To see the other types of publications on this topic, follow the link: Side channels attacks.
Journal articles on the topic 'Side channels attacks'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Side channels attacks.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Mostovoy, R. A., A. B. Levina, D. M. Sleptsova, and P. S. Borisenko. "SIDE-CHANNEL ATTACKS ON THE MOBILE PHONES." Vestnik komp'iuternykh i informatsionnykh tekhnologii, no. 186 (December 2019): 46–53. http://dx.doi.org/10.14489/vkit.2019.12.pp.046-053.
Full textAbstract:
Currently, attacks on side channels are the main method of cryptanalysis, but despite this, these attacks have a very specific model of the attacker. As a result, the practical usage of side-channel attacks is sometimes disputable. The level of threat in each case should be assessed taking into account the individual characteristics of a specific target system. Client applications, such as mobile phone applications, are especially vulnerable due to easy access to the device, so it's required to pay sufficient attention to their security, since they are more accessible to the attacker and usually contain a large amount of confidential information. This study represents an assessment of the informativeness of signals from side channels received from mobile phones. The studies used not expensive equipment to minimize the requirements for the level of the attacker and, consequently, increase the applicability of the attack. This undoubtedly leads to the complication of the attacks, so the NICV algorithm was used to analyze the data obtained. The NICV (normalized interclass variance) algorithm can significantly improve the efficiency of the analysis of the traces obtained during an attack by reducing the number of points.
2
Brotzman, Robert, Danfeng Zhang, Mahmut Taylan Kandemir, and Gang Tan. "SpecSafe: detecting cache side channels in a speculative world." Proceedings of the ACM on Programming Languages 5, OOPSLA (October 20, 2021): 1–28. http://dx.doi.org/10.1145/3485506.
Full textAbstract:
The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.
3
Boroda, Anatoly, and Taras Petrenko. "IMPACT OF ATTACKS THROUGH SIDE CHANNELS ON INFORMATION SECURITY." TECHNICAL SCIENCES AND TECHNOLOGIES, no. 4(34) (2023): 91–103. http://dx.doi.org/10.25140/2411-5363-2023-4(34)-91-103.
Full textAbstract:
The main structural elements of security mechanisms based on cryptography are cryptographic primitives, namely cryptographic algorithms -symmetric ciphers, public key ciphers and hash functions, which are used to implement the necessary functions of the security mechanism. In order for the cryptographic system to ensure information security, it is necessary that the secret keys used in the cryptographic algorithms for security implementation remain secret (not revealed) under any circumstances. However, in practice, the implementation and operation of cryptographic security mechanisms is far from the perfection of an ideal "black box". That is why side channel attacks are a serious threat to the security of cryptographic modules and, as a result, to the information security of computing and communication systems. Therefore, when implementing protection mechanisms, all possibilities of such attacks should be evaluated and all aspects of their application should be taken into account.The analysis of scientific works in the field of protection of cryptographic systems against attacks by side channels proved that these issues are not given enough attention today.The purpose of the article is the study of attacks through side channels on the implementation of crypto-protection mechanisms, the analysis of the features of their implementation, and an overview of the mechanisms for ensuring information security during the destructive effects of these attacks.The paper considers one of the practical directions of cryptanalysis -attacks through side channels on the implementation of crypto-protection mechanisms. The differences between theoretical cryptanalysis and side-channel attacks are studied. The possibilities of side-channel attacks and the specifics of failure injection attacks are analyzed. The features of ensuring information security during the implementation of cryptographic algorithms for protection against side channel attacks are considered. The need to take into account the threat of these attacks when ensuring the information security of computer and communication systems is proven
4
Lou, Xiaoxuan, Tianwei Zhang, Jun Jiang, and Yinqian Zhang. "A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography." ACM Computing Surveys 54, no. 6 (July 2021): 1–37. http://dx.doi.org/10.1145/3456629.
