Section: New Results
Results for Axis 1: Vulnerability analysis
Statistical Model Checking of Incomplete Stochastic Systems
Participants : Tania Richmond, LouisMarie Traonouez, Axel Legay.
We proposed a statistical analysis of stochastic systems with incomplete information. These incomplete systems are modelled using discrete time Markov chains with unknowns (qDTMC), and the required behaviour was formalized using qBLTL logic. By doing both quantitative and qualitative analysis of such systems using statistical model checking, we also proposed refinement on the qDTMCs. These refined qDTMCs depict a decrease in the probability of unknown behaviour in the system. The algorithms for both qualitative and quantitative analysis of qDTMC were implemented in the tool Plasma Lab. We demonstrated the working of these algorithms on a case study of a network with unknown information. We plan to extend this work to analyse the behaviour of other stochastic models like Markov decision processes and abstract Markov chains, with incomplete information.
This work has been accepted and presented to a conference this year [10].
 [10]

We study incomplete stochastic systems that are missing some parts of their design, or are lacking information about some components. It is interesting to get early analysis results of the requirements of these systems, in order to adequately refine their design. In previous works, models for incomplete systems are analysed using model checking techniques for threevalued temporal logics. In this paper, we propose statistical model checking algorithms for these logics. We illustrate our approach on a casestudy of a network system that is refined after the analysis of early designs.
A Language for Analyzing Security of IOT Systems
Participants : Delphine Beaulaton, Najah Ben Said, Ioana Cristescu, Axel Legay, Jean Quilbeuf.
We propose a modelbased security language of Internet of Things (IoT) systems that enables users to create models of their IoT systems and to make analysis of the likelihoods of cyberattacks to occur and succeed. The modeling language describes the interactions between different entities, that can either be humans or “Things” (i.e, hardware, sensors, software tools, ..). A malicious entity is present in the system, called the Attacker, and it carries out attacks against the system. The other IoT entities can inadvertently help the Attacker, by leaking their sensitive data. Equipped with the acquired knowledge the Attacker can then communicate with the IoT entities undetected. For instance, an attacker can launch a phishing attack via email, only if it knows the email address of the target.
Another feature of our modeling language is that security failures are modeled as a sequence of simpler steps, in the spirit of attack trees. As their name suggests, attacks are modeled as trees, where the leaves represent elementary steps needed for the attack, and the root represents a successful attack. The internal nodes are of two types, indicating whether all the subgoals (an AND node) or one of the subgoals (an OR node) must be achieved in order to accomplish the main goal. The attack tree provided with the IoT system acts as a monitor: It observes the interactions the Attacker has with the system and detects when an attack is successful.
An IoT system is analyzed using statistical model checking (SMC). The first method we use is Monte Carlo, which consists of sampling the executions of an IoT system and computing the probability of a successful attack based on the number of executions for which the attack was successful. However, the evaluation may be difficult if a successful attack is rare. We therefore also use a second SMC method, developed for rare events, called importance splitting.
To implement this we rely on BIP, a heterogeneous componentbased model for which an execution engine is developed and maintained. The IoT model is translated into a BIP model and the attack tree into a BIP monitor. The two form a BIP system. The execution engine of BIP produce executions which are the input of Plasma Lab, the model checker developped in TAMIS. We have extended Plasma Lab with a plugin that interacts with the BIP execution engine.
The tools are available at http://iotmodeling.gforge.inria.fr/. This work has been published in two conference papers [20], [23]. A third paper was submitted in November [29], and is currently under review.
 [20]

In this paper we propose our securitybased modeling language for IoT systems. The modeling language has two important features: (i) vulnerabilities are explicitly represented and (ii) interactions are allowed or denied based on the information stored on the IoT devices. An IoT system is transformed in BIP, a componentbased modeling language, in which can execute the system and perform security analysis. To illustrate the features of our language, we model a usecase based on a Smart Hospital and inspired by industrial scenarios.
 [23]

In this paper we revisit the securitybased modeling language for IoT systems. We focus here on the BIP models obtained from the original IoT systems. The BIP execution and analysis framework provides several methods to analyse a BIP model, and we discuss how these methods can be lifted on the original IoT systems. We also model a new usecase based on Amazon Smart Home.
 [29]

