Your search keyword '"side-channel"' showing total 178 results

1. Side-Channel Based Runtime Intrusion Detection for Network Equipment

Author

Grisel-Davy, Arthur, Guler, Goksen U., Dickert, Julian, Vibien, Philippe, Khan, Waleed, Morgan, Jack, Moreno, Carlos, Fischmeister, Sebastian, Ghosh, Ashish, Editorial Board Member, Meo, Rosa, editor, and Silvestri, Fabrizio, editor

Published

2025

2. A closer look at the belief propagation algorithm in side-channel attack on CCA-secure PQC KEM.

Author

Qiao, Kexin, Wang, Zhaoyang, Chang, Heng, Sun, Siwei, Wu, Zehan, Cheng, Junjie, Ou, Changhai, Wang, An, and Zhu, Liehuang

Abstract

The implementation security of post-quantum cryptography (PQC) algorithms has emerged as a critical concern with the PQC standardization process reaching its end. In a side-channel-assisted chosen-ciphertext attack, the attacker builds linear inequalities on secret key components and uses the belief propagation (BP) algorithm to solve. The number of inequalities leverages the query complexity of the attack, so the fewer the better. In this paper, we use the PQC standard algorithm CRYSTALS-Kyber as a study case to construct bilateral inequalities on key variables with substantially narrower intervals using a side-channel-assisted oracle. For KYBER512, KYBER768, and KYBER1024, the average Shannon entropy carried by such inequality is improved from the previous 0.6094, 0.4734, and 0.8544 to 0.6418, 0.4777, and 1.2007. The number of such inequalities required to recover the key utilizing the BP algorithm for KYBER512 and KYBER1024 is reduced by 5.32% and 40.53% in theory and experimentally the reduction is even better. The query complexity is reduced by 43%, 37%, and 48% for KYBER512, 768, and 1024 assuming reasonably perfect reliability. Furthermore, we introduce a strategy aimed at further refining the interval of inequalities. Diving into the BP algorithm, we discover a measure metric named JSD (Jensen-Shannon distance)-metric that can gauge the tightness of an inequality. We then develop a machine learning-based strategy to utilize the JSD-metrics to contract boundaries of inequalities even with fewer inequalities given, thus improving the entropy carried by the system of linear inequalities. This contraction strategy is at the algorithmic level and has the potential to be employed in all attacks endeavoring to establish a system of inequalities concerning key variables. [ABSTRACT FROM AUTHOR]

Published

2024

3. Enhancing Security and Power Efficiency of Ascon Hardware Implementation with STT-MRAM.

Author

Roussel, Nathan, Potin, Olivier, Di Pendina, Grégory, Dutertre, Jean-Max, and Rigaud, Jean-Baptiste

Subjects

RANDOM access memory, MAGNETIC tunnelling, STATISTICAL power analysis, NONVOLATILE memory, INTEGRATED circuits

Abstract

With the outstanding growth of Internet of Things (IoT) devices, security and power efficiency of integrated circuits can no longer be overlooked. Current approved standards for cryptographic algorithms are not suitable for constrained environments. In this context, the National Institute of Standards and Technology (NIST) started a lightweight cryptography (LWC) competition to develop new algorithm standards that can be fit into small devices. In 2023, NIST has decided to standardize the Ascon family for LWC. This algorithm has been designed to be more resilient to side-channel and fault-based analysis. Nonetheless, hardware implementations of Ascon have been broken by multiple statistical fault analysis and power analysis. These attacks have underlined the necessity to develop adapted countermeasures to side-channel and perturbation-based attacks. However, existing countermeasures are power and area consuming. In this article, we propose a new countermeasure for the Ascon cipher that does not significantly increase the area and power consumption. Our architecture relies on the nonvolatile feature of the Magnetic Tunnel Junction (MTJ) that is the single element of the emerging Magnetic Random Access Memories (MRAM). The proposed circuit removes the bias exploited by statistical attacks. In addition, we have duplicated and complemented the permutation of Ascon to enhance the power analysis robustness of the circuit. Besides the security aspect, our circuit can save current manipulated data, ensuring energy saving from 11% to 32.5% in case of power failure. The area overhead, compared to an unprotected circuit, is × 2.43 . [ABSTRACT FROM AUTHOR]

Published

2024

4. Domain-Agnostic Representation of Side-Channels.

Author

Spence, Aaron and Bangay, Shaun

Subjects

*LEAK detection, *EXTRACTION techniques, *PATIENT monitoring, *SIGNAL processing, *INTERNET security

Abstract

Side channels are unintended pathways within target systems that leak internal target information. Side-channel sensing (SCS) is the process of exploiting side channels to extract embedded target information. SCS is well established within the cybersecurity (CYB) domain, and has recently been proposed for medical diagnostics and monitoring (MDM). Remaining unrecognised is its applicability to human–computer interaction (HCI), among other domains (Misc). This article analyses literature demonstrating SCS examples across the MDM, HCI, Misc, and CYB domains. Despite their diversity, established fields of advanced sensing and signal processing underlie each example, enabling the unification of these currently otherwise isolated domains. Identified themes are collating under a proposed domain-agnostic SCS framework. This SCS framework enables a formalised and systematic approach to studying, detecting, and exploiting of side channels both within and between domains. Opportunities exist for modelling SCS as data structures, allowing for computation irrespective of domain. Future methodologies can take such data structures to enable cross- and intra-domain transferability of extraction techniques, perform side-channel leakage detection, and discover new side channels within target systems. [ABSTRACT FROM AUTHOR]

Published

2024

5. ReminISCence: Trusted Monitoring Against Privileged Preemption Side-Channel Attacks

Author

Chen, Weijie, Zhao, Yu, Zhang, Yinqian, Qiang, Weizhong, Zou, Deqing, Jin, Hai, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Garcia-Alfaro, Joaquin, editor, Kozik, Rafał, editor, Choraś, Michał, editor, and Katsikas, Sokratis, editor

