Your search keyword '"Side-channel attacks"' showing total 32 results

1. Cracking the Core: Hardware Vulnerabilities in Android Devices Unveiled.

Author

Muñoz, Antonio

Subjects

COMPUTER security vulnerabilities, RESEARCH personnel, SECURITY systems, RESOURCE allocation, SYSTEMS on a chip

Abstract

As Android devices become more prevalent, their security risks extend beyond software vulnerabilities to include critical hardware weaknesses. This paper provides a comprehensive and systematic review of hardware-related vulnerabilities in Android systems, which can bypass even the most sophisticated software defenses. We compile and analyze an extensive range of reported vulnerabilities, introducing a novel categorization framework to facilitate a deeper understanding of these risks, classified by affected hardware components, vulnerability type, and the potential impact on system security. The paper addresses key areas such as memory management flaws, side-channel attacks, insecure system-on-chip (SoC) resource allocation, and cryptographic vulnerabilities. In addition, it examines feasible countermeasures, including hardware-backed encryption, secure boot mechanisms, and trusted execution environments (TEEs), to mitigate the risks posed by these hardware threats. By contextualizing hardware vulnerabilities within the broader security architecture of Android devices, this review emphasizes the importance of hardware security in ensuring system integrity and resilience. The findings serve as a valuable resource for both researchers and security professionals, offering insights into the development of more robust defenses against the emerging hardware-based threats faced by Android devices. [ABSTRACT FROM AUTHOR]

Published

2024

2. Enhanced Multi-Party Privacy-Preserving Record Linkage Using Trusted Execution Environments.

Author

Han, Shumin, Shen, Kuixing, Shen, Derong, and Wang, Chuang

Subjects

*COLLUSION, *DECISION making, *DISCLOSURE, *CONFIDENTIAL communications, *PRIVACY

Abstract

With the world's data volume growing exponentially, it becomes critical to link it and make decisions. Privacy-preserving record linkage (PPRL) aims to identify all the record information corresponding to the same entity from multiple data sources, without disclosing sensitive information. Previous works on multi-party PPRL methods typically adopt homomorphic encryption technology due to its ability to perform computations on encrypted data without needing to decrypt it first, thus maintaining data confidentiality. However, these methods have notable shortcomings, such as the risk of collusion among participants leading to the potential disclosure of private keys, high computational costs, and decreased efficiency. The advent of trusted execution environments (TEEs) offers a solution by protecting computations involving private data through hardware isolation, thereby eliminating reliance on trusted third parties, preventing malicious collusion, and improving efficiency. Nevertheless, TEEs are vulnerable to side-channel attacks. In this work, we propose an enhanced PPRL method based on TEE technology. Our methodology involves processing plaintext data within a TEE using the inner product mask technique, which effectively obfuscates the data, making it impervious to side-channel attacks. The experimental results demonstrate that our approach not only significantly improves resistance to side-channel attacks but also enhances efficiency, showing better performance and privacy preservation compared to existing methods. This work provides a robust solution to the challenges faced by current PPRL methods and sets the stage for future research aimed at further enhancing scalability and security. [ABSTRACT FROM AUTHOR]

Published

2024

3. The Security Evaluation of an Efficient Lightweight AES Accelerator †.

Author

Aljuffri, Abdullah, Huang, Ruoyu, Muntenaar, Laura, Gaydadjiev, Georgi, Ma, Kezheng, Hamdioui, Said, and Taouil, Mottaqiallah

Subjects

*ADVANCED Encryption Standard, *CRYPTOGRAPHY

Abstract

The Advanced Encryption Standard (AES) is widely recognized as a robust cryptographic algorithm utilized to protect data integrity and confidentiality. When it comes to lightweight implementations of the algorithm, the literature mainly emphasizes area and power optimization, often overlooking considerations related to performance and security. This paper evaluates two of our previously proposed lightweight AES implementations using both profiled and non-profiled attacks. One is an unprotected implementation, and the other one is a protected version using Domain-Oriented Masking (DOM). The findings of this study indicate that the inclusion of DOM in the design enhances its resistance to attacks at the cost of doubling the area. [ABSTRACT FROM AUTHOR]

Published

2024

4. Investigating CRYSTALS-Kyber Vulnerabilities: Attack Analysis and Mitigation.

Author

Iavich, Maksim and Kuchukhidze, Tamari

Subjects

*QUANTUM computing, *QUANTUM cryptography, *NATIONAL competency-based educational tests, *QUANTUM computers, *PUBLIC key cryptography, *CRYPTOSYSTEMS, *DEEP learning

Abstract

Significant advancements have been achieved in the field of quantum computing in recent years. If somebody ever creates a sufficiently strong quantum computer, many of the public-key cryptosystems in use today might be compromised. Kyber is a post-quantum encryption technique that depends on lattice problem hardness, and it was recently standardized. Despite extensive testing by the National Institute of Standards and Technology (NIST), new investigations have demonstrated the effectiveness of CRYSTALS-Kyber attacks and their applicability in non-controlled environments. We investigated CRYSTALS-Kyber's susceptibility to side-channel attacks. In the reference implementation of Kyber512, additional functions can be compromised by employing the selected ciphertext. The implementation of the selected ciphertext allows the attacks to succeed. Real-time recovery of the entire secret key is possible for all assaults. [ABSTRACT FROM AUTHOR]

