Consolidating Security Notions in Hardware Masking.

In this paper, we revisit the security conditions of masked hardware implementations. ... We show that this single condition includes, but is not limited to, previous security notions such as those used in higher-order threshold implementations and in abstractions using ideal gates. ... In addition, we prove that uniformity, despite being enforced in most works on masking, is not a necessary condition for secure masked hardware implementations. ...

doi:10.13154/tches.v2019.i3.119-147 dblp:journals/tches/MeyerBR19 fatcat:cn3vamlocrfjldkowuagmiwi2q

DOAJ OJS

Thus, this survey serves as an essential reference for hardware security practitioners interested in the theory behind masking techniques, the tools useful to verify the security of masked circuits, and ... To bridge the gap, these advancements are reviewed and discussed in this survey, mainly from the perspective of hardware security. ... Consolidated masking schemes (CMS) were introduced by Reparaz in [144] . Such schemes use ISW AND and Trichina AND gates as building blocks consolidated with TI. ...

arXiv:2106.12714v2 fatcat:djqmxdobv5e3becegkmscz2zae

Open Access Multiple Versions

This motivated the introduction of security notions that enable masking of single gates while still guaranteeing the security when the masked gates are composed. ... In particular, we present a design methodology to generate first-order secure masked gadgets which is well-suited for integration into existing Electronic Design Automation (EDA) tools for automated hardware ... Acknowledgments The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA - ...

doi:10.46586/tches.v2022.i1.323-344 fatcat:p5faqxjxt5agvkmybups5nmfli

DOAJ OJS

Unfortunately, these verification frameworks mostly focus on security verification of hardware circuits in the presence of glitches, but remain limited in identification and verification of transitional ... Among a wide range of proposed countermeasures against SCA, masking is a highly promising candidate due to its sound foundations and well-understood security requirements. ... Acknowledgments The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA - ...

doi:10.46586/tches.v2022.i2.266-288 fatcat:rqtmqpcg6bhc5mvcpo5bjyfehy

DOAJ OJS

The underpinning technology ensures data security by isolating the environment in which ... Welcome to this special issue on accelerator virtualization in Concurrency and Computation: Practice and Experience. ... Edge computing is highlighted as a compelling alternative to mask transient cloud outages and provide highly responsive data analytic services in technologically hostile environments. 2. ...

doi:10.1002/cpe.6254 fatcat:uaxqfmnvbjd7bphq2v3nmy2sae

In this work, we introduce a method to formally verify the security of masked hardware implementations that takes glitches into account. ... Our verifier is efficient enough to prove the security of a full masked first-order AES S-box, and of the Keccak S-box up to the third protection order. ... The work has been supported in part by the Austrian Science Fund (FWF) through project P26494-N15 and project W1255-N23. ...

doi:10.1007/978-3-319-78375-8_11 fatcat:nhb3nzzjojamblncd2bstq7bni

Virtualization has rapidly become a go-to technology for increasing efficiency in the data center. ... More recently, virtualization at all levels (system, storage, and network) became important again as a way to improve system security, reliability and availability, reduce costs, and provide greater flexibility ... The hypervisor manages the access of each guest OS to the physical hardware resources by masking the hardware from the guest OS. ...

arXiv:1304.3557v1 fatcat:fjc4e3dopvecrjhloghe5soc6y

Therefore we introduce a new model, the bounded moment model, that formalizes a weaker notion of security order frequently used in the side-channel literature. ... In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes. ... The inital motivation of Nikova, Rijmen and Schläffer was the observation that secure implementations of masking in hardware are challenging, due to the risk of glitches recombining the shares [44] . ...

doi:10.1007/978-3-319-56620-7_19 fatcat:bjrjvrpu6rer3mm2opyhf5vgaq

Implementing the masking countermeasure in hardware is a delicate task. ... Yet, and in contrast to the situation in software-oriented masking, these schemes have not been formally proven at arbitrary security orders and their composability properties were left unclear. ... As a result, SNI is a stronger notion than NI, which is itself a stronger notion than probing security. ...

doi:10.13154/tches.v2019.i2.256-292 dblp:journals/tches/MoosMSS19 fatcat:geqa7pu2sbb3nna7ylzwnkzibi

