CHES Best Paper: MIcRo-ArChitectural Leakage Evaluation by Ben Marshall, Dan Page & James Webb

The annual conference on Cryptographic Hardware and Embedded Systems (CHES) saw PQShield Lead Cryptography Hardware Engineer Ben Marshall’s work on MIRACLE named best paper. Outlining his research, Ben sought to understand how different CPUs and micro-architectural design choices can affect power side-channel security.

Experiment

Security models rely on abstractions such as HW/ISA/SW. Good abstractions are essential, as they enable more accurate reasoning about security and even formal proofs. Unless the abstraction captures everything necessary to model threats, we can’t be sure that security will hold for the specific implementation. Unfortunately, power side channels often break these abstractions by leaking information across them. It’s therefore vitally important to understand how implementation decisions impact information leaks, and under what circumstances.

Ben’s paper describes an extensible experimental infrastructure for evaluating the micro-architectural leakage – based on power consumption – that stems from a physical device. Building on existing literature, this infrastructure was used to systematically study 14 different devices, spanning six different instruction set architectures and four different device vendors.

This study – the widest of its kind – allowed characterization of each device with respect to any leakage effects stemming from sources within the micro-architectural implementation. It also highlighted a range of challenges with respect to:

  1. How the same CPU can have different security properties, depending on how it is integrated into a final product.
  2. Construction of accurate leakage models which capture device-specific information.
  3. Selection of suitable devices for experimental research.

Outcome

In his recommendation, Ben argues that standards bodies must not pick only one standard evaluation platform. He also calls for better validation of leakage models and tools, as well as validation across multiple devices

What’s next?

There are always more devices to test and more micro-architectural effects to characterize and even exploit. It’s hoped that this set of micro-benchmarks can serve as unit tests for per-device leakage models, as well as encouraging further study into which types of leakage are more dangerous and how best to characterize leakage parts of the system – beyond just the CPU.

Ben also suggested creating a community-wide DSL for describing micro-architectures and their leakage characteristics, which would serve as a common input to everyone’s leakage tooling. This would make it possible for engineers and researchers to separate the problem of capturing device behavior, from modeling the impacts on security.

The full paper, MIcRo-ArChitectural Leakage Evaluation by Ben Marshall, Dan Page & James Webb, can be found here. You can also watch Ben’s presentation on Youtube.