Published

2024

5. Multi-Dimensional Fusion Deep Learning for Side Channel Analysis.

Author

Deng, Tuo, Wang, Huanyu, He, Dalin, Xiong, Naixue, Liang, Wei, and Wang, Junnian

Subjects

DEEP learning, INFORMATION technology security, SIGNAL processing, FEATURE extraction, DENDRITIC crystals

Abstract

The rapid advancement of deep learning has significantly heightened the threats posed by Side-Channel Attacks (SCAs) to information security, transforming their effectiveness to a degree several orders of magnitude superior to conventional signal processing techniques. However, the majority of existing Deep-Learning Side-Channel Attacks (DLSCAs) primarily focus on the classification accuracy of the trained model at the attack stage, often assuming that adversaries have unlimited computational and time resources during the profiling stage. This might result in an inflated assessment of the trained model's fitting capability in a real attack scenario. In this paper, we present a novel DLSCA model, called a Multi-Dimensional Fusion Convolutional Residual Dendrite (MD_CResDD) network, to enhance and speed up the feature extraction process by incorporating a multi-scale feature fusion mechanism. By testing the proposed model on two software implementations of AES-128, we show that it is feasible to improve the profiling speed by at least 34% compared to other existing deep-learning models for DLSCAs and meanwhile achieved a certain level of improvement (8.4% and 0.8% for two implementations) in the attack accuracy. Furthermore, we also investigate how different fusion approaches, fusion times, and residual blocks can affect the attack efficiency on the same two datasets. [ABSTRACT FROM AUTHOR]

Published

2023

6. Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response †.

Author

Shoaib, Faizan, Chow, Yang-Wai, Vlahu-Gjorgievska, Elena, and Nguyen, Chau

Subjects

SOFTWARE-defined networking, COMPUTER network traffic, TELECOMMUNICATION security, TELECOMMUNICATION, TELECOMMUNICATION systems

Abstract

Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%. [ABSTRACT FROM AUTHOR]

Published

2023

7. Hardware-Based Methods for Electronic Device Protection against Invasive and Non-Invasive Attacks.

Author

Vidaković, Marin and Vinko, Davor

Subjects

ELECTRONIC equipment, ELECTROMAGNETIC radiation, SCIENTIFIC community

Abstract

This paper reviews hardware-based protection methods for electronic devices, encompassing scientific publications and published patents. This review covers insights from the scientific community and innovative solutions patented in the industry. By combining these two sources, this paper offers a comprehensive and holistic review of electronic device security. Electronic devices are integral to modern life, but their widespread use invites security threats, both digital and physical. This paper reviews hardware-based protection methods against invasive and non-invasive attacks, emphasizing the importance of a dual approach through hardware design. Invasive attacks involve physical tampering, and we explore anti-tampering techniques such as conductive meshes, sensors and physically unclonable functions (PUFs). Non-invasive, side-channel attacks encompass various attack vectors, focusing on electromagnetic analysis. To counter these attacks, we analyze techniques like reducing and masking electromagnetic radiation. This paper bridges the gap between invasive and non-invasive attack mitigation. It underscores the necessity of a multifaceted approach to safeguard electronic devices in an interconnected world, preserving their reliability and functionality. [ABSTRACT FROM AUTHOR]

Published

2023

8. Smartphone Security and Privacy: A Survey on APTs, Sensor-Based Attacks, Side-Channel Attacks, Google Play Attacks, and Defenses.

Author

Muhammad, Zia, Anwar, Zahid, Javed, Abdul Rehman, Saleem, Bilal, Abbas, Sidra, and Gadekallu, Thippa Reddy

Subjects

MOBILE operating systems, SMARTPHONES, EVIDENCE gaps, BUSINESS communication, PRIVACY, BLACKBERRY (Smartphone)

Abstract

There is an exponential rise in the use of smartphones in government and private institutions due to business dependencies such as communication, virtual meetings, and access to global information. These smartphones are an attractive target for cybercriminals and are one of the leading causes of cyber espionage and sabotage. A large number of sophisticated malware attacks as well as advanced persistent threats (APTs) have been launched on smartphone users. These attacks are becoming significantly more complex, sophisticated, persistent, and undetected for extended periods. Traditionally, devices are targeted by exploiting a vulnerability in the operating system (OS) or device sensors. Nevertheless, there is a rise in APTs, side-channel attacks, sensor-based attacks, and attacks launched through the Google Play Store. Previous research contributions have lacked contemporary threats, and some have proven ineffective against the latest variants of the mobile operating system. In this paper, we conducted an extensive survey of papers over the last 15 years (2009–2023), covering vulnerabilities, contemporary threats, and corresponding defenses. The research highlights APTs, classifies malware variants, defines how sensors are exploited, visualizes multiple ways that side-channel attacks are launched, and provides a comprehensive list of malware families that spread through the Google Play Store. In addition, the research provides details on threat defense solutions, such as malware detection tools and techniques presented in the last decade. Finally, it highlights open issues and identifies the research gap that needs to be addressed to meet the challenges of next-generation smartphones. [ABSTRACT FROM AUTHOR]