Published

2024

6. Creating from Noise: Trace Generations Using Diffusion Model for Side-Channel Attack

Author

Yap, Trevor, Jap, Dirmanto, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, van Leeuwen, Jan, Series Editor, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Kobsa, Alfred, Series Editor, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Nierstrasz, Oscar, Series Editor, Pandu Rangan, C., Editorial Board Member, Sudan, Madhu, Series Editor, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Vardi, Moshe Y, Series Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, and Andreoni, Martin, editor

Published

2024

7. Secure Physical Design

Author

Tehranipoor, Mark, Zamiri Azar, Kimia, Asadizanjani, Navid, Rahman, Fahim, Mardani Kamali, Hadi, Farahmandi, Farimah, Tehranipoor, Mark, Zamiri Azar, Kimia, Asadizanjani, Navid, Rahman, Fahim, Mardani Kamali, Hadi, and Farahmandi, Farimah

Published

2024

8. High-Order Collision Attack Vulnerabilities in Montgomery Ladder Implementations of RSA

Author

Varillon, Arnaud, Sauvage, Laurent, Danger, Jean-Luc, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Regazzoni, Francesco, editor, Mazumdar, Bodhisatwa, editor, and Parameswaran, Sri, editor

Published

2024

9. Compress: Generate Small and Fast Masked Pipelined Circuits

Author

Gaëtan Cassiers, Barbara Gigerl, Stefan Mangard, Charles Momin, and Rishub Nagpal

Subjects

Side-channel, Masking, HPC, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Masking is an effective countermeasure against side-channel attacks. It replaces every logic gate in a computation by a gadget that performs the operation over secret sharings of the circuit’s variables. When masking is implemented in hardware, care should be taken to protect against leakage from glitches, which could otherwise undermine the security of masking. This is generally done by adding registers, which stop the propagation of glitches, but introduce additional latency and area cost. In masked pipeline circuits, a high latency further increases the area overheads of masking, due to the need for additional registers that synchronize signals between pipeline stages. In this work, we propose a technique to minimize the number of such pipeline registers, which relies on optimizing the scheduling of the computations across the pipeline stages. We release an implementation of this technique as an open-source tool, Compress. Further, we introduce other optimizations to deduplicate logic between gadgets, perform an optimal selection of masked gadgets, and introduce new gadgets with smaller area. Overall, our optimizations lead to circuits that improve the state-of-the art in area and achieve state-of-the-art latency. For example, a masked AES based on an S-box generated by Compress reduces latency by 19% and area by 27% over a state-of-the-art implementation, or, for the same latency, reduces area by 45%.

Published

2024

10. Profiling Running Applications in Connected Devices Through Side-Channel and Machine Learning Techniques

Author

Vincenzo Rega, Domenico Capriglione, Fabrizio Marignetti, Mario Molinara, and Andrea Amodei

Subjects

Cybersecurity, side-channel, machine learning, measurements, vulnerability, application profiling, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In the field of cybersecurity, the ability to gather detailed information about target systems is a critical component of the reconnaissance phase of cyber attacks. This phase, known as cybersecurity reconnaissance, involves techniques that adversaries use to collect information vital for the success of subsequent attack stages. Traditionally, reconnaissance activities include network scanning, sniffing, and social engineering, which allow attackers to map the network, identify vulnerabilities, and plan their exploits. In this paper, we explore a novel application of side-channel analysis within system-based reconnaissance. Side-channel attacks, typically used to extract cryptographic keys or sensitive data through indirect observations such as power consumption or electromagnetic emissions, are here repurposed for a different kind of system intrusion. Specifically, we demonstrate how side-channel analysis and machine learning techniques can classify running processes on a target system that are very popular in common IoT applications. This approach is particularly concerning for IoT environments where devices often control critical infrastructure or handle sensitive data. The ability to identify active applications can reveal operation patterns, system behaviors, and potential vulnerabilities that traditional security measures may not protect against. Moreover, in IoT scenarios, this information can be leveraged to orchestrate sophisticated attacks targeting specific services or to exploit timing-based vulnerabilities when certain critical applications are running. By categorizing this approach as a form of local system-based reconnaissance, we highlight its potential to silently gather critical information about a system’s state. Such capabilities represent a significant breach of privacy and provide attackers with the intelligence needed to carry out more targeted and effective attacks. This research also underscores the evolving nature of reconnaissance techniques and the growing risks of advanced side-channel cybersecurity methods.

Published

2024

11. Intrusion Detection for IoT Environments Through Side-Channel and Machine Learning Techniques

Author

Alejandro Dominguez Campos, Felipe Lemus-Prieto, Jose-Luis Gonzalez-Sanchez, and Andres Caro Lindo

Subjects

Cybersecurity, intrusion detection system (IDS), Internet of Things (IoT), machine learning, side-channel, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The rise of the Internet of Things (IoT) technology during the past decade has resulted in multiple applications across a large variety of fields. Some of the data processed using this technology can be specially sensitive, and the devices involved can be prone to cyberattacks, which has resulted in a rising interest in the field of information security applied to IoT. This study presents a method for analyzing an IoT network to detect attacks using side-channel techniques that monitor the power usage of the devices. It shows that it is possible to employ a monitoring system powered by Machine Learning to detect intrusions without interfering with the normal behavior of the devices. Tests yield positive results under a range of scenarios, including using a custom dataset, detecting new attacks previously unseen by the models, and detecting attacks in real time. The main advantages of the proposed system are simplicity, reproducibility (both code and data are made available) and portability, since it can be deployed on all kinds of devices and does not have a high demand of resources. Several deployment strategies are proposed, depending on the structure of the target IoT network and the power constraints of the devices.