Full textAbstract:
Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection enforced by the operating system and steal the secrets from the program. In this article, we systematize microarchitectural side channels with a focus on attacks and defenses in cryptographic applications. We make three contributions. (1) We survey past research literature to categorize microarchitectural side-channel attacks. Since these are hardware attacks targeting software, we summarize the vulnerable implementations in software, as well as flawed designs in hardware. (2) We identify common strategies to mitigate microarchitectural attacks, from the application, OS, and hardware levels. (3) We conduct a large-scale evaluation on popular cryptographic applications in the real world and analyze the severity, practicality, and impact of side-channel vulnerabilities. This survey is expected to inspire side-channel research community to discover new attacks, and more importantly, propose new defense solutions against them.
5
Su, Chao, and Qingkai Zeng. "Survey of CPU Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures." Security and Communication Networks 2021 (June 10, 2021): 1–15. http://dx.doi.org/10.1155/2021/5559552.
Full textAbstract:
Privacy protection is an essential part of information security. The use of shared resources demands more privacy and security protection, especially in cloud computing environments. Side-channel attacks based on CPU cache utilize shared CPU caches within the same physical device to compromise the system’s privacy (encryption keys, program status, etc.). Information is leaked through channels that are not intended to transmit information, jeopardizing system security. These attacks have the characteristics of both high concealment and high risk. Despite the improvement in architecture, which makes it more difficult to launch system intrusion and privacy leakage through traditional methods, side-channel attacks ignore those defenses because of the shared hardware. Difficult to be detected, they are much more dangerous in modern computer systems. Although some researchers focus on the survey of side-channel attacks, their study is limited to cryptographic modules such as Elliptic Curve Cryptosystems. All the discussions are based on real-world applications (e.g., Curve25519), and there is no systematic analysis for the related attack and security model. Firstly, this paper compares different types of cache-based side-channel attacks. Based on the comparison, a security model is proposed. The model describes the attacks from four key aspects, namely, vulnerability, cache type, pattern, and range. Through reviewing the corresponding defense methods, it reveals from which perspective defense strategies are effective for side-channel attacks. Finally, the challenges and research trends of CPU cache-based side-channel attacks in both attacking and defending are explored. The systematic analysis of CPU cache-based side-channel attacks highlights the fact that these attacks are more dangerous than expected. We believe our survey would draw developers’ attention to side-channel attacks and help to reduce the attack surface in the future.
6
Attah, Amankwah. "Mitigating Electromagnetic Side-Channel Attacks." Advances in Multidisciplinary and scientific Research Journal Publication 1, no. 1 (July 20, 2022): 71–76. http://dx.doi.org/10.22624/aims/crp-bk3-p12.
Full textAbstract:
By providing new sources of electronic evidence, the Internet of Things (IoT) has opened up new possibilities for digital forensics. Obtaining electronic data from IoT, on the other hand, is a difficult process for a variety of reasons, including the use of various types of standard interfaces, the use of light-weight data encryption, such as elliptic curve cryptography (ECC), and so on. The use of electromagnetic side-channel analysis (EM-SCA) to obtain forensically valuable electronic data from IoT devices has been proposed. EM side-channel analysis is a technique for eavesdropping on the operations and data handling of computing devices using unintentional electromagnetic emissions. However, successful EM-SCA attacks on IoT devices require expert knowledge and specialized tools that are not available to most digital forensic investigators. The electromagnetic side-channel (EM-SC) is one of several types of side-channel approaches for extracting usable electronic data from IoT devices. This paper with focus on Electromagnetic side-channel (EM-SC), the positive and negative usage and how to mitigate the negative usage. Keywords: Electromagnetic, Side-channels, digital forensics, IOT, electronic evidence, Africa.
7
Derevianko, Ya A., and I. D. Gorbenko. "FALCON signature vulnerability to special attacks and its protection." Radiotekhnika, no. 210 (September 28, 2022): 37–52. http://dx.doi.org/10.30837/rt.2022.3.210.03.
Full textAbstract:
It is well known that quantum algorithms offer exponential speedup in solving the integer factorization and discrete logarithm problems that existing public-key systems rely on. Thus, post-quantum cryptography seeks alternative classical algorithms that can withstand quantum cryptanalysis. Growing concern about the quantum threat has prompted the National Institute of Standards and Technology (NIST) to invite and evaluate applications for a post-quantum cryptography standard, an ongoing process scheduled to be completed by 2023.
