchange format. This approach enhances both traceability and comparability of analysis results. State of the art toolchains support features for either test execution and build automation or traceability between tests, requirements and design information. Our approach combin…
▽ More
This paper proposes an approach for a tool-agnostic and heterogeneous static code analysis toolchain in combination with an exchange format. This approach enhances both traceability and comparability of analysis results. State of the art toolchains support features for either test execution and build automation or traceability between tests, requirements and design information. Our approach combines all those features and extends traceability to the source code level, incorporating static code analysis. As part of our approach we introduce the "ASSUME Static Code Analysis tool exchange format" that facilitates the comparability of different static code analysis results. We demonstrate how this approach enhances the usability and efficiency of static code analysis in a development process. On the one hand, our approach enables the exchange of results and evaluations between static code analysis tools. On the other hand, it enables a complete traceability between requirements, designs, implementation, and the results of static code analysis. Within our approach we also propose an OSLC specification for static code analysis tools and an OSLC communication framework.
△ Less
Submitted 9 March, 2024;
originally announced March 2024.
-
AlloyInEcore: Embedding of First-Order Relational Logic into Meta-Object Facility for Automated Model Reasoning
Authors:
Ferhat Erata,
Arda Goknil,
Ivan Kurtev,
Bedir Tekinerdogan
Abstract:
We present AlloyInEcore, a tool for specifying metamodels with their static semantics to facilitate automated, formal reasoning on models. Software development projects require that software systems be specified in various models (e.g., requirements models, architecture models, test models, and source code). It is crucial to reason about those models to ensure the correct and complete system speci…
▽ More
We present AlloyInEcore, a tool for specifying metamodels with their static semantics to facilitate automated, formal reasoning on models. Software development projects require that software systems be specified in various models (e.g., requirements models, architecture models, test models, and source code). It is crucial to reason about those models to ensure the correct and complete system specifications. AlloyInEcore allows the user to specify metamodels with their static semantics, while, using the semantics, it automatically detects inconsistent models, and completes partial models. It has been evaluated on three industrial case studies in the automotive domain (https://modelwriter.github.io/AlloyInEcore/).
△ Less
Submitted 4 March, 2024;
originally announced March 2024.
-
ModelWriter: Text & Model-Synchronized Document Engineering Platform
Authors:
Ferhat Erata,
Claire Gardent,
Bikash Gyawali,
Anastasia Shimorina,
Yvan Lussaud,
Bedir Tekinerdogan,
Geylani Kardas,
Anne Monceaux
Abstract:
The ModelWriter platform provides a generic framework for automated traceability analysis. In this paper, we demonstrate how this framework can be used to trace the consistency and completeness of technical documents that consist of a set of System Installation Design Principles used by Airbus to ensure the correctness of aircraft system installation. We show in particular, how the platform allows…
▽ More
The ModelWriter platform provides a generic framework for automated traceability analysis. In this paper, we demonstrate how this framework can be used to trace the consistency and completeness of technical documents that consist of a set of System Installation Design Principles used by Airbus to ensure the correctness of aircraft system installation. We show in particular, how the platform allows the integration of two types of reasoning: reasoning about the meaning of text using semantic parsing and description logic theorem proving; and reasoning about document structure using first-order relational logic and finite model finding for traceability analysis.
△ Less
Submitted 2 March, 2024;
originally announced March 2024.
-
Quantum Circuit Reconstruction from Power Side-Channel Attacks on Quantum Computer Controllers
Authors:
Ferhat Erata,
Chuanqi Xu,
Ruzica Piskac,
Jakub Szefer
Abstract:
The interest in quantum computing has grown rapidly in recent years, and with it grows the importance of securing quantum circuits. A novel type of threat to quantum circuits that dedicated attackers could launch are power trace attacks. To address this threat, this paper presents first formalization and demonstration of using power traces to unlock and steal quantum circuit secrets. With access t…
▽ More
The interest in quantum computing has grown rapidly in recent years, and with it grows the importance of securing quantum circuits. A novel type of threat to quantum circuits that dedicated attackers could launch are power trace attacks. To address this threat, this paper presents first formalization and demonstration of using power traces to unlock and steal quantum circuit secrets. With access to power traces, attackers can recover information about the control pulses sent to quantum computers. From the control pulses, the gate level description of the circuits, and eventually the secret algorithms can be reverse engineered. This work demonstrates how and what information could be recovered. This work uses algebraic reconstruction from power traces to realize two new types of single trace attacks: per-channel and total power attacks. The former attack relies on per-channel measurements to perform a brute-force attack to reconstruct the quantum circuits. The latter attack performs a single-trace attack using Mixed-Integer Linear Programming optimization. Through the use of algebraic reconstruction, this work demonstrates that quantum circuit secrets can be stolen with high accuracy. Evaluation on 32 real benchmark quantum circuits shows that our technique is highly effective at reconstructing quantum circuits. The findings not only show the veracity of the potential attacks, but also the need to develop new means to protect quantum circuits from power trace attacks. Throughout this work real control pulse information from real quantum computers is used to demonstrate potential attacks based on simulation of collection of power traces.