DOAJ OJS

., glitches) are two highly desirable properties for secure implementations of masking schemes. While tools exist to guarantee them separately, no current formalism enables their joint investigation. ... In this paper, we solve this issue by introducing a new model, the robust probing model, that is naturally suited to capture the combination of these properties. ... We sometimes refer to this security notion as security at order q in the probing model. ...

doi:10.13154/tches.v2018.i3.89-120 dblp:journals/tches/FaustGPPS18 fatcat:uvupeb4ojrhmhcvpyip6sbntzm

DOAJ OJS

In computer networking, a VPN (virtual private network) represents a logically isolated private network, where the isolation is provided using cryptographic methods to secure data that may in fact traverse ... Examples range from the ability to multiplex many VMs on the VIRTUALIZATION 2 same hardware to advanced virtualization features such as live migration and enhanced security. ... Resource-management issues, such as scheduling and prioritization, become important when device multiplexing is used to consolidate different workloads onto the same physical hardware. ...

doi:10.1145/2063166.2071256 fatcat:enq3tcmzjfabvokwnjeajcvxhq

(CHES 2019) showed that most published schemes (and all efficient ones) exhibit local or composability flaws at high security orders, leaving a critical gap in the literature on hardware masking. ... We finally investigate how trivial composition can serve as a basis for a tool that allows verifying full masked hardware implementations (e.g., of complete block ciphers) at any security order from their ... We mention for example the Consolidated Masking Scheme (CMS) in [7] , the Domain-Oriented Masking (DOM) in [8] , [9] , the Unified Masking Approach (UMA) in [10] and the Generic Low Latency Masking ...

doi:10.1109/tc.2020.3022979 fatcat:4wnhrgcnqzbzdlklpv7swtpxpm

The fundamental problem is that the driver in the VM will program device DMA using the guest's notion of memory addresses, which differ from the real memory addresses in which the VM's memory resides. ... Examples range from the ability to multiplex many VMs on the same hardware to advanced virtualization features such as live migration and enhanced security. ... The IOMMU allows the driver in the VM to program device DMA using its virtualized notion of memory addresses, while still allowing the hypervisor to decide where VM memory is actually located in physical ...

doi:10.1145/2063176.2063194 fatcat:k2dddjnzxjfsdfuk75sn2hdzo4

This model has served as an inspiration for the development of a new paradigm for security that we have proposed in this paper. ... In this paper, we propose a new way to look at security called the functionality (such as e-mail server, web services server, etc) defense by heterogeneity. ... This notion of self healing and assisted healing has been built into this model to make it more comprehensive in terms of defending functionality. ...

doi:10.1109/hicss.2004.1265448 dblp:conf/hicss/SharmanRUKMG04 fatcat:kypypo3tmjcx5dhcsmxgkwdewi

Instead, they are taught to consolidate all Reference Monitor implementing code into a relatively small software module that is referred to as the security kernel. ... The equation is derived from the generally accepted notion that safeguards applied to mitigate initial risk will reduce that risk to some degree, resulting in residual risk. ...

doi:10.1007/978-0-387-35694-5_24 fatcat:vcovvaxfvbgztcvghnw4bo5seu

Consolidating Security Notions in Hardware Masking

Preserved Fulltext

Circuit Masking: From Theory to Standardization, A Comprehensive Survey for Hardware Security Researchers and Practitioners [article]

Preserved Fulltext

Other Versions

Generic Hardware Private Circuits

Preserved Fulltext

Transitional Leakage in Theory and Practice

Preserved Fulltext

Accelerator virtualization

Preserved Fulltext

Formal Verification of Masked Hardware Implementations in the Presence of Glitches [chapter]

Preserved Fulltext

Survey of Server Virtualization [article]

Preserved Fulltext

Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model [chapter]

Preserved Fulltext

Glitch-Resistant Masking Revisited

Preserved Fulltext

Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model

Preserved Fulltext

I/O Virtualization

Preserved Fulltext

Hardware Private Circuits: From Trivial Composition to Full Verification

Preserved Fulltext

I/O virtualization

Preserved Fulltext

Functionality defense by heterogeneity: a new paradigm for securing systems

Preserved Fulltext

Training the Cyber Warrior [chapter]

Preserved Fulltext