TY - GEN
T1 - Towards side-channel secure firmware updates
T2 - 9th International Symposium on Foundations and Practice of Security, FPS 2016
AU - Guillen, Oscar M.
AU - De Santis, Fabrizio
AU - Brederlow, Ralf
AU - Sigl, Georg
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - Side-channel attacks represent a serious threat to the security of encrypted firmware updates: if the secret key is leaked, then the firmware is exposed and can be replaced by malicious code or be stolen. In this work, we show how simple anomaly detection measures can effectively increase the security of encrypted firmware updates at minimum cost. Our method is based on the simple observation that firmware payloads have a specific structure (machine code), which can be easily verified at runtime in order to react to side-channel attacks. This enables performing proactive measures to limit the number of measurements that can be taken when a side-channel attack is detected. We tested the viability of our approach through simulations and verified its effectiveness in practice on a TI MSP430 microcontroller using a software implementation of AES. Our approach represents a step forward towards increasing the security of firmware updates against side-channel attacks: it effectively increases the security of firmware updates, has only negligible overhead in terms of code size and runtime, requires no modification to the underlying cryptographic implementations, and can be used in conjunction with countermeasures such as masking and re-keying to further enhance the side-channel resistance of a device.
AB - Side-channel attacks represent a serious threat to the security of encrypted firmware updates: if the secret key is leaked, then the firmware is exposed and can be replaced by malicious code or be stolen. In this work, we show how simple anomaly detection measures can effectively increase the security of encrypted firmware updates at minimum cost. Our method is based on the simple observation that firmware payloads have a specific structure (machine code), which can be easily verified at runtime in order to react to side-channel attacks. This enables performing proactive measures to limit the number of measurements that can be taken when a side-channel attack is detected. We tested the viability of our approach through simulations and verified its effectiveness in practice on a TI MSP430 microcontroller using a software implementation of AES. Our approach represents a step forward towards increasing the security of firmware updates against side-channel attacks: it effectively increases the security of firmware updates, has only negligible overhead in terms of code size and runtime, requires no modification to the underlying cryptographic implementations, and can be used in conjunction with countermeasures such as masking and re-keying to further enhance the side-channel resistance of a device.
KW - Anomaly detection
KW - Decryption
KW - Embedded devices
KW - Secure firmware updates
KW - Side-channel analysis
UR - http://www.scopus.com/inward/record.url?scp=85009471484&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-51966-1_23
DO - 10.1007/978-3-319-51966-1_23
M3 - Conference contribution
AN - SCOPUS:85009471484
SN - 9783319519654
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 345
EP - 360
BT - Foundations and Practice of Security - 9th International Symposium, FPS 2016, Revised Selected Papers
A2 - Garcia-Alfaro, Joaquin
A2 - Cuppens, Frederic
A2 - Cuppens-Boulahia, Nora
A2 - Wang, Lingyu
A2 - Tawbi, Nadia
PB - Springer Verlag
Y2 - 24 October 2016 through 26 October 2016
ER -