Software Security
Hardware Security
Resources
Contact us
Hardware Security

Scared: open source side-channel library by eShard

Benjamin Timon
|
0
|
September 26, 2019
Blue close icon with two intersecting diagonal lines forming an X.
Software Security
PLATFORM
esReverse
TIME TRAVEL ANALYSIS
Time Travel Debugging tool
EMULATORS
IOS Virtual Device
NEW
Android Virtual Device
KNOWLEDGE
Intel Advanced Techniques
IoT Use Cases
SERVICES
Security Assessment
Training & Coaching
Hardware Security
PLATFORM
esDynamic
TURNKEY LABS
Side Channel Analysis
EM Fault Injection
Laser Fault Injection
Glitching Fault Injection
Photonic Emission
KNOWLEDGE
Post-Quantum Cryptography
SCA Specialized Modules
FI Specialized Modules
Practical Use Cases
TOOLS
Pre-silicon Testing
LAB EQUIPMENTS
Pattern Detector
Cold Reset
SERVICES
Security Assessment
Training & Coaching
Resources
INDUSTRIES
Automotive
IoT & Smart Device
Gov. & Defense
Expertise Lab
LEARN
Webinars
Events
Blog
Documentation
COMPANY
About us
Careers
HIRING
Partners
Contact us
Hardware Security

Scared: open source side-channel library by eShard

Benjamin Timon
|
-
|
Sep 2019
Back to all articles
SHARE

In short: eShard recently released Scared, a new open source Python SCA library for side-channel attacks. Scared is a professional side-channel framework with easy-to-use APIs and great performance to run side-channel analyses. Try it on Binder!

During the CHES 2019 conference in Atlanta, eShard presented its newly released open source library for side-channel attacks named Scared. With Scared, our goal is to provide a professional open source SCA framework for people to develop their side-channel projects.

Where does SCAred come from?

eShard is a company specialized in the security of embedded and connected devices. Our flagship product, esDynamic, is a data science platform dedicated to the security of embedded systems. The platform integrates Python libraries for side-channel analysis, white-box cryptography testing, and hardware fault injections.

We have developed esDynamic with the philosophy to empower the experts. Leveraging the latest data science technologies, esDynamic is now a comprehensive scientific platform to apply and expand expertise in cryptography, side-channel analysis, and hardware fault injections.

scared_esd.png
esDynamic platform developed by eShard

esDynamic offers an open environment for experts to work and develop their expertise. As the experts have control, it is natural to give access to the code of the core Python modules of the platform. Therefore, after 3 years of development, we think it is a good time to release our base SCA library as open source and make it available to everybody.

By doing so, we are also happy to share our knowledge and expertise in side-channel attacks and to provide a professional open source side-channel framework to help people build their side-channel analysis projects.

What is inside the Scared library?

scared_import.png

Scared is a Python library composed of the core components of our commercial side-channel software, minus the advanced features developed by eShard such as interactive widgets, trace visualizers, advanced results display, Python notebooks, etc.

Still, Scared contains all the features needed to perform complete side-channel analyses. The SCA library is composed of the following functionalities:

Unified side-channel traces representation

scared_traces.png

Scared provides a unibold textfied way to manipulate trace sets independently of the underlying data set formats. The implementation is based on abstract reader methods and a unified set of APIs. Using this abstract reader design, Scared virtually supports any type of trace format.

The data set abstraction is provided by the THS (Trace Header Set) object and its APIs. The library includes reader APIs for the most common side-channel trace formats, including eShard’s trace set format (.ets) which we believe is quite efficient to perform side-channel analysis. Besides, using the abstract reader methods, the user can easily integrate in the framework his own custom trace format when needed.

Pre-processing methods

scared_prepro.png

Pre-processing methods are available to apply different types of data processing on the traces before the attacks. The provided methods include standard signal processing techniques such as the Fast Fourier Transform as well as processing methods dedicated to high-order attacks such as the Centered Product transformation. Again, to ensure flexibility, the user can easily integrate his own processing methods which can be used during the attacks.

Cryptographic targets and selection functions

scared_aes.png

The library integrates common cryptographic targets such as AES and DES. To define what part of the algorithm to attack, we provide a set of selection functions corresponding to the most common targeted intermediate values. The user can easily implement and use custom selections functions to attack different intermediate values or different algorithms.