Attack trees are graphical representations of the different scenarios that can lead to a security failure. In this paper we extend our securitybased framework for modeling IoT systems in two ways: (i) attack trees are defined alongside the model to detect and prevent security risks in the system and (ii) the language supports probabilistic models. A successful attack can be a rare event in the execution of a well designed system. When rare, such attacks are hard to detect with usual model checking techniques. Hence, we use importance splitting as a statistical model checking technique for rare events.
Verification of IKEv2 protocol
Participants : Tristan Ninet, Olivier Zendra, LouisMarie Traonouez, Axel Legay.
The IKEv2 (Internet Key Exchange version 2) protocol is the authenticated keyexchange protocol used to set up secure communications in an IPsec (Internet Protocol security) architecture. IKEv2 guarantees security properties like mutualauthentication and secrecy of exchanged key. To obtain an IKEv2 implementation as secure as possible, we use model checking to verify the properties on the protocol specification, and software formal verification tools to detect implementation flaws like buffer overflows or memory leaks.
In previous analyses, IKEv2 has been shown to possess two authentication vulnerabilities that were considered not exploitable. We analyze the protocol specification using the Spin model checker, and prove that in fact the first vulnerability does not exist. In addition, we show that the second vulnerability is exploitable by designing and implementing a novel slow DenialofService attack, which we name the Deviation Attack.
We propose an expression of the time at which DenialofService happens, and validate it through experiment on the strongSwan implementation of IKEv2. As a countermeasure, we propose a modification of IKEv2, and use model checking to prove that the modified version is secure.
For ethical reasons we informed our country’s national security agency (ANSSI) about the existence of the Deviation Attack. The security agency gave us some technical feedback as well as its approval for publishing the attack.
We then tackle formal verification directly applied to an IKEv2 source code. We already tried to analyze strongSwan using the Angr tool. However we found that the Angr was not mature yet for a program like strongSwan. We thus try other software formal verification tools and apply them to smaller and simpler source code than strongSwan: we analyze OpenSSL asn1parse using the CBMC tool and lightweight IP using the Infer tool. We find that CBMC does not scale to a large source code and that Infer does not verify the properties we want.
We plan to explore more indepth a formal technique and work towards the goal of verifying generic properties (absence of implementation flaws) on softwares like strongSwan.
Combining Softwarebased and Hardwarebased Fault Injection Approaches
Participants : Nisrine Jafri, Annelie Heuser, JeanLouis Lanet, Axel Legay, Thomas GivenWilson.
Softwarebased and hardwarebased approaches have both been used to detect fault injection vulnerabilities. Softwarebased approaches can provide broad and rapid coverage as it was shown in the previous publications [36], [37], [38] , but may not correlate with genuine hardware vulnerabilities. Hardwarebased approaches are indisputable in their results, but rely upon expensive expert knowledge and manual testing.
This work bridges softwarebased and hardwarebased fault injection vulnerability detection by contrasting results of both approaches. To our knowledge no research where done trying to bridge the softwarebased and hardwarebased approach to detect fault injection vulnerabilities the way it is done in this work.
Using both the softwarebased and hardwarebased approaches showed that:

Softwarebased approaches detect genuine fault injection vulnerabilities.

Softwarebased approaches did not yield falsenegative results.

Not all softwarebased vulnerabilities can be reproduced in hardware.

Hardwarebased EMP approaches do not have a simple fault model.

There is a coincidence between softwarebased and hardwarebased approaches.

Combining softwarebased and hardwarebased approaches yields a vastly more efficient method to detect genuine fault injection vulnerabilities.
This work implemented both the SimFI tool and the ArmL tool.
Sidechannel analysis on postquantum cryptography
Participants : Annelie Heuser, Tania Richmond.
In recent years, there has been a substantial amount of research on quantum computers ? machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If largescale quantum computers are ever built, they will be able to break many of the publickey cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of postquantum cryptography (also called quantumresistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. At present, there are several postquantum cryptosystems that have been proposed: latticebased, codebased, multivariate cryptosystems, hashbased signatures, and others. However, for most of these proposals, further research is needed in order to gain more confidence in their security and to improve their performance. Our interest lies in particular on the sidechannel analysis and resistance of these postquantum schemes. We first focus on codebased cryptography and then extend our analysis to find common vulnerabilities between different families of postquantum crypto systems.
We started by a survey on cryptanalysis against codebased cryptography [13], that includes algebraic and sidechannel attacks. Codebased cryptography reveals sensitive data mainly in the syndrome decoding. We investigate the syndrome computation from a sidechannel point of view. There are different methods that can be used depending on the underlying code. We explore vulnerabilities of each one in order to propose a guideline for designers and developers. This work was presented at CryptArchi 2018 and Journées Codes et Cryptographie 2018.
 [13]

Nowadays publickey cryptography is based on number theory problems, such as computing the discrete logarithm on an elliptic curve or factoring big integers. Even though these problems are considered difficult to solve with the help of a classic computer, they can be solved in polynomial time on a quantum computer. Which is why the research community proposed alternative solutions that are quantum resistant. The process of finding adequate postquantum cryptographic schemes has moved to the next level, right after NIST’s announcement for postquantum standardization.
One of the oldest quantum resistant proposition goes back to McEliece in 1978, who proposed a publickey cryptosystem based on coding theory. It benefits of really efficient algorithms as well as strong mathematical backgrounds. Nonetheless, its security has been challenged many times and several variants were cryptanalyzed. However, some versions are still unbroken.
In this paper, we propose to give a short background on coding theory in order to present some of the main flawless in the protocols. We analyze the existing sidechannel attacks and give some recommendations on how to securely implement the most suitable variants. We also detail some structural attacks and potential drawback for new variants.
New Advances on Sidechannel Distinguishers
Participants : Christophe Genevey Metat, Annelie Heuser, Tania Richmond.
 [17]