Falcon is an electronic signature algorithm based on the mathematics of algebraic lattices. The disadvantage of this algorithm is the small number of studies of resistance against special attacks, as well as attacks through side channels.
This material examines existing attacks on the implementation, and also analyzes the speed with applying countermeasures that would prevent such attacks. Although the Falcon scheme sampler, as well as certain mathematical transformations, are still vulnerable to attacks (which in turn allow the private key to be obtained), the efficiency of the components and mathematics of this signature algorithm make it competitive with other schemes, even with countermeasures against these attacks.
The work will also consider the attack by side channels on the Falcon. Such an attack is a known-plaintext attack that uses the device's electromagnetic radiation to derive secret signature keys, which can then be used to forge signatures in arbitrary messages. The obtained results show that Falcon is quite vulnerable to side-channel attacks and does not yet have protection against such attacks in the proposed implementation. Because of this, standardization or implementation should consider the possibility of physical attacks, as well as options for countering such attacks.
8
Alexander, Geoffrey, Antonio M. Espinoza, and Jedidiah R. Crandall. "Detecting TCP/IP Connections via IPID Hash Collisions." Proceedings on Privacy Enhancing Technologies 2019, no. 4 (October 1, 2019): 311–28. http://dx.doi.org/10.2478/popets-2019-0071.
Full textAbstract:
Abstract We present a novel attack for detecting the presence of an active TCP connection between a remote Linux server and an arbitrary client machine. The attack takes advantage of side-channels present in the Linux kernel’s handling of the values used to populate an IPv4 packet’s IPID field and applies to kernel versions of 4.0 and higher. We implement and test this attack and evaluate its real world effectiveness and performance when used on active connections to popular web servers. Our evaluation shows that the attack is capable of correctly detecting the IP-port 4-tuple representing an active TCP connection in 84% of our mock attacks. We also demonstrate how the attack can be used by the middle onion router in a Tor circuit to test whether a given client is connected to the guard entry node associated with a given circuit. In addition we discuss the potential issues an attacker would face when attempting to scale it to real world attacks, as well as possible mitigations against the attack. Our attack does not exhaust any global resource, and therefore challenges the notion that there is a direct one-to-one connection between shared, limited resources and non-trivial network side-channels. This means that simply enumerating global shared resources and considering the ways in which they can be exhausted will not suffice for certifying a kernel TCP/IP network stack to be free of privacy risk side-channels.
9
Bache, Florian, Christina Plump, Jonas Wloka, Tim Güneysu, and Rolf Drechsler. "Evaluation of (power) side-channels in cryptographic implementations." it - Information Technology 61, no. 1 (February 25, 2019): 15–28. http://dx.doi.org/10.1515/itit-2018-0028.
Full textAbstract:
Abstract Side-channel attacks enable powerful adversarial strategies against cryptographic devices and encounter an ever-growing attack surface in today’s world of digitalization and the internet of things. While the employment of provably secure side-channel countermeasures like masking have become increasingly popular in recent years, great care must be taken when implementing these in actual devices. The reasons for this are two-fold: The models on which these countermeasures rely do not fully capture the physical reality and compliance with the requirements of the countermeasures is non-trivial in complex implementations. Therefore, it is imperative to validate the SCA-security of concrete instantiations of cryptographic devices using measurements on the actual device. In this article we propose a side-channel evaluation framework that combines an efficient data acquisition process with state-of-the-art confidence interval based leakage assessment. Our approach allows a sound assessment of the potential susceptibility of cryptographic implementations to side-channel attacks and is robust against noise in the evaluation system. We illustrate the steps in the evaluation process by applying them to a protected implementation of AES.
