Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmake
doc
external
src
test
uml
.clang-format
.gitmodules
BUILDING.md
CMakeLists.txt
COPYING
LOGO_ERC-FLAG_EU.jpg
README.md
coeffs.json

README.md

ELMO2

ELMO2 is designed to help software engineers quickly identify side channel security risks during development stages.

This tool simulates instruction-level side channel analysis leakage without the need for anything other that a target program by simulating a processor and gathering leakage traces from this simulated processor.

It can support multiple different processors and multiple different methods of generating leakage from these. Currently the only supported simulator is the Thumb Timing Simulator. This will simulate an ARM Cortex M0 processor. The supported leakage models can be found here.

Please feel free to add more simulators and models! There will be documents describing how to do this at some point.

Usage

  1. Download from the releases page 🏗️ Coming soon! You'll have to build it yourself for now, sorry.

  2. Compile your target program for your chosen simulator. Currently only one simulator is supported, Thumb Timing Simulator, so compile for this simulator for now. Here is an example to help you get started.

It is heavily recommended (but not essential) that you make use of the elmo-funcs.h file to provide useful functions, such as trigger points and the ability to get random data inside the simulator.

The target program should be edited to replace the target data, such as the cryptographic key, with randomly generated values.

  1. Run ELMO2. Here is an example of the most common usage.
./ELMO-2 my-program-binary-from-step-2 -o output-file.trs

Note that this requires the file coeffs.json to be in the same directory. This can be overridden like so:

./ELMO-2 my-program-binary-from-step-2 some-path/coeffs.json -o output-file.trs
  1. Done! Perform whatever side channel attacks/analysis you want on the output file.

All command line options

All command line options can be printed using the -h or --help flags shown here:

./ELMO-2 --help

This should produce the result below.

Side channel leakage emulation tool
Usage:
  bin/ELMO-2 [OPTION...] [--input] EXECUTABLE [--file] COEFFICIENTS

  -h, --help                    Print help
  -r, --runs N                  Number of traces to generate (default: 1)
  -f, --file COEFFICIENTS       Coefficients file (default: ./coeffs.json)
  -i, --input EXECUTABLE        Executable to be ran in the simulator
  -o, --output FILE             Generated traces output file
  -s, --simulator SIMULATOR NAME
                                The name of the simulator that should be used
                                (default: Andres)
  -m, --model MODEL NAME        The name of the mathematical model that
                                should be used to generate traces (default: Hamming
                                Weight)

Leakage generation models

There are currently two methods supported for generating leakage supported.

ELMO Power model

This is the recommend model for generating high quality leakage.

Details of how it works can be found here.

Hamming weight model

This is the default model and will generate leakage much faster but the leakage may not be as high quality.

This works by taking the Hamming weight of the operands of the instructions executed.

Others

Please help add more if you can! There will be a document describing how to do this at some point.

Output format

ELMO2 currently saves traces in the .trs format. This format is designed for use in Riscure's Inspector, but can be interpreted in other ways.

We hope to support alternative formats in the future.

API Documentation

Documentation is generated using Doxygen. In order to generate this follow these instructions:

  1. Install Doxygen

  2. Firstly follow the instructions in the Getting started for Development section.

  3. Documentation can be built with CMake using the "doc" target by running the command as shown.

cmake --build . --target doc
  1. Open this file
/path/to/build/directory/doc/html/index.html

Additionally, enabling the cmake configuration option ELMO2_BUILD_DOCUMENTATION will generate the documentation every time you compile.

Building

Refer to BUILDING.md for developer specific information.

Built with

Thank you to the creators of all these. Without these, this would not have been possible.

License

This program is released under license AGPLv3+.

Get a summary of this license here at choosealicense.com

Acknowledgement

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 725042).

EU Logo

You can’t perform that action at this time.