Iodine: Verifying Constant-Time Execution of Hardware

10/07/2019
by   Klaus v. Gleissenthall, et al.
0

To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise — and verify — conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present Iodine: a clock precise, constant-time approach to eliminating timing side channels in hardware. Iodine succeeds in verifying various open source hardware designs in seconds and with little developer effort. Iodine also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

10/23/2018

A Theory of Lazy Imperative Timing

We present a theory of lazy imperative timing....
04/01/2021

Solver-Aided Constant-Time Circuit Verification

We present Xenon, a solver-aided method for formally verifying that Veri...
01/06/2021

Measuring the Impact of Interference Channels on Multicore Avionics

Measurement-based analysis of software timing behavior provides importan...
01/24/2019

Can We Prove Time Protection?

Timing channels are a significant and growing security threat in compute...
05/01/2020

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core

Covert channels enable information leakage across security boundaries of...
02/24/2022

Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning

Microarchitectural timing channels enable unwanted information flow acro...
02/26/2022

Preventing Timing Side-Channels via Security-Aware Just-In-Time Compilation

Recent work has shown that Just-In-Time (JIT) compilation can introduce ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.