10
Zhang, Xiaojuan, Yayun Zhu, Baiji Hu, Jingyi Cao, and Ziqing Lin. "A Novel Power System Side Channel Attack Method Based on Machine Learning CNN-Transformer." Journal of Physics: Conference Series 2615, no. 1 (October 1, 2023): 012011. http://dx.doi.org/10.1088/1742-6596/2615/1/012011.
Full textAbstract:
Abstract Continuous advancements in cryptography and information technology have rendered current cryptographic algorithms highly robust against traditional cryptanalysis methods. However, in modern power systems, the equipment’s inherent process characteristics result in the leakage of side channel information during the operation of cryptographic algorithms. This information includes power consumption, electromagnetic signals, and timing data. Adversaries can exploit these side channels to compromise encryption keys. To address this issue, a groundbreaking power system side-channel attack method is introduced in this paper, leveraging the CNN-Transformer architecture in machine learning. The proposed approach utilizes power consumption analysis techniques to identify relevant points of interest in the side channel power consumption data. By employing a machine learning model for training, encryption can be breached. Empirical results demonstrate the superior attack efficiency of the model compared to LSTM and CNN models in side channel attacks.
11
Aydin, Furkan, Aydin Aysu, Mohit Tiwari, Andreas Gerstlauer, and Michael Orshansky. "Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols." ACM Transactions on Embedded Computing Systems 20, no. 6 (November 30, 2021): 1–22. http://dx.doi.org/10.1145/3476799.
Full textAbstract:
Key exchange protocols and key encapsulation mechanisms establish secret keys to communicate digital information confidentially over public channels. Lattice-based cryptography variants of these protocols are promising alternatives given their quantum-cryptanalysis resistance and implementation efficiency. Although lattice cryptosystems can be mathematically secure, their implementations have shown side-channel vulnerabilities. But such attacks largely presume collecting multiple measurements under a fixed key, leaving the more dangerous single-trace attacks unexplored. This article demonstrates successful single-trace power side-channel attacks on lattice-based key exchange and encapsulation protocols. Our attack targets both hardware and software implementations of matrix multiplications used in lattice cryptosystems. The crux of our idea is to apply a horizontal attack that makes hypotheses on several intermediate values within a single execution all relating to the same secret, and to combine their correlations for accurately estimating the secret key. We illustrate that the design of protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel extend-and-prune procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two protocols, Frodo and FrodoKEM , and reveal that they are vulnerable to our attack. We implement both stand-alone hardware and RISC-V based software realizations and test the effectiveness of the proposed attack by using concrete parameters of these protocols on physical platforms with real measurements. We show that the proposed attack can estimate secret keys from a single power measurement with over 99% success rate.
12
Gnanavel, S., K. E. Narayana, K. Jayashree, P. Nancy, and Dawit Mamiru Teressa. "Implementation of Block-Level Double Encryption Based on Machine Learning Techniques for Attack Detection and Prevention." Wireless Communications and Mobile Computing 2022 (July 9, 2022): 1–9. http://dx.doi.org/10.1155/2022/4255220.
Full textAbstract:
Cloud computing is one of the most important business models of modern information technology. It provides a minimum of various services to the user interaction and low cost (hardware and software). Cloud services are based on the newline architectures on virtualization by using the multitenancy for better resource management and newline strong isolation between several virtual machines (VMs). The spying on a victim VM is challenging, particularly when one wants to use per-core microarchitectural features as a side channel. For example, the cache contains the most potential for damaging side channels, but shared information across different cores affects the cloud information. To overcome this problem, propose the Secure Block-Level Double Encryption (SBLDE) algorithm for user signature verification in the cloud server. It uses identity-based detection techniques to monitor the colocated VMs to identify abnormal cache data and channel behaviors typically during VM data transformation. The identity-based linear classification (IBLC) method is used for classifying the attacker channel when the data is transferred/retrieved from the VM cloud server. This cloud controller finds the channel misbehavior to block the port or channel, changing other available ports’ communication. The service verification provides strong user access permission on the cloud server when the unknown request to the cloud server suddenly executes the key authentication to verify the user permission. This linear classification trains the existing side-channel attack datasets to the classifier and identifies the VM cloud’s attack channel. The study focused on preventing attacks from interrupting the system and serves as an effective means for cross-VM side-channel attacks. This proposed method protects the cloud data and prevents cross-VM channel attack detection efficiently, compared to other existing methods. In this overall proposed method, SBLDE’s performance is to be evaluated and then compared with the existing method.
