This is a curated list of awesome resources related to the topic of (cryptographic) implementation attacks: note that resource is loosely defined, but the aim is not to simply list every related research paper (since there are too many). The principle of such attacks is a focus on concrete implementation versus abstract specification of a cryptographic construction. Concrete instances include side-channel and fault injection attacks, where the attacker can passively observe or actively influence behaviour by a target device respectively; a rich classification of related concepts and techniques is possible, including, for example the potential for both local (e.g., contact-based) or remote (e.g., contact-less) attack instances.
- Cryptographic Hardware and Embedded Systems (CHES)
- CASCADE, i.e., Constructive Side-Channel Analysis and Secure Design (COSADE) plus CARDIS
- Fault Diagnosis and Tolerance in Cryptography (FDTC)
- E. Oswald, S. Mangard, and T. Popp: "Power Analysis Attacks: Revealing the Secrets of Smart Cards"
- M. Joye and M. Tunstall: "Fault Analysis in Cryptography"
- J. Breier and X. Hou: "Cryptography and Embedded Systems Security"
- F. Farahmandi, M. Tehranipoor, and N.N. Anandakumar: "Hardware Security Training, Hands-on!"
- C. Rebeiro, D. Mukhopadhyay, and S. Bhattacharya: "Timing Channels in Cryptography"
- F.-X. Standaert: "Side-Channel Analysis and Leakage-Resistance"
- D. Page: "Cryptographic Engineering"
- S. Picek, G. Perin, L. Mariot, L. Wu, and L. Batina: "SoK: Deep Learning-based Physical Side-channel Analysis"
- L. Batina, L. Chmielewski, B. Haase, N. Samwel, and P. Schwabe: "SoK: SCA-secure ECC in software - mission impossible?"
- I. Buhan, L. Batina, Y. Yarom, and P. Schaumont: "SoK: Design Tools for Side-Channel-Aware Implementations"
- J. Szefer: "Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses"
- Q. Ge, Y. Yarom, D.A. Cock, and G. Heiser: "A survey of microarchitectural timing attacks and countermeasures on contemporary hardware"
- B. Yuce, P. Schaumont, and M. Witteman: "Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation"
- M. Mayhew and R. Muresan: "An overview of hardware-level statistical power analysis attack countermeasures"
- D. Karaklajić, J.-M. Schmidt, and I. Verbauwhede: "Hardware Designer’s Guide to Fault Attacks"
- A. Barenghi, L. Breveglieri, I. Koren, and D. Naccache: "Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures"
- SASEBO
- ChipWhisperer [paper]
- ChipShouter
- Flexible Opensource workBench fOr Side-channel analysis (FOBOS)
- HorrorScope
- Generic Implementation ANalysis Toolkit (GIAnT)
- SCALE
- DPA WorkStation (DPAWS)
- Inspector SCA
Tools for leakage simulation (see related list)
Contributions and/or corrections are welcome: familiarise yourself with the style and format used (given no strict guidelines for either exist), then submit a pull request which captures your update.
There is an awesome meta-list (i.e., an awesome list of awesome lists)
available, e.g., at
sindresorhus/awesome
;
there's also some similar (or at least related) lists, such as
phonchi/awesome-side-channel-attack
.