Published

2023

9. Application of Neural Networks to Power Analysis †.

Author

Levina, Alla and Bolozovskii, Roman

Subjects

NEURAL computers, STATISTICAL power analysis, CRYPTOGRAPHY, ENERGY consumption, MACHINE learning

Abstract

The purpose of this work is to research the possibility of a side-channel attack, more precisely power consumption attack (recovering the encryption key according to the board's power consumption schedule) on the AES-128 algorithm implemented in hardware. Basically, various methods can be used to make an attack, including SPA (Simple Power Consumption Attack) and DPA (Differential Power Consumption Attack). SPA methods involve a simple visual analysis of energy consumption graphs, while DPA involves the use of statistical methods to recover the encryption key. One way to make side-channel attacks more effective is to implement machine learning methods for the described purposes. [ABSTRACT FROM AUTHOR]

Published

2023

10. Applying Address Encryption and Timing Noise to Enhance the Security of Caches.

Author

Wu, Dehua, Tao, Sha, and Gao, Wanlin

Subjects

NOISE, ACCESS to information, EVICTION, SECURITY management

Abstract

Encrypting the mapping relationship between physical and cache addresses has been a promising technique to prevent conflict-based cache side-channel attacks. However, this method is not foolproof and the attackers can still build a side-channel despite the increased difficulty of finding the minimal eviction set. To address this issue, we propose a new protection method that integrates both address encryption and timing noise extension mechanisms. By adding the timing noise extension mechanism to the address encryption method, we can randomly generate cache misses that prevent the attackers from pruning the eviction set. Our analysis shows that the timing noise extension mechanism can cause the attackers to fail in obtaining accurate timing information for accessing memory. Furthermore, our proposal reduces the timing noise generating rate, minimizing performance overhead. Our experiments on SPEC CPU 2017 show that the integrated mechanism only resulted in a tiny performance overhead of 2.9%. [ABSTRACT FROM AUTHOR]

Published

2023

11. A Survey on Air-Gap Attacks: Fundamentals, Transport Means, Attack Scenarios and Challenges.

Author

Park, Jangyong, Yoo, Jaehoon, Yu, Jaehyun, Lee, Jiho, and Song, JaeSeung

Subjects

*ENVIRONMENTAL protection, *ELECTRIC lines, *INFORMATION organization, *DATA protection, *PUBLIC institutions, *TRANSMISSION of sound, *AUTOMATIC speech recognition

Abstract

Major public institutions and organizations that handle sensitive data frequently enforce strong security policies by implementing network separation policies that segregates their internal work networks and internet network using air gaps to prevent the leakage of confidential information. Such closed networks have long been considered the most secure technique for protecting data; however, studies have shown that they are no longer effective in providing a safe data protection environment. Research on air-gap attacks remains in its infancy stage. Studies have been conducted to check the method and demonstrate the possibility of transmitting data using various transmission media available within the closed network. These transmission media include optical signals such as HDD LEDs, acoustic signals such as speakers, and the electrical signals of power lines. This paper examines various media used for air-gap attacks by analyzing different techniques and their essential functions, strengths, and limitations. The findings of this survey and the follow-up analysis aim to assist companies and organizations in protecting their information by providing an understanding of air-gap attacks and their current trends. [ABSTRACT FROM AUTHOR]

Published

2023

12. The Need for Speed: A Fast Guessing Entropy Calculation for Deep Learning-Based SCA.

Author

Perin, Guilherme, Wu, Lichao, and Picek, Stjepan

Subjects

*DEEP learning, *ARTIFICIAL neural networks, *ENTROPY, *FEATURE selection, *OPTIMAL stopping (Mathematical statistics), *LEAK detection, *COGNITIVE processing speed

Abstract

The adoption of deep neural networks for profiling side-channel attacks opened new perspectives for leakage detection. Recent publications showed that cryptographic implementations featuring different countermeasures could be broken without feature selection or trace preprocessing. This success comes with a high price: an extensive hyperparameter search to find optimal deep learning models. As deep learning models usually suffer from overfitting due to their high fitting capacity, it is crucial to avoid over-training regimes, which require a correct number of epochs. For that, early stopping is employed as an efficient regularization method that requires a consistent validation metric. Although guessing entropy is a highly informative metric for profiling side-channel attacks, it is time-consuming, especially if computed for all epochs during training, and the number of validation traces is significantly large. This paper shows that guessing entropy can be efficiently computed during training by reducing the number of validation traces without affecting the efficiency of early stopping decisions. Our solution significantly speeds up the process, impacting the performance of the hyperparameter search and overall profiling attack. Our fast guessing entropy calculation is up to 16× faster, resulting in more hyperparameter tuning experiments and allowing security evaluators to find more efficient deep learning models. [ABSTRACT FROM AUTHOR]

Published

2023

13. Smart Home Privacy Protection Methods against a Passive Wireless Snooping Side-Channel Attack.

Author

Nassiri Abrishamchi, Mohammad Ali, Zainal, Anazida, Ghaleb, Fuad A., Qasem, Sultan Noman, and Albarrak, Abdullah M.