13
Wu, Dehua, Wan’ang Xiao, Shan Gao, and Wanlin Gao. "A novel cache based on dynamic mapping against speculative execution attacks." MATEC Web of Conferences 355 (2022): 03054. http://dx.doi.org/10.1051/matecconf/202235503054.
Full textAbstract:
The Spectre attacks exploit the speculative execution vulnerabilities to exfiltrate private information by building a leakage channel. Creation of a leakage channel is the basic element for spectre attacks, among which the cache-tag side channel is considered to be the most serious one. To block the leakage channels, a novel cache applies Dynamic Mapping technology, named DmCache, is presented in this paper. DmCache applies a dynamic mapping mechanism to temporarily store all the cache lines polluted by speculative execution and keep invisible when accessing. Then it monitors the head of the reorder buffer to determine which polluted cache line can become visible. In this paper, we demonstrated that Spectre attacks exerted no impact on a processor system equipped with DmCache based on the analysis of the processor’s circuit behaviour, which equipped with the DmCache and under the Spectre attack.
14
Albalawi, Abdullah. "On Preventing and Mitigating Cache Based Side-Channel Attacks on AES System in Virtualized Environments." Computer and Information Science 17, no. 1 (February 27, 2024): 9. http://dx.doi.org/10.5539/cis.v17n1p9.
Full textAbstract:
Cloud computing aims to cut costs through a reduction in spending on equipment, infrastructure, and software by applying the multi-tenancy feature. Despite all the benefits of multi-tenancy, it is still a source of risk in cloud computing. Cloud adoption may be hampered by security concerns if suitable cloud-based security solutions are not available. Moreover, virtualization that enables multi-tenancy, considered one of the main components of a cloud, introduces major security risks and does not offer appropriate isolation between different instances running on the same physical machine. In this paper, we present a preliminary idea that may support the development of new countermeasures for a particular type of threat, namely cache-based side-channel attacks that target cache memories in virtualized environments. Attackers specifically target virtual machines in this type of attack to create many side channels and gather sensitive data. Additionally, this research offers preliminary concepts to aid in developing of solutions or defenses that enable us to identify unusual activity that could point to attacks associated with multi-tenancy, as well as security measures that preserve the benefits of multi-tenancy while lowering security concerns.
15
Ma, Cong, Dinghao Wu, Gang Tan, Mahmut Taylan Kandemir, and Danfeng Zhang. "Quantifying and Mitigating Cache Side Channel Leakage with Differential Set." Proceedings of the ACM on Programming Languages 7, OOPSLA2 (October 16, 2023): 1470–98. http://dx.doi.org/10.1145/3622850.
Full textAbstract:
Cache side-channel attacks leverage secret-dependent footprints in CPU cache to steal confidential information, such as encryption keys. Due to the lack of a proper abstraction for reasoning about cache side channels, existing static program analysis tools that can quantify or mitigate cache side channels are built on very different kinds of abstractions. As a consequence, it is hard to bridge advances in quantification and mitigation research. Moreover, existing abstractions lead to imprecise results. In this paper, we present a novel abstraction, called differential set, for analyzing cache side channels at compile time. A distinguishing feature of differential sets is that it allows compositional and precise reasoning about cache side channels. Moreover, it is the first abstraction that carries sufficient information for both side channel quantification and mitigation. Based on this new abstraction, we develop a static analysis tool DSA that automatically quantifies and mitigates cache side channel leakage at the same time. Experimental evaluation on a set of commonly used benchmarks shows that DSA can produce more precise leakage bound as well as mitigated code with fewer memory footprints, when compared with state-of-the-art tools that only quantify or mitigate cache side channel leakage.