△ Less
Submitted 28 January, 2024;
originally announced January 2024.
-
Classification of Quantum Computer Fault Injection Attacks
Authors:
Chuanqi Xu,
Ferhat Erata,
Jakub Szefer
Abstract:
The rapid growth of interest in quantum computing has brought about the need to secure these powerful machines against a range of physical attacks. As qubit counts increase and quantum computers achieve higher levels of fidelity, their potential to execute novel algorithms and generate sensitive intellectual property becomes more promising. However, there is a significant gap in our understanding…
▽ More
The rapid growth of interest in quantum computing has brought about the need to secure these powerful machines against a range of physical attacks. As qubit counts increase and quantum computers achieve higher levels of fidelity, their potential to execute novel algorithms and generate sensitive intellectual property becomes more promising. However, there is a significant gap in our understanding of the vulnerabilities these computers face in terms of security and privacy attacks. Among the potential threats are physical attacks, including those orchestrated by malicious insiders within data centers where the quantum computers are located, which could compromise the integrity of computations and resulting data. This paper presents an exploration of fault-injection attacks as one class of physical attacks on quantum computers. This work first introduces a classification of fault-injection attacks and strategies, including the domain of fault-injection attacks, the fault targets, and fault manifestations in quantum computers. The resulting classification highlights the potential threats that exist. By shedding light on the vulnerabilities of quantum computers to fault-injection attacks, this work contributes to the development of robust security measures for this emerging technology.
△ Less
Submitted 11 September, 2023;
originally announced September 2023.
-
Exploration of Quantum Computer Power Side-Channels
Authors:
Chuanqi Xu,
Ferhat Erata,
Jakub Szefer
Abstract:
With the rapidly growing interest in quantum computing also grows the importance of securing these quantum computers from various physical attacks. Constantly increasing qubit counts and improvements to the fidelity of the quantum computers hold great promise for the ability of these computers to run novel algorithms with highly sensitive intellectual property. However, in today's cloud-based quan…
▽ More
With the rapidly growing interest in quantum computing also grows the importance of securing these quantum computers from various physical attacks. Constantly increasing qubit counts and improvements to the fidelity of the quantum computers hold great promise for the ability of these computers to run novel algorithms with highly sensitive intellectual property. However, in today's cloud-based quantum computer setting, users lack physical control over the computers. Physical attacks, such as those perpetrated by malicious insiders in data centers, could be used to extract sensitive information about the circuits being executed on these computers. Indeed, this work shows for the first time that power-based side-channel attacks could be deployed against quantum computers. Such attacks can be used to recover information about the control pulses sent to these computers. By analyzing these control pulses, attackers can reverse-engineer the equivalent gate-level description of the circuits, and possibly even the secret algorithms being run. This work introduces five new types of attacks, and evaluates them using control pulse information available from cloud-based quantum computers. This work demonstrates how and what circuits could be recovered, and then in turn how to defend from the newly demonstrated side-channel attacks on quantum~computers.
△ Less
Submitted 9 May, 2023; v1 submitted 6 April, 2023;
originally announced April 2023.
-
Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Authors:
Ferhat Erata,
Ruzica Piskac,
Victor Mateu,
Jakub Szefer
Abstract:
Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today sh…
▽ More
Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.
△ Less
Submitted 4 April, 2023;
originally announced April 2023.
-
ETAP: Energy-aware Timing Analysis of Intermittent Programs
Authors:
Ferhat Erata,
Arda Goknil,
Eren Yıldız,
Kasım Sinan Yıldırım,
Ruzica Piskac,
Jakub Szefer,
Gökçin Sezgin
Abstract:
Energy harvesting battery-free embedded devices rely only on ambient energy harvesting that enables stand-alone and sustainable IoT applications. These devices execute programs when the harvested ambient energy in their energy reservoir is sufficient to operate and stop execution abruptly (and start charging) otherwise. These intermittent programs have varying timing behavior under different energ…
▽ More
Energy harvesting battery-free embedded devices rely only on ambient energy harvesting that enables stand-alone and sustainable IoT applications. These devices execute programs when the harvested ambient energy in their energy reservoir is sufficient to operate and stop execution abruptly (and start charging) otherwise. These intermittent programs have varying timing behavior under different energy conditions, hardware configurations, and program structures. This paper presents Energy-aware Timing Analysis of intermittent Programs (ETAP), a probabilistic symbolic execution approach that analyzes the timing and energy behavior of intermittent programs at compile time. ETAP symbolically executes the given program while taking time and energy cost models for ambient energy and dynamic energy consumption into account. We evaluated ETAP on several intermittent programs and compared the compile-time analysis results with executions on real hardware. The results show that ETAP's normalized prediction accuracy is 99.5%, and it speeds up the timing analysis by at least two orders of magnitude compared to manual testing.
△ Less
Submitted 3 February, 2022; v1 submitted 27 January, 2022;
originally announced January 2022.