Published

2024

12. Challenging Assumptions of Normality in AES s-Box Configurations under Side-Channel Analysis

Author

Clay Carper, Stone Olguin, Jarek Brown, Caylie Charlton, and Mike Borowczak

Subjects

test vector leakage assessment, side-channel analysis, AES encryption, side-channel, statistical methods, Technology (General), T1-995

Abstract

Power-based Side-Channel Analysis (SCA) began with visual-based examinations and has progressed to utilize data-driven statistical analysis. Two distinct classifications of these methods have emerged over the years; those focused on leakage exploitation and those dedicated to leakage detection. This work primarily focuses on a leakage detection-based schema that utilizes Welch’s t-test, known as Test Vector Leakage Assessment (TVLA). Both classes of methods process collected data using statistical frameworks that result in the successful exfiltration of information via SCA. Often, statistical testing used during analysis requires the assumption that collected power consumption data originates from a normal distribution. To date, this assumption has remained largely uncontested. This work seeks to demonstrate that while past studies have assumed the normality of collected power traces, this assumption should be properly evaluated. In order to evaluate this assumption, an implementation of Tiny-AES-c with nine unique substitution-box (s-box) configurations is conducted using TVLA to guide experimental design. By leveraging the complexity of the AES algorithm, a sufficiently diverse and complex dataset was developed. Under this dataset, statistical tests for normality such as the Shapiro-Wilk test and the Kolmogorov-Smirnov test provide significant evidence to reject the null hypothesis that the power consumption data is normally distributed. To address this observation, existing non-parametric equivalents such as the Wilcoxon Signed-Rank Test and the Kruskal-Wallis Test are discussed in relation to currently used parametric tests such as Welch’s t-test.

Published

2023

13. Distribution of Signal to Noise Ratio and Application to Leakage Detection

Author

Mathieu des Noes

Subjects

Leakage, Side-Channel, Signal to noise Ratio, Sampling Complexity, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

In the context of side-channel attacks, the Signal to Noise Ratio (SNR) is a widely used metric for characterizing the information leaked by a device when handling sensitive variables. In this paper, we derive the probability density function (p.d.f.) of the signal to noise ratio (SNR) for the byte value and Hamming Weight (HW) models, when the number of traces per class is large and the target SNR is small. These findings are subsequently employed to establish an SNR threshold, guaranteeing minimal occurrences of false positives. Then, these results are used to derive the theoretical number of traces that are required to remain below pre-defined false negative and false positive rates. The sampling complexity of the T-test, ρ-test and SNR is evaluated for the byte value and HW leakage model by simulations and compared to the theoretical predictions. This allows to establish the most pertinent strategy to make use of each of these detection techniques.

Published

2024

14. Challenging Assumptions of Normality in AES s-Box Configurations under Side-Channel Analysis.

Author

Carper, Clay, Olguin, Stone, Brown, Jarek, Charlton, Caylie, and Borowczak, Mike

Subjects

T-test (Statistics), LEAK detectors, GAUSSIAN distribution, EXPERIMENTAL design, WILCOXON signed-rank test

Abstract

Power-based Side-Channel Analysis (SCA) began with visual-based examinations and has progressed to utilize data-driven statistical analysis. Two distinct classifications of these methods have emerged over the years; those focused on leakage exploitation and those dedicated to leakage detection. This work primarily focuses on a leakage detection-based schema that utilizes Welch's t-test, known as Test Vector Leakage Assessment (TVLA). Both classes of methods process collected data using statistical frameworks that result in the successful exfiltration of information via SCA. Often, statistical testing used during analysis requires the assumption that collected power consumption data originates from a normal distribution. To date, this assumption has remained largely uncontested. This work seeks to demonstrate that while past studies have assumed the normality of collected power traces, this assumption should be properly evaluated. In order to evaluate this assumption, an implementation of Tiny-AES-c with nine unique substitution-box (s-box) configurations is conducted using TVLA to guide experimental design. By leveraging the complexity of the AES algorithm, a sufficiently diverse and complex dataset was developed. Under this dataset, statistical tests for normality such as the Shapiro-Wilk test and the Kolmogorov-Smirnov test provide significant evidence to reject the null hypothesis that the power consumption data is normally distributed. To address this observation, existing non-parametric equivalents such as the Wilcoxon Signed-Rank Test and the Kruskal-Wallis Test are discussed in relation to currently used parametric tests such as Welch's t-test. [ABSTRACT FROM AUTHOR]

Published

2023

15. Cloud Virtualization Attacks and Mitigation Techniques

Author

Ali, Syed Ahmed, Memon, Shahzad, Memon, Nisar, Xhafa, Fatos, Series Editor, Abd El-Latif, Ahmed A., editor, Maleh, Yassine, editor, Mazurczyk, Wojciech, editor, ELAffendi, Mohammed, editor, and I. Alkanhal, Mohamed, editor

Published

2023

16. Hybrid Extrinsic Radio Frequency PUF

Author

Tehranipoor, Mark, Pundir, Nitin, Vashistha, Nidish, Farahmandi, Farimah, Tehranipoor, Mark, Pundir, Nitin, Vashistha, Nidish, and Farahmandi, Farimah

Published

2023

17. Simulation Based Hardware Trojan Detection Using Path Delay Analysis

Author

Vinod, Gautham, Ramesh, S. R., Nirmala Devi, M., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Ranganathan, G., editor, Fernando, Xavier, editor, and Rocha, Álvaro, editor

Published

2023

18. SEV-Step A Single-Stepping Framework for AMD-SEV

Author

Luca Wilke, Jan Wichelmann, Anja Rabich, and Thomas Eisenbarth

Subjects

TEE, Confidential VM, Side-channel, Single-Stepping, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

The ever increasing popularity and availability of Trusted Execution Environments (TEEs) had a stark influence on microarchitectural attack research in academia, as their strong attacker model both boosts existing attack vectors and introduces several new ones. While many works have focused on Intel SGX, other TEEs like AMD SEV have recently also started to receive more attention. A common technique when attacking SGX enclaves is single-stepping, where the system’s APIC timer is used to interrupt the enclave after every instruction. Single-stepping increases the temporal resolution of subsequent microarchitectural attacks to a maximum. A key driver in the proliferation of this complex attack technique was the SGX-Step framework, which offered a stable reference implementation for single-stepping and a relatively easy setup. In this paper, we demonstrate that SEV VMs can also be reliably single-stepped. To lay the foundation for further microarchitectural attack research against SEV, we introduce the reusable SEV-Step framework. Besides reliable single-stepping, SEV-Step provides easy access to common attack primitives like page fault tracking and cache attacks against SEV. All features can be used interactively from user space. We demonstrate SEV-Step’s capabilities by carrying out an end-toend cache attack against SEV that leaks the volume key of a LUKS2-encrypted disk. Finally, we show for the first time that SEV is vulnerable to Nemesis-style attacks, which allow to extract information about the type and operands of single-stepped instructions from SEV-protected VMs.

