TAD : time side-channel attack defense of obfuscated source code
Program obfuscation is widely used to protect commercial software against reverse-engineering. However, an adversary can still download, disassemble and analyze binaries of the obfuscated code executed on an embedded System-on-Chip (SoC), and by correlating execution times to input values, extract s...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/145789 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-145789 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1457892021-01-08T01:46:36Z TAD : time side-channel attack defense of obfuscated source code Fell, Alexander Pham, Hung Thinh Lam, Siew-Kei School of Computer Science and Engineering 24th Asia and South Pacific Design Automation Conference CYSREN Engineering::Computer science and engineering Security Software Obfuscation Program obfuscation is widely used to protect commercial software against reverse-engineering. However, an adversary can still download, disassemble and analyze binaries of the obfuscated code executed on an embedded System-on-Chip (SoC), and by correlating execution times to input values, extract secret information from the program. In this paper, we show (1) the impact of widely-used obfuscation methods on timing leakage, and (2) that well-known software countermeasures to reduce timing leakage of programs, are not always effective for low-noise environments found in embedded systems. We propose two methods for mitigating timing leakage in obfuscated codes. The first is a compiler driven method, called TAD, which removes conditional branches with distinguishable execution times for an input program. In the second method (TADCI), TAD is combined with dynamic hardware diversity by replacing primitive instructions with Custom Instructions (CIs) that exhibit non-deterministic execution times at runtime. Experimental results on the RISC-V platform show that the information leakage is reduced by 92% and 82% when TADCI is applied to the original and obfuscated source code, respectively. National Research Foundation (NRF) Accepted version The research described in this paper has been supported by the National Research Foundation, Singapore under grant number NRF2016NCR-NCR001-006. 2021-01-08T01:46:36Z 2021-01-08T01:46:36Z 2019 Conference Paper Fell, A., Pham, H. T., & Lam, S.-K. (2019). TAD : time side-channel attack defense of obfuscated source code. Proceedings of the 24th Asia and South Pacific Design Automation Conference, 58-63. doi:10.1145/3287624.3287694 9781450360074 https://hdl.handle.net/10356/145789 10.1145/3287624.3287694 58 63 en NRF2016NCR-NCR001-006 © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1145/3287624.3287694 application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering Security Software Obfuscation |
| spellingShingle |
Engineering::Computer science and engineering Security Software Obfuscation Fell, Alexander Pham, Hung Thinh Lam, Siew-Kei TAD : time side-channel attack defense of obfuscated source code |
| description |
Program obfuscation is widely used to protect commercial software against reverse-engineering. However, an adversary can still download, disassemble and analyze binaries of the obfuscated code executed on an embedded System-on-Chip (SoC), and by correlating execution times to input values, extract secret information from the program. In this paper, we show (1) the impact of widely-used obfuscation methods on timing leakage, and (2) that well-known software countermeasures to reduce timing leakage of programs, are not always effective for low-noise environments found in embedded systems. We propose two methods for mitigating timing leakage in obfuscated codes. The first is a compiler driven method,
called TAD, which removes conditional branches with distinguishable execution times for an input program. In the second method (TADCI), TAD is combined with dynamic hardware diversity by replacing primitive instructions with Custom Instructions (CIs) that exhibit non-deterministic execution times at runtime. Experimental results on the RISC-V platform show that the information leakage
is reduced by 92% and 82% when TADCI is applied to the original and obfuscated source code, respectively. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Fell, Alexander Pham, Hung Thinh Lam, Siew-Kei |
| format |
Conference or Workshop Item |
| author |
Fell, Alexander Pham, Hung Thinh Lam, Siew-Kei |
| author_sort |
Fell, Alexander |
| title |
TAD : time side-channel attack defense of obfuscated source code |
| title_short |
TAD : time side-channel attack defense of obfuscated source code |
| title_full |
TAD : time side-channel attack defense of obfuscated source code |
| title_fullStr |
TAD : time side-channel attack defense of obfuscated source code |
| title_full_unstemmed |
TAD : time side-channel attack defense of obfuscated source code |
| title_sort |
tad : time side-channel attack defense of obfuscated source code |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/145789 |
| _version_ |
1688665309623353344 |