Subjects

*SMART homes, *HOME wireless technology, *CYBERTERRORISM, *PRIVACY, *CYBER physical systems, *DATA packeting, *EAVESDROPPING, *INTELLIGENT buildings

Abstract

Smart home technologies have attracted more users in recent years due to significant advancements in their underlying enabler components, such as sensors, actuators, and processors, which are spreading in various domains and have become more affordable. However, these IoT-based solutions are prone to data leakage; this privacy issue has motivated researchers to seek a secure solution to overcome this challenge. In this regard, wireless signal eavesdropping is one of the most severe threats that enables attackers to obtain residents' sensitive information. Even if the system encrypts all communications, some cyber attacks can still steal information by interpreting the contextual data related to the transmitted signals. For example, a "fingerprint and timing-based snooping (FATS)" attack is a side-channel attack (SCA) developed to infer in-home activities passively from a remote location near the targeted house. An SCA is a sort of cyber attack that extracts valuable information from smart systems without accessing the content of data packets. This paper reviews the SCAs associated with cyber–physical systems, focusing on the proposed solutions to protect the privacy of smart homes against FATS attacks in detail. Moreover, this work clarifies shortcomings and future opportunities by analyzing the existing gaps in the reviewed methods. [ABSTRACT FROM AUTHOR]

Published

2022

14. A Comprehensive Survey on the Non-Invasive Passive Side-Channel Analysis.

Author

Socha, Petr, Miškovský, Vojtěch, and Novotný, Martin

Subjects

*INTERNET of things

Abstract

Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research. [ABSTRACT FROM AUTHOR]

Published

2022

15. Chebyshev Polynomial-Based Scheme for Resisting Side-Channel Attacks in 5G-Enabled Vehicular Networks.

Author

Al-Shareeda, Mahmood A., Manickam, Selvakumar, Mohammed, Badiea Abdulkarem, Al-Mekhlafi, Zeyad Ghaleb, Qtaish, Amjad, Alzahrani, Abdullah J., Alshammari, Gharbi, Sallam, Amer A., and Almekhlafi, Khalil

Subjects

ELLIPTIC curve cryptography, CHEBYSHEV polynomials, VEHICULAR ad hoc networks

Abstract

The privacy and security vulnerabilities in fifth-generation (5G)-enabled vehicular networks are often required to cope with schemes based on either bilinear pair cryptography (BPC) or elliptic curve cryptography (ECC). Nevertheless, these schemes suffer from massively inefficient performance related to signing and verifying messages in areas of the high-density traffic stream. Meanwhile, adversaries could launch side-channel attacks to obtain sensitive data protected in a tamper-proof device (TPD) to destroy the system. This paper proposes a Chebyshev polynomial-based scheme for resisting side-channel attacks in 5G-enabled vehicular networks. Our work could achieve both important properties of the Chebyshev polynomial in terms of chaotic and semi-group. Our work consists of five phases: system initialization, enrollment, signing, verification, and pseudonym renew. Moreover, to resist side-channel attacks, our work renews periodically and frequently the vehicle's information in the TPD. Security analysis shows that our work archives the privacy (pseudonym identity and unlikability) and security (authentication, integrity, and traceability) in 5G-enabled vehicular networks. Finally, our work does not employ the BPC or the ECC; its efficiency performance outperforms other existing recent works, making it suitable for use in vehicular networks. [ABSTRACT FROM AUTHOR]

Published

2022

16. Cyber-Security Threats and Side-Channel Attacks for Digital Agriculture.

Author

Alahmadi, Adel N., Rehman, Saeed Ur, Alhazmi, Husain S., Glynn, David G., Shoaib, Hatoon, and Solé, Patrick

Subjects

*DIGITAL transformation, *INTELLIGENT sensors, *SMART devices, *AGRICULTURE, *DIGITAL technology

Abstract

The invention of smart low-power devices and ubiquitous Internet connectivity have facilitated the shift of many labour-intensive jobs into the digital domain. The shortage of skilled workforce and the growing food demand have led the agriculture sector to adapt to the digital transformation. Smart sensors and systems are used to monitor crops, plants, the environment, water, soil moisture, and diseases. The transformation to digital agriculture would improve the quality and quantity of food for the ever-increasing human population. This paper discusses the security threats and vulnerabilities to digital agriculture, which are overlooked in other published articles. It also provides a comprehensive review of the side-channel attacks (SCA) specific to digital agriculture, which have not been explored previously. The paper also discusses the open research challenges and future directions. [ABSTRACT FROM AUTHOR]