Published

2023

19. Non-specific TVLA method based on two-sample KS test

Author

Zhen ZHENG, Yingjian YAN, Juesong CAI, and Yanjiang LIU

Subjects

side-channel, test vector leakage assessment, false negative, two-sample KS test, Telecommunication, TK5101-6720

Abstract

Test vector leakage assessment (TVLA) is prone to “false negative” when the power consumption sample size is small.To address this issue, it was found that for non-specific TVLA, when the power consumption sample size changes, the test statistic t-values obtained at the leakage sampling points in the power trace vary accordingly, while the t-values at the non-leakage sampling points do not significantly vary.Therefore, when there is leakage, the distributions of the t-values obtained under different sample sizes will be different.Based on this, it was proposed to implement non-specific TVLA under different sample sizes and perform two-sample KS test on the obtained t-value sequences to evaluate whether there was leakage.Verifications were carried out based on unprotected-aligned simulation power consumption, protected-aligned power consumption dataset DPA Contest v4_2 and protected-non-aligned self-collected power consumption respectively.The results showed that the sample size required by the proposed method on the aligned simulation power consumption and DPA Contest v4_2 was reduced by at most 46.1% and 39.0% respectively.And after the alignment, the required sample size of the proposed method on the self-collected power consumption is also smaller than that of other schemes, with a maximum reduction of 29.4%.Therefore, the proposed method can effectively reduce the probability of “false negative” when the power consumption sample size is small.

Published

2023

20. Microarchitectural Side-Channel Threats, Weaknesses and Mitigations: A Systematic Mapping Study

Author

Arsalan Javeed, Cemal Yilmaz, and Erkay Savas

Subjects

Cybersecurity, microarchitecture, side-channel, systematic-mapping, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Over the course of recent years, microarchitectural side-channel attacks emerged as one of the most novel and thought-provoking attacks to exfiltrate information from computing hardware. These attacks leverage the unintended artefacts produced as side-effects to certain architectural design choices and proved difficult to be effectively mitigated without incurring significant performance penalties. In this work, we undertake a systematic mapping study of the academic literature related to the aforementioned attacks. We, in particular, pose four research questions and study 104 primary works to answer those questions. We inquire about the origins of artefacts leading up to exploitable settings of microarchitectural side-channel attacks; the effectiveness of the proposed countermeasures; and the lessons to be learned that would help build secure systems for the future. Furthermore, we propose a classification scheme that would also serve in the future for systematic mapping efforts in this scope.

Published

2023

21. Code Polymorphism Meets Code Encryption: Confidentiality and Side-channel Protection of Software Components.

Author

Morel, Lionel, Couroussé, Damien, and Hiscock, Thomas

Subjects

REVERSE engineering, DATA mining, COMPUTER software, CONFIDENTIAL communications

Abstract

In this article, we consider that, in practice, attack scenarios involving side-channel analysis combine two successive phases: an analysis phase, targeting the extraction of information about the target and the identification of possible vulnerabilities, and an exploitation phase, applying attack techniques on candidate vulnerabilities. We advocate that protections need to cover these two phases to be effective against real-life attacks. We present PolEn, a toolchain and a processor architecture that combine countermeasures to provide an effective mitigation of side-channel attacks: As a countermeasure against the analysis phase, our approach considers the use of code encryption; as a countermeasure against the exploitation phase, our approach considers the use of code polymorphism, because it relies on runtime code generation, and its combination with code encryption is particularly challenging. Code encryption is supported by a processor extension such that machine instructions are only decrypted inside the CPU, which effectively prevents reverse engineering or any extraction of useful information from memory dumps. Code polymorphism is implemented by software means. It regularly changes the observable behaviour of the program, making it unpredictable for an attacker, hence reducing the possibility to exploit side-channel leakages. We present a prototype implementation, based on the RISC-V Spike simulator and a modified LLVM toolchain. In our experimental evaluation, we illustrate that PolEn effectively reduces side-channel leakages. For the protected functions evaluated, static memory use increases by a factor of 5 to 22, corresponding to the joint application of code encryption and code polymorphism. The overhead, in terms of execution time, ranges between a factor of 1.8 and 4.6. [ABSTRACT FROM AUTHOR]

Published

2023

22. JitSCA: Jitter-based Side-Channel Analysis in Picoscale Resolution

Author

Kai Schoos, Sergej Meschkov, Mehdi B. Tahoori, and Dennis R. E. Gnad

Subjects

side-channel, jitter, power, timing, galvanically isolated, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

In safety and security conscious environments, isolated communication channels are often deemed necessary. Galvanically isolated communication channels are typically expected not to allow physical side-channel attacks through that channel. However, in this paper, we show that they can inadvertently leak side channel information in the form of minuscule jitter on the communication signal. We observe worst-case signal jitter within 54 ± 45 ps using an FPGA-based receiver employing a time-to-digital converter (TDC), which is a higher time resolution than a typical oscilloscope can measure, while in many other systems such measurements are also possible. A transmitter device runs a cryptographic accelerator, while we connect an FPGA on the receiver side and measure the signal jitter using a TDC. We can indeed show sufficient side-channel leakage in the jitter of the signal by performing a key recovery of an AES accelerator running on the transmitter. Furthermore, we compare this leakage to a power side channel also measured with a TDC and prove that the timing jitter alone contains sufficient side-channel information. While for an on-chip power analysis attack about 27k traces are needed for key recovery, our cross-device jitter-based attack only needs as few as 47k traces, depending on the setup. Galvanic isolation does not change that significantly. That is an increase by only 1.7x, showing that fine-grained jitter timing information can be a very potent attack vector even under galvanic isolation. In summary, we introduce a new side-channel attack vector that can leak information in many presumably secure systems. Communication channels can inadvertently leak information through tiny timing variations, known as signal jitter. This could affect millions of devices and needs to be considered.

Published

2023

23. 基于双样本 KS 检验的非特定 TVLA 方法.

