Fuzzing+Hardware Performance Counters-Based Detection of Algorithm Subversion Attacks on Postquantum Signature Schemes

Animesh Basak Chowdhury, Anushree Mahapatra, Deepraj Soni, Ramesh Karri

Research output: Contribution to journalArticlepeer-review

Abstract

NIST is standardizing postquantum cryptography (PQC) algorithms that are resilient to the computational capability of quantum computers. Past works show malicious subversion with cryptographic software algorithm subversion attacks (ASAs) that weaken the implementations. We show that PQC digital signature (DS) codes can be subverted in line with previously reported flawed implementations (2008) (Bernstein et al., 2016) that generate verifiable, but less-secure signatures, demonstrating the risk of such attacks. Since all processors have built-in hardware performance counters (HPCs), there exists a body of work proposing a low-cost machine learning (ML)-based integrity checking of software using HPC fingerprints. However, such HPC-based approaches may not detect subversion of PQC codes. A miniscule percentage of qualitative inputs when applied to the PQC codes improves this accuracy to 98%. We propose gray-box fuzzing as a preprocessing step to obtain inputs to aid the proposed HPC-based method.

Original languageEnglish (US)
Pages (from-to)384-396
Number of pages13
JournalIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Volume42
Issue number2
DOIs
StatePublished - 2022

Keywords

  • Hardware performance counters (HPCs)
  • integrity verification
  • postquantum cryptography (PQC)
  • tamper detection

ASJC Scopus subject areas

  • Software
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Fuzzing+Hardware Performance Counters-Based Detection of Algorithm Subversion Attacks on Postquantum Signature Schemes'. Together they form a unique fingerprint.

Cite this