Published

2022

17. MATANA: A Reconfigurable Framework for Runtime Attack Detection Based on the Analysis of Microarchitectural Signals.

Author

Mao, Yuxiao, Migliore, Vincent, and Nicomette, Vincent

Subjects

SOFTWARE frameworks

Abstract

Featured Application: The MATANA framework is particularly suited for critical embedded systems that want to design and integrate flexible attack detection mechanisms based on microarchitectural signal observation. Microarchitectural attacks exploit target hardware properties to break software isolation techniques used by the processor. These attacks are extremely powerful and hard to detect since the determination of the program execution's impact on the microarchitecture is at the same time not precisely understood and not easily observable at the software layer. Some approaches have attempted to benefit from existing hardware to better understand and detect the microarchitectural attacks (i.e., Hardware Performance Counters or Arm CoreSight), but such hardware was not meant to be used for cybersecurity, with reduced choice on observable signals and limited throughput of information. In this paper, we propose MATANA, an open and adaptive reconfigurable hardware/software co-designed framework. Combining fine-grained analysis of microarchitectural signals and software support, MATANA allows to design and assess detection mechanisms for attacks by characterizing their microarchitectural effects—in particular, microarchitectural attacks, but also some high-level attacks such as return-oriented programming attacks. The paper also describes a prototype implementation, built with a RISC-V softcore processor Rocket running Linux 4.15 on a Virtex-6 FPGA. We successfully used MATANA to analyze cache side-channel attacks and build attack detection logic from two different perspectives: instruction-based and memory-access-based. We also successfully detected return-oriented programming attacks by exhibiting a specific behavioral pattern on the microarchitecture. [ABSTRACT FROM AUTHOR]

Published

2022

18. A Low-Overhead Countermeasure against Differential Power Analysis for AES Block Cipher.

Author

Asfand Hafeez, Muhammad, Mazyad Hazzazi, Mohammad, Tariq, Hassan, Aljaedi, Amer, Javed, Asfa, and Alharbi, Adel R.

Subjects

BLOCK ciphers, ENCRYPTION protocols, ALGORITHMS

Abstract

This paper presents the employment of a DPA attack on the NIST (National Institute of Standards and Technology) standardized AES (advance encryption standard) protocol for key retrieval and prevention. Towards key retrieval, we applied the DPA attack on AES to obtain a 128-bit secret key by measuring the power traces of the computations involved in the algorithm. In resistance to the DPA attack, we proposed a countermeasure, or a new modified masking scheme, comprising (i) Boolean and (ii) multiplicative masking, for linear and non-linear operations of AES, respectively. Furthermore, we improved the complexity involved in Boolean masking by introducing Rebecca's approximation. Moreover, we provide a novel solution to tackle the zero mask problem in multiplicative masking. To evaluate the power traces, we propose our custom correlation technique, which results in a decrease in the calculation time. The synthesis results for original implementation (without countermeasure) and inclusion of countermeasure are given on a Zynq 7020 FPGA (Artix-7 device). It takes 424 FPGA slices when implemented without considering the countermeasure, whereas 714 slices are required to implement AES with the inclusion of the proposed countermeasure. Consequently, the implementation results provide the acceptability of this work for area-constrained applications that require prevention against DPA attacks. [ABSTRACT FROM AUTHOR]

Published

2021

19. Cold Boot Attacks on the Supersingular Isogeny Key Encapsulation (SIKE) Mechanism.

Author

Villanueva-Polanco, Ricardo and Angulo-Madrid, Eduardo

Subjects

BOOTS, CRYPTOGRAPHY

Abstract

This research paper evaluates the feasibility of cold boot attacks on the Supersingular Isogeny Key Encapsulation (SIKE) mechanism. This key encapsulation mechanism has been included in the list of alternate candidates of the third round of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Process. To the best of our knowledge, this is the first time this scheme is assessed in the cold boot attacks setting. In particular, our evaluation is focused on the reference implementation of this scheme. Furthermore, we present a dedicated key-recovery algorithm for SIKE in this setting and show that the key recovery algorithm works for all the parameter sets recommended for this scheme. Moreover, we compute the success rates of our key recovery algorithm through simulations and show the key recovery algorithm may reconstruct the SIKE secret key for any SIKE parameters for a fixed and small α = 0.001 (the probability of a 0 to 1 bit-flipping) and varying values for β (the probability of a 1 to 0 bit-flipping) in the set { 0.001 , 0.01 , ... , 0.1 } . Additionally, we show how to integrate a quantum key enumeration algorithm with our key-recovery algorithm to improve its overall performance. [ABSTRACT FROM AUTHOR]