Author

郑震, 严迎建, 蔡爵嵩, and 刘燕江

Abstract

Copyright of Journal on Communication / Tongxin Xuebao is the property of Journal on Communications Editorial Office and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

24. Peek into the Black-Box: Interpretable Neural Network using SAT Equations in Side-Channel Analysis

Author

Trevor Yap, Adrien Benamira, Shivam Bhasin, and Thomas Peyrin

Subjects

Side-channel, Neural Network, Deep Learning, Profiling attack, Interpretability, SAT, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Deep neural networks (DNN) have become a significant threat to the security of cryptographic implementations with regards to side-channel analysis (SCA), as they automatically combine the leakages without any preprocessing needed, leading to a more efficient attack. However, these DNNs for SCA remain mostly black-box algorithms that are very difficult to interpret. Benamira et al. recently proposed an interpretable neural network called Truth Table Deep Convolutional Neural Network (TT-DCNN), which is both expressive and easier to interpret. In particular, a TT-DCNN has a transparent inner structure that can entirely be transformed into SAT equations after training. In this work, we analyze the SAT equations extracted from a TT-DCNN when applied in SCA context, eventually obtaining the rules and decisions that the neural networks learned when retrieving the secret key from the cryptographic primitive (i.e., exact formula). As a result, we can pinpoint the critical rules that the neural network uses to locate the exact Points of Interest (PoIs). We validate our approach first on simulated traces for higher-order masking. However, applying TT-DCNN on real traces is not straightforward. We propose a method to adapt TT-DCNN for application on real SCA traces containing thousands of sample points. Experimental validation is performed on software-based ASCADv1 and hardware-based AES_HD_ext datasets. In addition, TT-DCNN is shown to be able to learn the exact countermeasure in a best-case setting.

Published

2023

25. Privacy-Aware Rejection Sampling.

Author

Awan, Jordan and Rao, Vinayak

Subjects

*LEAKS (Disclosure of information), *DATA privacy, *MARKOV chain Monte Carlo, *PRIVACY, *SAMPLING methods

Abstract

While differential privacy (DP) offers strong theoretical privacy guarantees, implementations of DP mechanisms may be vulnerable to side-channel attacks, such as timing attacks. When sampling methods such as MCMC or rejection sampling are used to implement a privacy mechanism, the runtime can leak private information. We characterize the additional privacy cost due to the runtime of a rejection sampler in terms of both (ϵ, δ)-DP as well as f-DP. We also show that unless the acceptance probability is constant across databases, the runtime of a rejection sampler does not satisfy ϵ-DP for any ϵ. We show that there is a similar breakdown in privacy with adaptive rejection samplers. We propose three modifications to the rejection sampling algorithm, with varying assumptions, to protect against timing attacks by making the runtime independent of the data. The modification with the weakest assumptions is an approximate sampler, introducing a small increase in the privacy cost, whereas the other modifications give perfect samplers. We also use our techniques to develop an adaptive rejection sampler for log-Hölder densities, which also has data-independent runtime. We give several examples of DP mechanisms that fit the assumptions of our methods and can thus be implemented using our samplers. [ABSTRACT FROM AUTHOR]

Published

2023

26. An Efficiency–Accuracy Balanced Power Leakage Evaluation Framework Utilizing Principal Component Analysis and Test Vector Leakage Assessment.

Author

Zheng, Zhen, Yan, Yingjian, Liu, Yanjiang, Li, Linyuan, and Chang, Yajing

Subjects

PRINCIPAL components analysis, LEAK detection, VECTOR analysis, LEAKAGE

Abstract

The test vector leakage assessment (TVLA) is a widely used side-channel power leakage detection technology which requires evaluators to collect as many power traces as possible to ensure accuracy. However, as the total sample size of the power traces increases, the amount of redundant information will also increase, thus limiting the detection efficiency. To address this issue, we propose a principal component analysis (PCA)-TVLA-based leakage detection framework which realizes a more advanced balance of accuracy and efficiency. Before implementing TVLA to detect leakage, we project the original power data onto their most significant feature dimensions extracted by the PCA procedure and screen power traces according to the magnitude of their corresponding components in the variance of the projection vector. We verified the overall performance of the proposed framework by measuring the detection capability and efficiency with t-values and the required time, respectively. The results show that compared with similar existing schemes, under the best circumstances, the proposed framework decreases the t-value by 4.3% while saving time by 25.2% on the MCU platform and decreases the t-value by 2.4% while saving time by 38.0% on the FPGA platform. [ABSTRACT FROM AUTHOR]

Published

2022

27. Divided We Stand, United We Fall: Security Analysis of Some SCA+SIFA Countermeasures Against SCA-Enhanced Fault Template Attacks

Author

Saha, Sayandeep, Bag, Arnab, Jap, Dirmanto, Mukhopadhyay, Debdeep, Bhasin, Shivam, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tibouchi, Mehdi, editor, and Wang, Huaxiong, editor

Published

2021

28. CAD for Side-Channel Leakage Assessment

Author

Nahiyan, Adib, (Tony) He, Miao, Park, Jungmin, Tehranipoor, Mark, and Tehranipoor, Mark, editor

Published

2021

29. A Hierarchical Approach for Multiple Periodicity Detection in Software Code Analysis

Author

Mine Kerpicci, Milos Prvulovic, and Alenka Zajic

Subjects

Period detection, multiple periodicities, change point detection, kernel density estimation, average magnitude difference function, side-channel, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

This paper introduces an end-to-end processing method for multiple periodicity signal detection and analysis with particular application in software analysis using analog side channels. The probabilistic distributions of signal blocks are estimated with kernel density estimation. The corresponding kernel bandwidths, which are optimally found in a data-driven manner, are used to detect change points. After separating the signal into parts with different behaviors, average magnitude difference function is leveraged iteratively to find the smallest periodic signal sections. To illustrate efficiency of the proposed method, we use EM side-channel signals collected from real-life applications to successfully detect multiple existing periodicities.

