Section: New Results

MaskVerif: automated verification of higher-order masking in presence of physical defaults

Participants : Benjamin Grégoire, Gilles Barthe [IMDEA] , Sonia Belaïd [CryptoExpert] , Gaëtan Cassiers [UCL] , Pierre-Alain Fouque [Université Rennes 1] , François-Xavier Standaert [UCL] .

Power and electromagnetic based side-channel attacks are serious threats against the security of cryptographic embedded devices. In order to mitigate these attacks, implementations use countermeasures, among which masking is currently the most investigated and deployed choice. Unfortunately, commonly studied forms of masking rely on underlying assumptions that are difficult to satisfy in practice. This is due to physical defaults, such as glitches or transitions, which can recombine the masked data in a way that concretely reduces an implementation’s security. We have developed and implemented an automated approach for verifying security of masked implementations in presence of physical defaults (glitches or transitions). Our approach helps to recover the main strengths of masking: rigorous foundations, composability guarantees, automated verification under more realistic assumptions. This work contributes to demonstrate the benefits of language-based approaches (specifically probabilistic information flow) for masking. This work was published at an international conference [5].