Cryptographic Software IP Protection without Compromising Performance or Timing Side-channel Leakage
- 9 February 2021
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Architecture and Code Optimization
- Vol. 18 (2), 1-20
- https://doi.org/10.1145/3443707
Abstract
Program obfuscation is a widely used cryptographic software intellectual property (IP) protection technique against reverse engineering attacks in embedded systems. However, very few works have studied the impact of combining various obfuscation techniques on the obscurity (difficulty of reverse engineering) and performance (execution time) of obfuscated programs. In this article, we propose a Genetic Algorithm (GA)-based framework that not only optimizes obscurity and performance of obfuscated cryptographic programs, but it also ensures very low timing side-channel leakage. Our proposed T iming S ide C hannel S ensitive P rogram O bfuscation O ptimization F ramework (TSC-SPOOF) determines the combination of obfuscation transformation functions that produce optimized obfuscated programs with preferred optimization parameters. In particular, TSC-SPOOF employs normalized compression distance (NCD) and channel capacity to measure obscurity and timing side-channel leakage, respectively. We also use RISC-V rocket core running on a Xilinx Zynq FPGA device as part of our framework to obtain realistic results. The experimental results clearly show that our proposed solution leads to cryptographic programs with lower execution time, higher obscurity, and lower timing side-channel leakage than unguided obfuscation.Keywords
This publication has 24 references indexed in Scilit:
- Data Allocation for Hybrid Memory With Genetic AlgorithmIEEE Transactions on Emerging Topics in Computing, 2015
- A Tool for Estimating Information LeakagePublished by Springer Science and Business Media LLC ,2013
- On the (im)possibility of obfuscating programsJournal of the ACM, 2012
- Nonapproximability of the normalized information distanceJournal of Computer and System Sciences, 2011
- Clustering by CompressionIEEE Transactions on Information Theory, 2005
- Sandmark-A tool for software protection researchIEEE Security & Privacy, 2003
- Differential Power AnalysisLecture Notes in Computer Science, 1999
- A method for obtaining digital signatures and public-key cryptosystemsCommunications of the ACM, 1978
- A linear space algorithm for computing maximal common subsequencesCommunications of the ACM, 1975
- Computation of channel capacity and rate-distortion functionsIEEE Transactions on Information Theory, 1972