What technology area does this patent fall under?

Primary CPC classification G06F21/556. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Side-channel leakage evaluator and analysis kit

US10025926B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10025926-B2
Application number	US-201514743787-A
Country	US
Kind code	B2
Filing date	Jun 18, 2015
Priority date	Nov 19, 2014
Publication date	Jul 17, 2018
Grant date	Jul 17, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for analyzing side-channel leakage of an application running on a device including loading the application on a system comprising a device simulator, wherein the application is configured to accept public inputs and secret inputs and selecting a set of public inputs. The method includes, for each public input in the set of public inputs, executing the application on the system comprising the device simulator based on a respective public input and a first value for a secret input and extracting first intermediate values for the simulated device, and executing the application on the system based on the respective public input and a second value for the secret input and extracting second intermediate values for the simulated device. The method includes determining an amount of dependency of a location of the simulated device on the secret input based on a plurality of the first and second intermediate values.

First claim

Opening claim text (preview).

What is claimed as new and desired to be protected by Letters Patent of the United States is: 1. A method for analyzing side-channel leakage of an application running on a device comprising: loading the application on a system comprising a device simulator, wherein the application is configured to accept public inputs and secret inputs; generating using the device simulator a simulated device by simulating hardware of the device; selecting a set of public inputs; for each public input in the set of public inputs: executing the application on the simulated device based on a respective public input and a first value for a secret input and extracting first intermediate values of a simulated device component of the simulated device, and executing the application on the simulated device based on the respective public input and a second value for the secret input and extracting second intermediate values of the simulated device component of the simulated device; determining an amount of dependency of a value of a location of the simulated device on the secret input based on a plurality of the first intermediate values and a plurality of the second intermediate values, wherein the location comprises the simulated device component at an execution time; and when the amount of dependency is determined to be a non-zero number, determining that the location of the simulated device is vulnerable to a side-channel leakage detection. 2. The method of claim 1 , wherein the application is configured to encrypt the public inputs based on the secret inputs. 3. The method of claim 1 , wherein the application comprises executable machine code. 4. The method of claim 1 , wherein the simulated device comprises a simulated processor of the device. 5. The method of claim 1 , wherein the secrets inputs comprise an encryption key. 6. The method of claim 1 , wherein the public inputs comprise plaintext. 7. The method of claim 1 , wherein the set of public inputs comprises a random sample of public inputs. 8. The method of claim 1 , wherein: the first intermediate values comprise a first value of the simulated device component at the execution time, and the second intermediate values comprise a second value of the simulated device component at the execution time. 9. The method of claim 1 , wherein the execution time is a clock cycle or an instruction step. 10. The method of claim 1 , wherein determining an amount of dependency of a value of a location of the simulated device on the secret input comprises calculating a Mutual Information Value between the location and the secret input. 11. The method of claim 1 , wherein: the application is configured to accept random inputs; executing the application on the system based on a respective public input and a first value for a secret input comprises executing the application on the system based on a respective public input, a random input, and a first value for a secret input; and executing the application on the system based on the respective public input and a second value for the secret input comprises executing the application on the system based on the respective public input, the random input, and a second value for the secret input. 12. The method of claim 11 , wherein the random input comprises a side-channel leakage countermeasure. 13. The method of claim 1 , comprising: mapping the location to an instruction in the application; and when the location is determined to be vulnerable to the side-channel leakage detection, identifying the instruction in the application as being vulnerable to a side-channel attack. 14. The method of claim 1 , wherein a device component being simulated comprises: a register, a memory bank, a cache, a CPU flag, a CPU pipeline, a power consumption, electromagnetic radiation, or acoustic radiation. 15. A system for analyzing side-channel leakage of an application running on a device comprising: a device simulator configured to: generate a simulated device by simulating hardware of the device; one or more processors; memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for: loading the application on the device simulator, wherein the application is configured to accept public inputs and secret inputs; selecting a set of public inputs; for each public input in the set of public inputs: executing the application on the simulated device based on a respective public input and a first value for a secret input and extracting first intermediate values of a simulated device component of the simulated device, and executing the application on the simulated device based on the respective public input and a second value for the secret input and extracting second intermediate values of the simulated device component of the simulated device; determining an amount of dependency of a value of a location of the simulated device on the secret input based on a plurality of the first intermediate values and a plurality of the second intermediate values, wherein the location comprises the simulated device component at an execution time; and when the amount of dependency is determined to be a non-zero number, determining that the location of the simulated device is vulnerable to a side-channel leakage detection. 16. The system of claim 15 , wherein the application is configured to encrypt the public inputs based on the secret inputs. 17. The system of claim 15 , wherein the application comprises executable machine code. 18. The system of claim 15 , wherein the simulated device comprises a simulated processor of the device. 19. The system of claim 15 , wherein the secrets inputs comprise an encryption key. 20. The system of claim 15 , wherein the public inputs comprise plaintext. 21. The system of claim 15 , wherein the set of public inputs comprises a random sample of public inputs. 22. The system of claim 15 , wherein: the first intermediate values comprise a first value of the simulated device component at the execution time, and the second intermediate values comprise a second value of the simulated device component at the execution time. 23. The system of claim 15 , wherein the execution time is a clock cycle or an instruction step. 24. The system of claim 15 , wherein determining an amount of dependency of a value of a location of the simulated device on the secret input comprises calculating a Mutual Information Value between the location and the secret input. 25. The system of claim 15 , wherein: the application is configured to accept random inputs; executing the application on the system based on a respective public input and a first value for a secret input comprises executing the application on the system based on a respective public input, a random input, and a first value for a secret input; and executing the application on the system based on the respective public input and a second value for the secret input comprises executing the application on the system based on the respective public input, the random input, and a second value for the secret input. 26. The system of claim 25 , wherein the random input comprises a side-channel leakage countermeasure. 27. A non-transitory computer readable storage medium storing one or more programs for a

Assignees

Mitre Corp

Inventors

Classifications

G06F21/556Primary
involving covert channels, i.e. data leakage between processes (inhibiting the analysis of circuitry or operation with measures against power attack G06F21/755) · CPC title
G06F21/52
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
H04L2209/26
Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm · CPC title
H04L2209/04
Masking or blinding · CPC title
H04L9/003
for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA] · CPC title

Patent family

Related publications grouped by family.

View patent family 55961961

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10025926B2 cover?: A method for analyzing side-channel leakage of an application running on a device including loading the application on a system comprising a device simulator, wherein the application is configured to accept public inputs and secret inputs and selecting a set of public inputs. The method includes, for each public input in the set of public inputs, executing the application on the system comprisi…
Who is the assignee on this patent?: Mitre Corp
What technology area does this patent fall under?: Primary CPC classification G06F21/556. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).