Published

2021

20. Power-Balancing Software Implementation to Mitigate Side-Channel Attacks without Using Look-Up Tables.

Author

Kim, HanBit, Kim, HeeSeok, and Hong, Seokhie

Subjects

HAMMING weight, RANDOM numbers, BLOCK ciphers, COMPUTER software, CIPHERS

Abstract

With the increasing number of side-channel attacks, countermeasure designers continue to develop various implementations to address such threats. Power-balancing (PB) methods hold the number of 1s and/or transitions (i.e., Hamming weight/distance) of internal processes constant to ensure side-channel safety in an environment in which it is difficult to use random numbers. Most existing studies employed look-up tables (LUTs) to compute those operations, except for XOR and NOT operations. However, LUT-based schemes exhibit some side-channel issues in the address bits of LUTs. In this paper, we propose the application of AND and ADD operations to PB methods based on a rule that encodes 8-bit data into a 32-bit codeword without using LUTs. Unlike previous studies that employed LUTs, our proposals overcome side-channel vulnerabilities associated with the address bits and memory wastage. In addition, we evaluate the side-channel security ensured by the proposed method in comparison with that ensured by other methods. Finally, we apply our methods to SIMON/SPECK ciphers and analyze their performance by comparing them with older schemes. [ABSTRACT FROM AUTHOR]

Published

2020

21. Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor.

Author

Kim, HanBit, Hong, Seokhie, and Kim, HeeSeok

Subjects

CRYPTOSYSTEMS, BLOCK ciphers, ARITHMETIC

Abstract

A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: "Boolean to Arithmetic (B2A)" and "Arithmetic to Boolean (A2B)". The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k + 1)) entries of length (k + 1) -bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k) (k) -bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1) -bit to (k) -bit, as a result, the memory use for the pre-computation table is reduced from (2 (k + 1)) (k + 1) -bit to (2 k) (k) -bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm. [ABSTRACT FROM AUTHOR]

Published

2019

22. Chaos-Based Physical Unclonable Functions.

Author

Gołofit, Krzysztof and Wieczorek, Piotr Z.

Subjects

DIGITAL electronics, MULTICASTING (Computer networks), PROGRAMMABLE logic devices

Abstract

The concept presented in this paper fits into the current trend of highly secured hardware authentication designs utilizing Physically Unclonable Functions (PUFs) or Physical Obfuscated Keys (POKs). We propose an idea that the PUF cryptographic keys can be derived from a chaotic circuit. We point out that the chaos theory should be explored for the sake of PUFs as a natural mechanism of amplifying random process variations of digital circuits. We prove the idea based on a novel design of a chaotic circuit, which utilizes time in a feedback loop as an analog continuous variable in a purely digital system. Our design is small and simple, and therefore feasible to implement in inexpensive reprogrammable devices (not equipped with digital clock manager, programmable delay line, phase locked loop, RAM/ROM memory, etc.). Preliminary tests proved that the chaotic circuit PUFs work in both advanced Field-Programmable Gate Arrays (FPGAs) as well as simple Complex Programmable Logic Devices (CPLDs). We showed that different PUF challenges (slightly different implementations based on variations in elements placement and/or routing) have provided significantly different keys generated within one CPLD/FPGA device. On the other hand, the same PUF challenges used in a different CPLD/FPGA instance (programmed with precisely the same bit-stream resulting in exactly the same placement and routing) have enhanced differences between devices resulting in different cryptographic keys. [ABSTRACT FROM AUTHOR]

Published

2019

23. A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model.

Author

Tianhui Meng, Xiaofan Li, Sha Zhang, and Yubin Zhao

Subjects

*WIRELESS sensor networks, *SPECTRUM analysis, *WEB-based user interfaces, *DATA transmission systems, *ENERGY consumption, *NETWORK performance, *CYBERTERRORISM, *MARKOV processes

Abstract

Wireless sensor networks (WSNs) have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC) and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained. [ABSTRACT FROM AUTHOR]

Published

2016

24. Compiler Optimizations as a Countermeasure against Side-Channel Analysis in MSP430-Based Devices.

Author

Malagón, Pedro, de Goyeneche, Juan-Mariano, Zapater, Marina, Moya, José M., and Banković, Zorana

Subjects

*COMPILERS (Computer programs), *MATHEMATICAL optimization, *AMBIENT intelligence, *DISTRIBUTED network protocols, *WIRELESS sensor networks, *ELECTRONIC countermeasures, *EMBEDDED computer systems

Abstract

Ambient Intelligence (AmI) requires devices everywhere, dynamic and massively distributed networks of low-cost nodes that, among other data, manage private information or control restricted operations. MSP430, a 16-bit microcontroller, is used in WSN platforms, as the TelosB. Physical access to devices cannot be restricted, so attackers consider them a target of their malicious attacks in order to obtain access to the network. Side-channel analysis (SCA) easily exploits leakages from the execution of encryption algorithms that are dependent on critical data to guess the key value. In this paper we present an evaluation framework that facilitates the analysis of the effects of compiler and backend optimizations on the resistance against statistical SCA. We propose an optimization-based software countermeasure that can be used in current low-cost devices to radically increase resistance against statistical SCA, analyzed with the new framework. [ABSTRACT FROM AUTHOR]

Published

2012

25. SE-CPPA: A Secure and Efficient Conditional Privacy-Preserving Authentication Scheme in Vehicular Ad-Hoc Networks.

Author

Al-Shareeda, Mahmood A., Anbar, Mohammed, Manickam, Selvakumar, and Hasbullah, Iznan H.