On the Performance of Deep Learning for Sidechannel Analysis We answer the question whether convolutional neural networks are more suitable for SCA scenarios than some other machine learning techniques, and if yes, in what situations. Our results point that convolutional neural networks indeed outperforms machine learning in several scenarios when considering accuracy. Still, often there is no compelling reason to use such a complex technique. In fact, if comparing techniques without extra steps like preprocessing, we see an obvious advantage for convolutional neural networks only when the level of noise is small, and the number of measurements and features is high. The other tested settings show that simpler machine learning techniques, for a significantly lower computational cost, perform similar or even better. The experiments with the guessing entropy metric indicate that simpler methods like Random forest or XGBoost perform better than convolutional neural networks for the datasets we investigated. Finally, we conduct a small experiment that opens the question whether convolutional neural networks are actually the best choice in sidechannel analysis context since there seems to be no advantage in preserving the topology of measurements.
 [8]

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Sidechannel Evaluations We concentrate on machine learning techniques used for profiled sidechannel analysis in the presence of imbalanced data. Such scenarios are realistic and often occurring, for instance in the Hamming weight or Hamming distance leakage models. In order to deal with the imbalanced data, we use various balancing techniques and we show that most of them help in mounting successful attacks when the data is highly imbalanced. Especially, the results with the SMOTE technique are encouraging, since we observe some scenarios where it reduces the number of necessary measurements more than 8 times. Next, we provide extensive results on comparison of machine learning and sidechannel metrics, where we show that machine learning metrics (and especially accuracy as the most often used one) can be extremely deceptive. This finding opens a need to revisit the previous works and their results in order to properly assess the performance of machine learning in sidechannel analysis.
 [35]

When Theory Meets Practice: A Framework for Robust Profiled Sidechannel Analysis Profiled sidechannel attacks are the most powerful attacks and they consist of two steps. The adversary first builds a leakage model, using a device similar to the target one, then it exploits this leakage model to extract the secret information from the victim's device. These attacks can be seen as a classification problem, where the adversary needs to decide to what class (corresponding to the secret key) the traces collected from the victim's devices belong to. For a number of years, the research community studied profiled attacks and proposed numerous improvements. Despite a large number of empirical works, a framework with strong theoretical foundations to address profiled sidechannel attacks is still missing.
In this paper, we propose a framework capable of modeling and evaluating all profiled analysis attacks. This framework is based on the expectation estimation problem that has strong theoretical foundations. Next, we quantify the effects of perturbations injected at different points in our framework through robustness analysis where the perturbations represent sources of uncertainty associated with measurements, nonoptimal classifiers, and methods. Finally, we experimentally validate our framework using publicly available traces, different classifiers, and performance metrics.
 [33]

Make Some Noise: Unleashing the Power of Convolutional Neural Networks for Profiled Sidechannel Analysis Profiled sidechannel attacks based on deep learning, and more precisely Convolutional Neural Networks, is a paradigm showing significant potential. The results, although scarce for now, suggest that such techniques are even able to break cryptographic implementations protected with countermeasures. In this paper, we start by proposing a new Convolutional Neural Network instance that is able to reach high performance for a number of considered datasets. Additionally, for a dataset protected with the random delay countermeasure, our neural network is able to break the implementation by using only 2 traces in the attack phase. We compare our neural network with the one designed for a particular dataset with masking countermeasure and we show how both are good designs but also how neither can be considered as a superior to the other one. Next, we address how the addition of artificial noise to the input signal can be actually beneficial to the performance of the neural network. Such noise addition is equivalent to the regularization term in the objective function. By using this technique, we are able to improve the number of measurement needed to reveal the secret key by orders of magnitude in certain scenarios for both neural networks. To strengthen our experimental results, we experiment with a number of datasets which differ in the levels of noise (and type of countermeasure) where we show the viability of our approaches.
 [9]

On the optimality and practicability of mutual information analysis in some scenarios The best possible sidechannel attack maximizes the success rate and would correspond to a maximum likelihood (ML) distinguisher if the leakage probabilities were totally known or accurately estimated in a profiling phase. When profiling is unavailable, however, it is not clear whether Mutual Information Analysis (MIA), Correlation Power Analysis (CPA), or Linear Regression Analysis (LRA) would be the most successful in a given scenario. In this paper, we show that MIA coincides with the maximum likelihood expression when leakage probabilities are replaced by online estimated probabilities. Moreover, we show that the calculation of MIA is lighter that the computation of the maximum likelihood. We then exhibit two casestudies where MIA outperforms CPA. One case is when the leakage model is known but the noise is not Gaussian. The second case is when the leakage model is partially unknown and the noise is Gaussian. In the latter scenario MIA is more efficient than LRA of any order.