16
He, Jiaji, Xiaolong Guo, Mark Tehranipoor, Apostol Vassilev, and Yier Jin. "EM Side Channels in Hardware Security: Attacks and Defenses." IEEE Design & Test 39, no. 2 (April 2022): 100–111. http://dx.doi.org/10.1109/mdat.2021.3135324.
Full text
17
Jayasinghe, Darshana, Aleksandar Ignjatovic, Roshan Ragel, Jude Angelo Ambrose, and Sri Parameswaran. "QuadSeal: Quadruple Balancing to Mitigate Power Analysis Attacks with Variability Effects and Electromagnetic Fault Injection Attacks." ACM Transactions on Design Automation of Electronic Systems 26, no. 5 (June 5, 2021): 1–36. http://dx.doi.org/10.1145/3443706.
Full textAbstract:
Side channel analysis attacks employ the emanated side channel information to deduce the secret keys from cryptographic implementations by analyzing the power traces during execution or scrutinizing faulty outputs. To be effective, a countermeasure must remove or conceal as many as possible side channels. However, many of the countermeasures against side channel attacks are applied independently. In this article, the authors present a novel countermeasure (referred to as QuadSeal ) against Power Analysis Attacks and Electromagentic Fault Injection Attacks (FIAs), which is an extension of the work proposed in Reference [27]. The proposed solution relies on algorithmically balancing both Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances, and aging effects. After generating the ciphertext, the output of each circuit is compared against each other to detect any fault injections or to correct the faulty ciphertext to gain reliability. The proposed countermeasure allows components to be switched off to save power or to run four executions in parallel for high performance when resistance against power analysis attacks is not of high priority, which is not available with the existing countermeasures (except software based where source code can be changed). The proposed countermeasure is implemented for Advanced Encryption Standard (AES) and tested against Correlation Power Analysis and Mutual Information Attacks attacks (for up to a million traces), and none of the secret keys was found even after one million power traces (the unprotected AES circuit is vulnerable for power analysis attacks within 5,000 power traces). A detection circuit (referred to as C-FIA circuit) is operated using the algorithmic redundancy presented in four circuits of QuadSeal to mitigate Electromagnetic Fault Injection Attacks. Using Synopsys PrimeTime, we measured the power dissipation of QuadSeal registers and XOR gates to test the effectiveness of Quadruple balancing methodology. We tested the QuadSeal countermeasure with C-FIA circuit against Differential Fault Analysis Attacks up to one million traces; no bytes of the secret key were found. This is the smallest known circuit that is capable of withstanding power-based side channel attacks when electromagnetic injection attack resistance, process variations, path imbalances, and aging effects are considered.
18
Soares, Rafael I., Ney L. V. Calazans, Victor Lomné, Amine Dehbaoui, Philippe Maurine, and Lionel Torres. "A GALS Pipeline DES Architecture to Increase Robustness against CPA and CEMA Attacks." Journal of Integrated Circuits and Systems 6, no. 1 (December 27, 2011): 25–34. http://dx.doi.org/10.29292/jics.v6i1.335.
Full textAbstract:
Side channels attacks (SCAs) are very effective and low cost methods to extract secret information from supposedly secure cryptosystems.The traditional synchronous design flow used to create such systems favors the leakage of information, which enables attackers to draw correlations between data processes and circuit power consumption, electromagnetic radiation or other sources of leakage. By using well known analysis techniques, these correlations may allow that an attacker retrieves secret cryptographic keys. Differential Power Analysis (DPA) and Differential Electromagnetic Analysis (DEMA) are among the most cited attack types. More accurate types of attacks have been proposed, including Correlation Power Analysis (CPA) that associates power quantities with a specific power model. In recent years, several countermeasures against SCAs have been proposed. Fully asynchronous and globally asynchronous locally synchronous (GALS) design methods appear as alternatives to design tamper resistant cryptosystems. However, according to previous works they use to achieve this with significant area, throughput, latency and power penalties and are not absolutely secure. This paper proposes a new GALS pipeline architecture for the Data Encryption Standard (DES) that explores the trade-off between circuit area and robustness to SCAs. Robustness is enhanced by replicating the DES hardware structure in asynchronously communicating module instances, coupled with self-varying operating frequencies. Designs prototyped on FPGAs with the proposed technique presented promising robustness against attacks, after submitted to differential and correlation analyses. This is true for both power and electromagnetic channels. Additionally the proposed architecture displays throughput superior to previously reported results.