Published

2022

30. Fit the Joint Moments: How to Attack Any Masking Scheme

Author

Valence Cristiani, Maxime Lecomte, Thomas Hiscock, and Philippe Maurine

Subjects

Side-channel, masking, joint moments, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Side-Channel Analysis (SCA) allows extracting secret keys manipulated by cryptographic primitives through leakages of their physical implementations. Supervised attacks, known to be optimal, can theoretically defeat any countermeasure, including masking, by learning the dependency between the leakage and the secret through the profiling phase. However, defeating masking is less trivial when it comes to unsupervised attacks. While classical strategies such as correlation power analysis or linear regression analysis have been extended to masked implementations, we show that these extensions only hold for Boolean and arithmetic schemes. Therefore, we propose a new unsupervised strategy, the Joint Moments Regression (JMR), able to defeat any masking schemes (multiplicative, affine, polynomial, inner product…), which are gaining popularity in real implementations. The main idea behind JMR is to directly regress the leakage model of the shares by fitting a system based on higher-order joint moments conditions. We show that this idea can be seen as part of a more general framework known as the Generalized Method of Moments (GMM). This offers mathematical foundations on which we rely to derive optimizations of JMR. Simulations results confirm the interest of JMR over state-of-the-art attacks, even in the case of Boolean and arithmetic masking. Eventually, we apply this strategy to real traces and provide, to the best of our knowledge, the first unsupervised attack on the protected AES implementation proposed by the ANSSI for SCA research, which embeds an affine masking and shuffling counter-measures.

Published

2022

31. Don’t Learn What You Already Know

Author

Loïc Masure, Valence Cristiani, Maxime Lecomte, and François-Xavier Standaert

Subjects

Profiling Attacks, Side-Channel, Deep Learning, Gradient Descent, Masking, Scheme-Aware, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in an uninformed setting to evaluate implementations protected with higher-order masking. On the opposite, worst-case evaluations may be seen as possibly far from what a real-world adversary could do, thereby leading to too conservative security bounds. In this paper, we propose a new threat model that we name scheme-aware benefiting from a trade-off between uninformed and worst-case models. Our scheme-aware model is closer to a real-world adversary, in the sense that it does not need to have access to the random nonces used by masking during the profiling phase like in a worst-case model, while it does not need to learn the masking scheme as implicitly done by an uninformed adversary. We show how to combine the power of deep learning with the prior knowledge of scheme-aware modeling. As a result, we show on simulations and experiments on public datasets how it sometimes allows to reduce by an order of magnitude the profiling complexity, i.e., the number of profiling traces needed to satisfyingly train a model, compared to a fully uninformed adversary.

Published

2022

32. Efficient Hardware Implementations for Elliptic Curve Cryptography over Curve448

Author

Bisheh Niasar, Mojtaba, Azarderakhsh, Reza, Kermani, Mehran Mozaffari, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Bhargavan, Karthikeyan, editor, Oswald, Elisabeth, editor, and Prabhakaran, Manoj, editor

Published

2020

33. Simple Electromagnetic Analysis Against Activation Functions of Deep Neural Networks

Author

Takatoi, Go, Sugawara, Takeshi, Sakiyama, Kazuo, Li, Yang, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Zhou, Jianying, editor, Conti, Mauro, editor, Ahmed, Chuadhry Mujeeb, editor, Au, Man Ho, editor, Batina, Lejla, editor, Li, Zhou, editor, Lin, Jingqiang, editor, Losiouk, Eleonora, editor, Luo, Bo, editor, Majumdar, Suryadipta, editor, Meng, Weizhi, editor, Ochoa, Martín, editor, Picek, Stjepan, editor, Portokalidis, Georgios, editor, Wang, Cong, editor, and Zhang, Kehuan, editor

Published

2020

34. Low-Noise LLC Side-Channel Attack with Perf

Author

Ko, Youngjoo, Ji, Sangwoo, Kim, Jong, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and You, Ilsun, editor

Published

2020

35. A Machine Learning Based Monitoring Framework for Side-Channel Information Leaks

Author

Michael Lescisin and Qusay H. Mahmoud

Subjects

Data mining, devops, machine learning, security, side-channel, software quality, Electronic computers. Computer science, QA75.5-76.95, Information technology, T58.5-58.64

Abstract

Computer and network security is an ever important field of study as information processed by these systems is of ever increasing value. The state of research on direct attacks, such as exploiting memory safety or shell input errors is well established and a rich set of testing tools are available for these types of attacks. Machine-learning based intrusion detection systems are also available and are commonly deployed in production environments. What is missing, however, is the consideration of implicit information flows, or side-channels. Research has revealed side-channels formed by everything from CPU acoustic noise, to encrypted network traffic patterns, to computer monitor ambient light. Furthermore, no portable method exists for distributing side-channel test cases. This paper introduces a framework for adversary modeling and feedback generation on what the adversary may learn from the various side-channel information sources. The framework operates by monitoring two data streams; the first being the stream of side-channel cues, and the second being the stream of private system activity. These streams are used for training and evaluating a machine learning classifier to determine its performance of private system activity prediction. A prototype has been built to evaluate side-channel effects on four popular scenarios.

Published

2021

36. The Limits of SEMA on Distinguishing Similar Activation Functions of Embedded Deep Neural Networks.

Author

Takatoi, Go, Sugawara, Takeshi, Sakiyama, Kazuo, Hara-Azumi, Yuko, and Li, Yang

Subjects

SIGNAL processing, ARTIFICIAL intelligence, MACHINE learning, INTELLECTUAL property, DEEP learning

Abstract

Artificial intelligence (AI) is progressing rapidly, and in this trend, edge AI has been researched intensively. However, much less work has been performed around the security of edge AI. Machine learning models are a mass of intellectual property, and an optimized network is very valuable. Trained machine learning models need to be black boxes as well because they may give away information about the training data to the outside world. As selecting the appropriate activation functions to enable fast training of accurate deep neural networks is an active area of research, it is important to conceal the information of the activation functions used in a neural network architecture as well. There has been research on the use of physical attacks such as the side-channel attack (SCA) in areas other than cryptography. The SCA is highly effective against edge artificial intelligence due to its property of the device computing close to the user. We studied a previously proposed method to retrieve the activation functions of a black box neural network implemented on an edge device by using simple electromagnetic analysis (SEMA) and improved the signal processing procedure for further noisy measurements. The SEMA attack identifies activation functions by directly observing distinctive electromagnetic (EM) traces that correspond to the operations in the activation function. This method requires few executions and inputs and also has little implementation dependency on the activation functions. We distinguished eight similar activation functions with EM measurements and examined the versatility and limits of this attack. In this work, the machine learning architecture is a multilayer perceptron, evaluated on an Arduino Uno. [ABSTRACT FROM AUTHOR]