Subjects

*VEHICULAR ad hoc networks, *PUBLIC key cryptography, *COMPUTER access control, *IMPERSONATION, *CRYPTOGRAPHY

Abstract

Communications between nodes in Vehicular Ad-Hoc Networks (VANETs) are inherently vulnerable to security attacks, which may mean disruption to the system. Therefore, the security and privacy issues in VANETs are entitled to be the most important. To address these issues, the existing Conditional Privacy-Preserving Authentication (CPPA) schemes based on either public key infrastructure, group signature, or identity have been proposed. However, an attacker could impersonate an authenticated node in these schemes for broadcasting fake messages. Besides, none of these schemes have satisfactorily addressed the performance efficiency related to signing and verifying safety traffic-related messages. For resisting impersonation attacks and achieving better performance efficiency, a Secure and Efficient Conditional Privacy-Preserving Authentication (SE-CPPA) scheme is proposed in this paper. The proposed SE-CPPA scheme is based on the cryptographic hash function and bilinear pair cryptography for the signing and verifying of messages. Through security analysis and comparison, the proposed SE-CPPA scheme can accomplish security goals in terms of formal and informal analysis. More precisely, to resist impersonation attacks, the true identity of the vehicle stored in the tamper-proof device (TPD) is frequently updated, having a short period of validity. Since the MapToPoint hash function and a large number of cryptography operations are not employed, simulation results show that the proposed SE-CPPA scheme outperforms the existing schemes in terms of computation and communication costs. Finally, the proposed SE-CPPA scheme reduces the computation costs of signing the message and verifying the message by 99.95% and 35.93%, respectively. Meanwhile, the proposed SE-CPPA scheme reduces the communication costs of the message size by 27.3%. [ABSTRACT FROM AUTHOR]

Published

2021

26. Design and Validation of Low-Power Secure and Dependable Elliptic Curve Cryptosystem.

Author

Poudel, Bikash, Munir, Arslan, Kong, Joonho, and Khan, Muazzam A.

Subjects

COMBINATIONAL circuits, ASYNCHRONOUS circuits, GATE array circuits, GENERATING functions, VISIBLE spectra, GENETIC algorithms

Abstract

The elliptic curve cryptosystem (ECC) has been proven to be vulnerable to non-invasive side-channel analysis attacks, such as timing, power, visible light, electromagnetic emanation, and acoustic analysis attacks. In ECC, the scalar multiplication component is considered to be highly susceptible to side-channel attacks (SCAs) because it consumes the most power and leaks the most information. In this work, we design a robust asynchronous circuit for scalar multiplication that is resistant to state-of-the-art timing, power, and fault analysis attacks. We leverage the genetic algorithm with multi-objective fitness function to generate a standard Boolean logic-based combinational circuit for scalar multiplication. We transform this circuit into a multi-threshold dual-spacer dual-rail delay-insensitive logic ( M T D 3 L ) circuit. We then design point-addition and point-doubling circuits using the same procedure. Finally, we integrate these components together into a complete secure and dependable ECC processor. We design and validate the ECC processor using Xilinx ISE 14.7 and implement it in a Xilinx Kintex-7 field-programmable gate array (FPGA). [ABSTRACT FROM AUTHOR]

Published

2021

27. EE-ACML: Energy-Efficient Adiabatic CMOS/MTJ Logic for CPA-Resistant IoT Devices †.

Author

Kahleifeh, Zachary and Thapliyal, Himanshu

Subjects

*MAGNETIC tunnelling, *INTERNET of things, *ENERGY consumption, *LOGIC, *LOGIC devices

Abstract

Internet of Things (IoT) devices have strict energy constraints as they often operate on a battery supply. The cryptographic operations within IoT devices consume substantial energy and are vulnerable to a class of hardware attacks known as side-channel attacks. To reduce the energy consumption and defend against side-channel attacks, we propose combining adiabatic logic and Magnetic Tunnel Junctions to form our novel Energy Efficient-Adiabatic CMOS/MTJ Logic (EE-ACML). EE-ACML is shown to be both low energy and secure when compared to existing CMOS/MTJ architectures. EE-ACML reduces dynamic energy consumption with adiabatic logic, while MTJs reduce the leakage power of a circuit. To show practical functionality and energy savings, we designed one round of PRESENT-80 with the proposed EE-ACML integrated with an adiabatic clock generator. The proposed EE-ACML-based PRESENT-80 showed energy savings of 67.24% at 25 MHz and 86.5% at 100 MHz when compared with a previously proposed CMOS/MTJ circuit. Furthermore, we performed a CPA attack on our proposed design, and the key was kept secret. [ABSTRACT FROM AUTHOR]

Published

2021

28. Tight and Scalable Side-Channel Attack Evaluations through Asymptotically Optimal Massey-like Inequalities on Guessing Entropy.