Analysis methods

scared_analysis.png

The library provides an analysis module to perform side-channel analysis with different types of distinguishers. We have implemented most of the state-of-the-art side-channel distinguishers such as DPA, CPA, MIA, T-Test, but also ANOVA, NICV and Template attacks. The attacks can be performed using different leakages models and different types of score discriminant.

APIs design

All the features are accessible through user-friendly high level APIs. Our objective is to simplify the processof running side-channel attacks to let the user focus on the most important parts of side-channel testing which are the attack strategy and results analysis. The high-level APIs also offer an easy learning curve for new users and beginners in side-channel.

scared_api.png

Example of API description from Scared documentation

For users willing to run more complex analyses, we provide several low-level APIs which are extendable and composable so that the user can easily build custom analysis processes.

All the APIs are described in the online Scared documentation available here.

scared_doc.png

Methodology Behind Our SCA Tools

To develop Scared, our team followed the same methodology as for the development of our commercial modules. For the development, we focus on 3 key points:

  • Performance: As side-channel analysis requires processing huge amounts of data, we put a special focus on code optimization in order to speed up the attack execution.
  • Quality: Our team is composed of software engineers and experts in side-channel attacks working together to provide the user with the best in terms of API design and code quality.
  • Documentation: Scared comes with complete documentation describing the APIs of the library as well as a series of examples.

Scared is meant to be a living project. We will keep updating the code in the future, and contributions to the project are welcome. We would like the project to evolve based on the community’s needs and ideas.

In a Few Lines

In just a few lines of code, this is how you can start to use the Scared SCA library.

Load data set

After importing Scared, we can start by loading a data set. In the example below, we open a subset of the DPA v2 contest composed of 20,000 traces. The traces and metadata (plaintexts, ciphertexts, etc.) are accessible via the Trace Header Set object.

scared_open_dataset.png

Define target

To run an attack, we first need to define what part of the cryptographic algorithm we want to target. This is done by choosing a selection function. Below, to attack the DPA v2 trace set, we will target the delta between the last two rounds of the AES.

scared_attack.png

Run the attack

Before running the attack, one needs to build a Container encapsulating our data set. Finally, one can run the attack by simply calling the .run() method.

scared_run.png

The results of the attack are stored in the attack object as a Numpy array.

scared_res.png

Benchmark: Testing SCA Framework Performance

We decided to benchmark Scared in order to provide information about where the library stands in terms of performance.

Very few references can be found on the performance of side-channel tools, so we based our benchmark on the main available work, which is the open-source benchmark performed by Ilya Kizhvatov and Cees-Bart Breunesse. In this work, they compare the performance of 4 side-channel frameworks: ChipWhisperer, Daredevil, Inspector, and Jlsca.

scared_benchmark.png
Results of the original benchmark performed by Ilya Kizhvatov and Cees-Bart Breunesse

We extended this original benchmark to include the performance of two new side channel frameworks, namely LASCAR from Ledger Donjon, and Scared from eShard.

To provide fair comparisons, we ran this extended benchmark in the same conditions as the original benchmark. We used the same benchmark test which is a Hamming Weight CPA on 100,000 traces of 512 float32 samples. We also used a desktop configuration equivalent to the original benchmark configuration. Below we provide the results of our extended benchmark.

scared_benchmark_ext-1.png
Results of extended benchmark by eShard

As we can see from the results, Scared is the best-in-class side-channel framework in terms of performance. As previously mentioned, our team focuses on code optimization in order to provide a fast framework able to run large analyses efficiently.

Get Started

The source code of the Scared SCA library is available on both GitLab and GitHub.

Scared can easily be installed with pip:pip install scared

or conda: conda install -c eshard scared

We recommend using Scared in a notebook environment such as Jupyter. We have set up a notebooks repository to provide examples and tutorials for the library. The notebooks from the repository can easily be executed in an online Jupyter environment using Binder. Click here to launch a Binder instance with the Scared notebooks and library already integrated.

scared_benchmark.png
jupyter-binder.png

To get started, you can have a look to the introduction notebook. Click here to directly access this notebook in a Binder instance.

We encourage you to use Scared and hope the library will help you build efficient side-channel analyses.

So don’t be Scared, install the library and have fun :)

Disclaimer

Scared library is licensed under LGPL V3 license. It is mainly intended for non-commercial use by academics, students, or professionals willing to learn the basics of side-channel analysis. If you wish to use this library in a commercial or industrial context, eShard provides commercial licenses under fees. For more information, contact us!