Published

2022

37. Power Analysis and Protection on SPECK and Its Application in IoT

Author

Ge, Jing, Wang, An, Zhu, Liehuang, Liu, Xin, Shang, Ning, Zhang, Guoshuang, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Chen, Songqing, editor, Choo, Kim-Kwang Raymond, editor, Fu, Xinwen, editor, Lou, Wenjing, editor, and Mohaisen, Aziz, editor

Published

2019

38. Measuring Security of Symmetric Encryption Schemes Against On-the-Fly Side-Channel Key-Recovery Attacks

Author

Santoso, Bagus, Oohama, Yasutada, Su, Chunhua, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Liu, Joseph K., editor, and Huang, Xinyi, editor

Published

2019

39. Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)

Author

Yaacov Belenky, Vadim Bugaenko, Leonid Azriel, Hennadii Chernyshchyk, Ira Dushar, Oleg Karavaev, Oleh Maksimenko, Yulia Ruda, Valery Teper, and Yury Kreimer

Subjects

Side-channel, DPA, SCA, FIA, AES, Algebraic, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

In this work, we present RAMBAM, a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements. From this concept, we derive a family of protected hardware implementations of AES. A fundamental property of RAMBAM is a security parameter d that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to the first and higher-order side-channel attacks, and protection against SIFA-1. We present an analytical model that explains how the scheme reduces the leakage and how the design choices affect it. Furthermore, we demonstrate experimentally how different design choices achieve the required goals. In particular, the compact version exhibits a gate count as low as 12.075 kGE, while maintaining adequate protection. The performance-oriented version provides latency as low as one round per cycle, thus combining protection against SCA and SIFA-1 with high performance which is one of the original design goals of AES. Finally, we assess the leakage of the scheme for the first and the second (bivariate) orders using TVLA methodology on an FPGA implementation and observe resilience to at least 348M traces with 16 Sboxes.

Published

2022

40. Off-Path TCP Hijacking Attacks via the Side Channel of Downgraded IPID.

Author

Feng, Xuewei, Li, Qi, Sun, Kun, Fu, Chuanpu, and Xu, Ke

Subjects

INTERNET traffic, KERNEL operating systems, IP networks, INTERNET protocol version 6

Abstract

In this paper, we uncover a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections by manipulating the new mixed IPID assignment method, which is widely used in Linux kernel version 4.18 and beyond. Our attack has three steps. First, an off-path attacker can downgrade the IPID assignment for TCP packets from the more secure per-socket-based policy to the less secure hash-based policy, thus building a shared IPID counter that forms a side channel in the victim. Second, the attacker detects the presence of TCP connections by observing the side channel of the shared IPID counter. Third, the attacker infers sequence and acknowledgment numbers of the detected connection by observing the side channel. Consequently, the attacker can completely hijack the connection, e.g., resetting the connection or poisoning the data stream. We evaluate the impacts of our attack in the real world, and we uncover that more than 20% of Alexa top 100k websites are vulnerable to our attack. Our case studies of SSH DoS, manipulating web traffic, and poisoning BGP routing tables show its threat on a wide range of applications. Moreover, we demonstrate that our attack can be further extended to exploit IPv4/IPv6 dual-stack networks on increasing the hash collisions and enlarging vulnerable populations. Finally, we analyze the root cause and develop a new IPID assignment method to defeat this attack. We prototype our defense in Linux 4.18 and confirm its effectiveness in the real world. [ABSTRACT FROM AUTHOR]

Published

2022

41. A time and place for everything: Side-Channel verification using Co-Simulation

Author

Jayaraman, Ramesh Krishna

Subjects

Computer engineering, Computer science, Hardware Security, Side-channel, Spectre, Verification

Abstract

Since the advent of the modern microprocessor, the pursuit of better performance has led to increased design complexity. This increased complexity manifests due to adopting several design concepts like branch prediction, speculative execution, Out-of-Order execution, and their respective implementation choices. When implementing these design concepts in hardware, it is necessary to store information about the execution state of the processor in some form. By design, multiple processes can run on the same hardware. This leads to the execution state of any given process being influenced by one or more other processes. This creates massive security vulnerabilities through timing side-channel attacks, the most infamous classes belonging to Spectre, MDS, and Foreshadow. These are flaws inherent in the nature of the aforementioned design concepts due to their need to maintain information about the execution state to deliver increased performance. These vulnerabilities are found in most deployed modern processors. Most attempts at fixing or patching them through software incur huge performance penalties and require a hardware redesign to recoup them. This work presents a framework to be deployed during the design and verification of microprocessors that will utilize the timing and side-channel effects of these vulnerabilities to the designers' advantage to prove the existence of such vulnerabilities in designs that have been verified using conventional design methodologies. We demonstrate the incidence of timing and side-channel effects in three RISC-V designs, Ariane, BlackParrot, and BOOM. We also prove the correctness of our framework using the patched version of these designs.

Published

2022

42. On the design and implementation of secure network protocols

Author

AlFardan, Nadhem J.