Author

Tănăsescu, Andrei, Choudary, Marios O., Rioul, Olivier, and Popescu, Pantelimon George

Subjects

*EVALUATION methodology

Abstract

The bounds presented at CHES 2017 based on Massey's guessing entropy represent the most scalable side-channel security evaluation method to date. In this paper, we present an improvement of this method, by determining the asymptotically optimal Massey-like inequality and then further refining it for finite support distributions. The impact of these results is highlighted for side-channel attack evaluations, demonstrating the improvements over the CHES 2017 bounds. [ABSTRACT FROM AUTHOR]

Published

2021

29. Information Theoretic Security for Broadcasting of Two Encrypted Sources under Side-Channel Attacks †.

Author

Santoso, Bagus and Oohama, Yasutada

Subjects

*INFORMATION-theoretic security, *IMAGE encryption, *ELECTROMAGNETIC radiation, *ENCRYPTION protocols, *PHENOMENOLOGICAL theory (Physics), *PUBLIC communication, *COMMUNICATIVE disorders

Abstract

In this paper, we propose a theoretical framework to analyze the secure communication problem for broadcasting two encrypted sources in the presence of an adversary which launches side-channel attacks. The adversary is not only allowed to eavesdrop the ciphertexts in the public communication channel, but is also allowed to gather additional information on the secret keys via the side-channels, physical phenomenon leaked by the encryption devices during the encryption process, such as the fluctuations of power consumption, heat, or electromagnetic radiation generated by the encryption devices. Based on our framework, we propose a countermeasure against such adversary by using the post-encryption-compression (PEC) paradigm, in the case of one-time-pad encryption. We implement the PEC paradigm using affine encoders constructed from linear encoders and derive the explicit the sufficient conditions to attain the exponential decay of the information leakage as the block lengths of encrypted sources become large. One interesting feature of the proposed countermeasure is that its performance is independent from the type of side information leaked by the encryption devices. [ABSTRACT FROM AUTHOR]

Published

2019

30. Information Theoretic Security for Shannon Cipher System under Side-Channel Attacks †.

Author

Santoso, Bagus and Oohama, Yasutada

Subjects

*INFORMATION-theoretic security, *CIPHERS, *PUBLIC communication, *INFORMATION processing, *ELECTROMAGNETIC radiation

Abstract

In this paper, we propose a new theoretical security model for Shannon cipher systems under side-channel attacks, where the adversary is not only allowed to collect ciphertexts by eavesdropping the public communication channel but is also allowed to collect the physical information leaked by the devices where the cipher system is implemented on, such as running time, power consumption, electromagnetic radiation, etc. Our model is very robust as it does not depend on the kind of physical information leaked by the devices. We also prove that in the case of one-time pad encryption, we can strengthen the secrecy/security of the cipher system by using an appropriate affine encoder. More precisely, we prove that for any distribution of the secret keys and any measurement device used for collecting the physical information, we can derive an achievable rate region for reliability and security such that if we compress the ciphertext using an affine encoder with a rate within the achievable rate region, then: (1) anyone with a secret key will be able to decrypt and decode the ciphertext correctly, but (2) any adversary who obtains the ciphertext and also the side physical information will not be able to obtain any information about the hidden source as long as the leaked physical information is encoded with a rate within the rate region. We derive our result by adapting the framework of the one helper source coding problem posed and investigated by Ahlswede and Körner (1975) and Wyner (1975). For reliability and security, we obtain our result by combining the result of Csizár (1982) on universal coding for a single source using linear codes and the exponential strong converse theorem of Oohama (2015) for the one helper source coding problem. [ABSTRACT FROM AUTHOR]

Published

2019

31. A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model.

Author

Meng T, Li X, Zhang S, and Zhao Y

Abstract

Wireless sensor networks (WSNs) have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC) and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained., Competing Interests: The authors declare no conflict of interest.

Published

2016

32. Compiler optimizations as a countermeasure against side-channel analysis in MSP430-based devices.

Author

Malagón P, de Goyeneche JM, Zapater M, Moya JM, and Banković Z

Abstract

Ambient Intelligence (AmI) requires devices everywhere, dynamic and massively distributed networks of low-cost nodes that, among other data, manage private information or control restricted operations. MSP430, a 16-bit microcontroller, is used in WSN platforms, as the TelosB. Physical access to devices cannot be restricted, so attackers consider them a target of their malicious attacks in order to obtain access to the network. Side-channel analysis (SCA) easily exploits leakages from the execution of encryption algorithms that are dependent on critical data to guess the key value. In this paper we present an evaluation framework that facilitates the analysis of the effects of compiler and backend optimizations on the resistance against statistical SCA. We propose an optimization-based software countermeasure that can be used in current low-cost devices to radically increase resistance against statistical SCA, analyzed with the new framework.

Published

2012