19
Szefer, Jakub. "Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses." Journal of Hardware and Systems Security 3, no. 3 (September 13, 2018): 219–34. http://dx.doi.org/10.1007/s41635-018-0046-1.
Full text
20
Gruss, Daniel. "Software-based microarchitectural attacks." it - Information Technology 60, no. 5-6 (December 19, 2018): 335–41. http://dx.doi.org/10.1515/itit-2018-0034.
Full textAbstract:
Abstract Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural attacks leak this data (side channels) or exploit physical imperfections to take control of the entire system (fault attacks). In my thesis (D. Gruss. Software-based Microarchitectural Attacks. PhD thesis, Graz University of Technology, 2017), I improved over state of the art in microarchitectural attacks and defenses in three dimensions. I cover these briefly in this summary. First, I show that attacks can be fully automated. Second, I present several novel previously unknown side channels. Third, I show that attacks can be mounted in highly restricted environments such as sandboxed JavaScript code in websites, and on any computer system including smartphones, tablets, personal computers, and commercial cloud systems. These results formed one of the corner stones for attacks like Meltdown (M. Lipp et al. Meltdown: Reading kernel memory from user space. In USENIX Security Symposium, 2018) and Spectre (P. Kocher et al. Spectre attacks: Exploiting speculative execution. In S&P, 2019) which were discovered months after the thesis was concluded.
21
Terauchi, Tachio, and Timos Antonopoulos. "Bucketing and information flow analysis for provable timing attack mitigation." Journal of Computer Security 28, no. 6 (November 27, 2020): 607–34. http://dx.doi.org/10.3233/jcs-191356.
Full textAbstract:
This paper investigates the effect of bucketing in security against timing-channel attacks. Bucketing is a technique proposed to mitigate timing-channel attacks by restricting a system’s outputs to only occur at designated time intervals, and has the effect of reducing the possible timing-channel observations to a small number of possibilities. However, there is little formal analysis on when and to what degree bucketing is effective against timing-channel attacks. In this paper, we show that bucketing is in general insufficient to ensure security. Then, we present two conditions that can be used to ensure security of systems against adaptive timing-channel attacks. The first is a general condition that ensures that the security of a system decreases only by a limited degree by allowing timing-channel observations, whereas the second condition ensures that the system would satisfy the first condition when bucketing is applied and hence becomes secure against timing-channel attacks. A main benefit of the conditions is that they allow separation of concerns whereby the security of the regular channel can be proven independently of concerns of side-channel information leakage, and certain conditions are placed on the side channel to guarantee the security of the whole system. Further, we show that the bucketing technique can be applied compositionally in conjunction with the constant-time-implementation technique to increase their applicability. While we instantiate our contributions to timing channel and bucketing, many of the results are actually quite general and are applicable to any side channels and techniques that reduce the number of possible observations on the channel. It is interesting to note that our results make non-trivial (and somewhat unconventional) uses of ideas from information flow research such as channel capacity and refinement order relation.
22
Tian, Jing, Gang Xiong, Zhen Li, and Gaopeng Gou. "A Survey of Key Technologies for Constructing Network Covert Channel." Security and Communication Networks 2020 (August 5, 2020): 1–20. http://dx.doi.org/10.1155/2020/8892896.
Full textAbstract:
In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.
23
Santoso, Bagus, and Yasutada Oohama. "Information Theoretic Security for Broadcasting of Two Encrypted Sources under Side-Channel Attacks †." Entropy 21, no. 8 (August 9, 2019): 781. http://dx.doi.org/10.3390/e21080781.