Subjects

005.8, TLS, SSL, Cryptanalysis, Attacks, Network, Protocols, side-channel, timing, DTLS, DNS, DepenDNS, Lucky13, PRF, block cipher

Abstract

Network Protocols are critical to the operation of the Internet and hence the security of these protocols is paramount. Our work covers the security of three widely deployed protocols: Domain Name System (DNS), Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Our work shows that the design or implementation of some variants of these protocols are vulnerable to attacks that compromise their fundamental security features. In all of the cases we include experimental results demonstrating the feasibility of our attacks in realistic network environments. We propose a number of countermeasures for the attacks, some of which have already been implemented in practice. We start by describing the structure of DNS and present a number of existing DNS security protocols. We then focus on DepenDNS, a security protocol that is intended to protect DNS clients against cache poisoning attacks. We demonstrate that DepenDNS suffers from operational deficiencies, and is vulnerable to cache poisoning and denial of service attacks. We then give an overview of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), and draw the similarities and differences between the two protocols. We describe the padding oracle concept and present a number of recent attacks against TLS. We then present new techniques to conduct a full plaintext recovery attack against the OpenSSL implementation of DTLS, and a partial plaintext recovery attack against the GnuTLS implementation of TLS and DTLS. Our attacks exploit timing-based side channels that would not have been exploitable without our new techniques. We also describe countermeasures for the attacks. We then present new distinguishing and plaintext recovery attacks against all versions of TLS and DTLS and in almost all implementations of the two protocols. Our attacks are based on timing-based side channels and exploit TLS and DTLS design and implementation decisions. We describe how to conduct a full plaintext recovery attack against implementations that follow the standard, and a partial plaintext recovery attack against implementations that do not. We discuss a number of countermeasures for the attacks, and describe their practicality and effectiveness. We conclude the thesis by discussing the wider implications of our work on the design and implementation of secure network protocols.

Published

2014

43. Countermeasures against Static Power Attacks

Author

Thorben Moos and Amir Moradi

Subjects

Static Power, Side-Channel, SPSCA, Countermeasures, Shuffling, SDRL, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

In recent years it has been demonstrated convincingly that the standby power of a CMOS chip reveals information about the internally stored and processed data. Thus, for adversaries who seek to extract secrets from cryptographic devices via side-channel analysis, the static power has become an attractive quantity to obtain. Most works have focused on the destructive side of this subject by demonstrating attacks. In this work, we examine potential solutions to protect circuits from silently leaking sensitive information during idle times. We focus on countermeasures that can be implemented using any common digital standard cell library and do not consider solutions that require full-custom or analog design flow. In particular, we evaluate and compare a set of five distinct standard-cell-based hiding countermeasures, including both, randomization and equalization techniques. We then combine the hiding countermeasures with state-of-the-art hardware masking in order to amplify the noise level and achieve a high resistance against attacks. An important part of our contribution is the proposal and evaluation of the first ever standard-cell-based balancing scheme which achieves perfect data-independence on paper, i.e., in absence of intra-die process variations and aging effects. We call our new countermeasure Exhaustive Logic Balancing (ELB). While this scheme, applied to a threshold implementation, provides the highest level of resistance in our experiments, it may not be the most cost effective option due to the significant resource overhead associated. All evaluated countermeasures and combinations thereof are applied to a serialized hardware implementation of the PRESENT block cipher and realized as cryptographic co-processors on a 28nm CMOS ASIC prototype. Our experimental results are obtained through real-silicon measurements of a fabricated die of the ASIC in a temperature-controlled environment using a source measure unit (SMU). We believe that our elaborate comparison serves as a useful guideline for hardware designers to find a proper tradeoff between security and cost for almost any application.

Published

2021

44. USB powered devices: A survey of side-channel threats and countermeasures

Author

Hao Liu, Riccardo Spolaor, Federico Turrin, Riccardo Bonafede, and Mauro Conti

Subjects

Smart devices, USB, Side-channel, Security, Electronic computers. Computer science, QA75.5-76.95

Abstract

Recent technological innovations lead to the rise of a plethora of portable electronic devices such as smartphones, small household appliances, and other IoT devices. To power or recharge the battery of such devices, manufacturers identified in the ubiquitous Universal Serial Bus (USB) standard a convenient solution, as it enables both communication and energy supply. Unfortunately, the default trust on USB ports has been exploited by hackers to extract highly sensitive user data on such devices. Despite the efforts by security experts and manufacturers to detect and block this threat, an even more stealthy approach to undermine users privacy relies on side-channel attacks on the USB interface, such as electromagnetic emissions and power consumption.In this paper, we present a comprehensive survey of the state-of-the-art of side-channel analysis on the security of USB-powered devices. Differently from other surveys on USB-based attacks via the communication interface only, this survey considers research works that aim to infer or extract private information from the energy supply, the device itself, or unintentionally available functionalities. In particular, we consider this emergent trend of security work that was not previously considered in other surveys, such as the energy consumption and electromagnetic emission analyses, as well as Juice Filming Charging (JFC) attacks. We first analyze the physical properties of the side-channels and technical characteristics of such research work, we then summarize the countermeasures proposed in the state-of-the-art. Finally, we also identify some possible future directions to foster further research in this field.

Published

2021

45. Side-Channel Based Intrusion Detection for Industrial Control Systems

Author

Van Aubel, Pol, Papagiannopoulos, Kostas, Chmielewski, Łukasz, Doerr, Christian, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, D'Agostino, Gregorio, editor, and Scala, Antonio, editor

Published

2018

46. Recovering Memory Access Sequence with Differential Flush+Reload Attack

Author

Yuan, Zhiwei, Li, Yang, Sakiyama, Kazuo, Sugawara, Takeshi, Wang, Jian, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Su, Chunhua, editor, and Kikuchi, Hiroaki, editor

Published

2018

47. SCATTER: A New Dimension in Side-Channel

Author

Thiebeauld, Hugues, Gagnerot, Georges, Wurcker, Antoine, Clavier, Christophe, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Fan, Junfeng, editor, and Gierlichs, Benedikt, editor

Published

2018

48. Masking the GLP Lattice-Based Signature Scheme at Any Order

Author

Barthe, Gilles, Belaïd, Sonia, Espitau, Thomas, Fouque, Pierre-Alain, Grégoire, Benjamin, Rossi, Mélissa, Tibouchi, Mehdi, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Nielsen, Jesper Buus, editor, and Rijmen, Vincent, editor

Published

2018

49. Secure Realization of Lightweight Block Cipher: A Case Study Using GIFT

Author

Satheesh, Varsha, Shanmugam, Dillibabu, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Chattopadhyay, Anupam, editor, Rebeiro, Chester, editor, and Yarom, Yuval, editor

Published

2018

50. Tight Private Circuits: Achieving Probing Security with the Least Refreshing

Author

Belaïd, Sonia, Goudarzi, Dahmun, Rivain, Matthieu, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Peyrin, Thomas, editor, and Galbraith, Steven, editor

Published

2018