Formal Definition and Verification for Combined Random Fault and Random Probing Security

Sonia Belaid; Jakob Feldtkeller; Tim Güneysu; Anna Guinet; Jan Richter-Brockmann; Matthieu Rivain; Pascal Sasdrich; Abdul Rahman Taleb

Paper 2024/757

Formal Definition and Verification for Combined Random Fault and Random Probing Security

Sonia Belaid, CryptoExperts (France)

Jakob Feldtkeller

, Ruhr University Bochum

Tim Güneysu

, Ruhr University Bochum, German Research Centre for Artificial Intelligence

Anna Guinet

, Ruhr University Bochum

Jan Richter-Brockmann

, Ruhr University Bochum

Matthieu Rivain

, CryptoExperts (France)

Pascal Sasdrich

, Ruhr University Bochum

Abdul Rahman Taleb, CryptoExperts (France)

Abstract

In our highly digitalized world, an adversary is not constrained to purely digital attacks but can monitor or influence the physical execution environment of a target computing device. Such side-channel or fault-injection analysis poses a significant threat to otherwise secure cryptographic implementations. Hence, it is important to consider additional adversarial capabilities when analyzing the security of cryptographic implementations besides the default black-box model. For side-channel analysis, this is done by providing the adversary with knowledge of some internal values, while for fault-injection analysis the capabilities of the adversaries include manipulation of some internal values. In this work, we extend probabilistic security models for physical attacks, by introducing a general random probing model and a general random fault model to capture arbitrary leakage and fault distributions, as well as the combination of these models. Our aim is to enable a more accurate modeling of low-level physical effects. We then analyze important properties, such as the impact of adversarial knowledge on faults and compositions, and provide tool-based formal verification methods that allow the security assessment of design components. These methods are introduced as extension of previous tools VERICA and IronMask which are implemented, evaluated and compared.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: Physical Security Random Probing Model Random Fault Model Combined Analysis Verica IronMask
Contact author(s): sonia belaid @ cryptoexperts com
jakob feldtkeller @ rub de
tim gueneysu @ rub de
anna guinet @ rub de
jan richter-brockmann @ rub de
matthieu rivain @ cryptoexperts com
pascal sasdrich @ rub de
taleb abdulrahman1 @ gmail com
History: 2024-05-27: last of 2 revisions; 2024-05-17: received; See all versions
Short URL: https://ia.cr/2024/757
License: CC BY

BibTeX

@misc{cryptoeprint:2024/757,
      author = {Sonia Belaid and Jakob Feldtkeller and Tim Güneysu and Anna Guinet and Jan Richter-Brockmann and Matthieu Rivain and Pascal Sasdrich and Abdul Rahman Taleb},
      title = {Formal Definition and Verification for Combined Random Fault and Random Probing Security},
      howpublished = {Cryptology ePrint Archive, Paper 2024/757},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/757}},
      url = {https://eprint.iacr.org/2024/757}
}