

# SCRATCHS: Side-Channel Resistant Applications Through Co-designed Hardware/Software

Frédéric Besson <sup>1</sup> Pascal Cotret <sup>2</sup> Nicolas Gaudin <sup>2</sup> Guy Gogniat <sup>2</sup> Jean-Loup Hatchikian-Houdot  $^1$  Guillaume Hiet  $^3$  Vianney Lapotre  $^2$ Pierre Wilke <sup>3</sup>



https://project.inria.fr/scratchs/

Contact: pierre.wilke@inria.fr

<sup>1</sup> EPICURE / IRISA / INRIA, Rennes <sup>2</sup> Lab-STICC, UBS, Lorient / ENSTA Bretagne, Brest <sup>3</sup> CIDRE / IRISA / INRIA, CentraleSupélec, Cesson-Sévigné

# Introduction

**Timing vulnerabilities** caused by behavior depending on a secret



- Timing differences:
- in branching • in memory access
- → Secret exposed

Attacker: observe time  $\Rightarrow$  deduce secret

- ► Behavior duration depends on resource usage (like memory access)
- ► Timing is observable when resource usage is shared between the victim and the attacker.

# State of the art

#### **Constant Time Programming in Software**

**Equivalent data oblivious code** (behavior independent of secret)

- x = 0, y = 64z = Memory[x]= Memory[y] z = (secret) ? t : z
- Linear program flow
- Both branches executed
- → No timing variations (that depends on any secret)

#### **Drawbacks**

- Potential micro-architecture vulnerabilities (rely on CMOV)
- More work for the same result (always do both branches)

## Resource isolation in Hardware



**Drawbacks** 

•Performance downgrade (one cache partitioned) •Expensive Hardware (multiple caches)

## **SCRATCHS**







SCRATCHS add-in

Inria GIRISA

Hardware / Software Co-Design

- ► Hardware implements security mechanisms
- ► Compiler and Operating System leverage these mechanisms to produce side-channel resistant binaries.

# Hardware part

Some functional units (e.g. ALU, **LSU**, **division** or branching) can leak a **temporal** information 🖏



We identify three sources of leak on the **CV32E40P** RISC-V processor:

## Leak

## **Solutions**

Division and modulo op. Non-aligned data requests

- → Constant-time mode through a CSR register
- → Solved by compiler toolchain
- → New LOCK and UNLOCK instructions Cache accesses (L1, L2, TLB...)

# LOCK/UNLOCK mechanism:

- ▶ The cache line is locked in cache until the OS or the locking process issues a UNLOCK operation.
- ► At least one way of the cache is kept available to other processes' data.

# Software part

## Source code with annotations



- ► Divisions on secrets are done in constant time mode
- Secret memory access must be done on locked addresses for constant-time cache-hit
- Locked RAM addresses must be aligned on cache lines.































