Bonjour,
La prochaine session du séminaire sécurité des systèmes électroniques embarqués aura lieu le vendredi 24 Janvier de 10h à 12h.
Le séminaire aura lieu dans les locaux de l'Inria Rennes, Salle Aurigny.
Le programme de cette session est le suivant :
· 10h - 11h : Alessandro PALUMBO - CentraleSupélec, IRISA, Inria
o Titre : Hardware Trojan Horses and Microarchitectural Side-Channel Attacks: Detection and Mitigation via Hardware-based Methodologies
o Résumé : Hardware Trojan Horses that are software-exploitable can be inserted into microprocessors, allowing attackers to run unauthorized code or escalate privileges. Additionally, it has been demonstrated that attackers could observe certain microprocessor features - seemingly unrelated to the program's execution - to exfiltrate secrets or private data. So, even devices produced in secure foundries could be vulnerable to such attacks. A promising defense strategy involves implementing Hardware Security Modules that monitor the runtime behavior of microprocessors to detect ongoing attacks. But why do we need Hardware Security Modules? Are software-based solutions not sufficient? Hardware Security Modules are essential because if attackers manage to execute malicious code, they could bypass or disable software defenses, leading to privilege escalation and other serious consequences. In contrast, hardware-based countermeasures raise the bar significantly, as modifying fabricated chips is far more difficult than compromising software, making Hardware Security Module implementations a more robust and resilient defense mechanism.
· 11h – 12h : Ileana Buhan - Radboud University Nijmegen
o Titre : I know what your compiler did: Optimization Effects on Power Side-Channel Leakage for RISC-V
o Résumé : With the growing prevalence of software-based cryptographic implementations in high-level languages, understanding the role of architectural and micro-architectural components in side-channel security is critical. The role of compilers in case of software implementations towards contribution to side-channel leaks is not investigated. While timing-based side-channel leakage due to compiler effects has been extensively studied, the impact of compiler optimizations on power-based leakage remains underexplored, primarily due to challenges in isolating the architectural power component. In this work, we present ARCHER, an architecture-level tool for side-channel analysis and root cause identification of cryptographic software on RISC-V processors. ARCHER integrates two key functionalities: (1) Side-Channel Analysis using TVLA and its variants to detect leakage, and (2) Data Flow Analysis to track intermediate values and explain observed leaks. ARCHER supports pre-silicon analysis of high-level and assembly code, offering algorithm-agnostic insights through interactive visualizations and detailed reports on execution statistics, leakage points, and their causes.
Using ARCHER, we analyze binary transformations across five optimization levels (-O0, -O1, -O2, -O3, -Os) to isolate the architectural effects of compiler optimizations from the micro-architectural influences of the target device. This study, spanning both unprotected and masked AES implementations, reveals actionable insights into how optimizations affect power-based leakage. Notably, we identify a previously undocumented vulnerability in the ShiftRow operation of masked AES, introduced by compiler optimizations. This vulnerability, confirmed through correlation analysis on simulated power traces, is validated on physical hardware using an ASIC implementation of the PicoRV32 core, confirming that architectural-level vulnerabilities translate to real-world leakage.
Le séminaire est ouvert à tous en présentiel et en distanciel.
Pour assister au séminaire en présentiel, l'inscription est obligatoire au moins 48h à l'avance pour tous les participants en présentiel auprès de Nadia Derouault nadia [*] derouault
inria [*] fr (nadia[dot]derouault[at]inria[dot]fr) . Les participants externes devront se présenter à l'accueil avec une pièce d'identité.
------------------------------------------------------------------------------------------------------------------------------
Rejoindre la réunion à partir du lien de la réunion
https://inria.webex.com/inria/j.php?MTID=m3d3b0ef499b2534e1cbdb674ba656f57
Rejoindre la réunion par le numéro de la réunion
Numéro de la réunion (code d’accès) : 2742 117 5059
Mot de passe de la réunion : HkVy5GTr3J3
Appuyez pour rejoindre la réunion à partir d’un périphérique mobile (uniquement pour les participants)
+33-1-8514-8835,,27421175059## France Toll 2
Rejoindre par téléphone
+33-1-8514-8835 France Toll 2
Numéros d'appel internationaux
Rejoindre à partir d'un système ou d'une application vidéo
Composer le numéro 27421175059inria [*] webex [*] com
Vous pouvez également composer le 62.109.219.4 et saisir votre numéro de votre réunion.