Side-Channel Leakage Assessment
Side-Channel leakage a crutial threaten to hardware and software implementations. Caused by the physical effects of computing with secret variables. Relevant physical effects include instruction execution time, memory access time, power consumption and electromagnetic radiation. This brings in the need for the side channel leakage assessment in both early and post design stage. My research focus on architectural leakage assessment and modeling on power-based/EM-based side channel. Build up systematic design-time side channel leakage assessment on the complex secure systems.
Side-Channel and Fault Combined Attack
This part of research related to breaking the countermeasures of side channel attack. A popular countermeasure towards side-channel analysis is masking. Masking is a side-channel countermeasure technique that uses random masks to split sensitive cryptographic variables into multiple shares. The side-channel leakage from individual shares does not reveal the sensitive variable because the random masks are secret. we propose a methodology to identify the generation and integration of random masks in cryptographic software by means of side-channel analysis. We then disable the randomizing effect of masking by targeted fault injection, and we break the masking countermeasure using first-order side-channel analysis.
Fault Attack Countermeasures
Fault attack is a known, dangerous threat to secure embedded systems. Function calls, including system calls, are particularly important but weak links for the integration of security components in a crypto-system. Function calls are vulnerable to an instruction skip caused by controlled fault injection such as clock glitching or power glitching. Previous work fails to address the vulnerability of function calls to instruction skip and develop corresponding countermeasures. In this work, we provide a software fault detection mechanism to protect function calls against instruction skip attacks. Our method is generic, relies on the function output arguments, and does not require modification to the function body.
Y. Yao, P. Schaumont,
"A Low-cost Function Call Protection Mechanism Against Instruction Skip Fault Attacks,"
2018 Workshop on Attacks and Solutions in Hardware Security (ASHES),
Toronto, Canada, October 2018.
Y. Yao, M. Yang, B. Yuce, C. Patrick, P. Schaumont,
"Fault-Assisted Side-Channel Analysis of Masked Implementations,"
IEEE International Symposium on Hardware Oriented Security and
Trust (HOST), May 2018.
Yuan Yao, Y. Zhang, et al., “Learning-Based Packet Loss Prediction for Video Streaming over Mesh Networks with Priority”, 2012 IET International Conference on Information Science and Control Engineering (ICISCE 2012), Shenzhen, China, Dec., 2012
Y. Zhang, Yuan Yao, et al., “Resource Allocation and Performance Optimization for Wireless Video Communication "[J]. Journal of University of Electronic Science and Technology of China, Vol.42 No.1, Jan. 2013
Conference talk at Hardware Oriented Security and Trust(HOST) 2018 conference talk: Fault-Assisted Side-Channel Analysis of Masked Implementations
Workshop for Women in Hardware and Systems Security (WISE) 2017: Breaking AES with DPA and Chipwhisperer in the blink of an Eye