Full textAbstract:
In this paper, we propose a theoretical framework to analyze the secure communication problem for broadcasting two encrypted sources in the presence of an adversary which launches side-channel attacks. The adversary is not only allowed to eavesdrop the ciphertexts in the public communication channel, but is also allowed to gather additional information on the secret keys via the side-channels, physical phenomenon leaked by the encryption devices during the encryption process, such as the fluctuations of power consumption, heat, or electromagnetic radiation generated by the encryption devices. Based on our framework, we propose a countermeasure against such adversary by using the post-encryption-compression (PEC) paradigm, in the case of one-time-pad encryption. We implement the PEC paradigm using affine encoders constructed from linear encoders and derive the explicit the sufficient conditions to attain the exponential decay of the information leakage as the block lengths of encrypted sources become large. One interesting feature of the proposed countermeasure is that its performance is independent from the type of side information leaked by the encryption devices.
24
Salomon, Dor, Amir Weiss, and Itamar Levi. "Improved Filtering Techniques for Single- and Multi-Trace Side-Channel Analysis." Cryptography 5, no. 3 (September 13, 2021): 24. http://dx.doi.org/10.3390/cryptography5030024.
Full textAbstract:
Side-channel analysis (SCA) attacks constantly improve and evolve. Implementations are therefore designed to withstand strong SCA adversaries. Different side channels exhibit varying statistical characteristics of the sensed or exfiltrated leakage, as well as the embedding of different countermeasures. This makes it crucial to improve and adapt pre-processing and denoising techniques, and abilities to evaluate the adversarial best-case scenario. We address two popular SCA scenarios: (1) a single-trace context, modeling an adversary that captures only one leakage trace, and (2) a multi-trace (or statistical) scenario, that models the classical SCA context. Given that horizontal attacks, localized electromagnetic attacks and remote-SCA attacks are becoming evermore powerful, both scenarios are of interest and importance. In the single-trace context, we improve on existing Singular Spectral Analysis (SSA) based techniques by utilizing spectral property variations over time that stem from the cryptographic implementation. By adapting overlapped-SSA and optimizing over the method parameters, we achieve a significantly shorter computation time, which is the main challenge of the SSA-based technique, and a higher information gain (in terms of the Signal-to-Noise Ratio (SNR)). In the multi-trace context, a profiling strategy is proposed to optimize a Band-Pass Filter (BPF) based on a low-computational cost criterion, which is shown to be efficient for unprotected and low protection level countermeasures. In addition, a slightly more computationally intensive optimized ‘shaped’ filter is presented that utilizes a frequency-domain SNR-based coefficient thresholding. Our experimental results exhibit significant improvements over a set of various implementations embedded with countermeasures in hardware and software platforms, corresponding to varying baseline SNR levels and statistical leakage characteristics.
25
Al-Eidi, Shorouq, Omar Darwish, and Yuanzhu Chen. "Covert Timing Channel Analysis Either as Cyber Attacks or Confidential Applications." Sensors 20, no. 8 (April 24, 2020): 2417. http://dx.doi.org/10.3390/s20082417.
Full textAbstract:
Covert timing channels are an important alternative for transmitting information in the world of the Internet of Things (IoT). In covert timing channels data are encoded in inter-arrival times between consecutive packets based on modifying the transmission time of legitimate traffic. Typically, the modification of time takes place by delaying the transmitted packets on the sender side. A key aspect in covert timing channels is to find the threshold of packet delay that can accurately distinguish covert traffic from legitimate traffic. Based on that we can assess the level of dangerous of security threats or the quality of transferred sensitive information secretly. In this paper, we study the inter-arrival time behavior of covert timing channels in two different network configurations based on statistical metrics, in addition we investigate the packet delaying threshold value. Our experiments show that the threshold is approximately equal to or greater than double the mean of legitimate inter-arrival times. In this case covert timing channels become detectable as strong anomalies.
26
Jia, Hefei, Xu Liu, Xiaoqiang Di, Hui Qi, Binbin Cai, Jinqing Li, Huamin Yang, and Jianping Zhao. "A Secure Virtual Machine Allocation Strategy Against Co-Resident Attacks." Journal of Advanced Computational Intelligence and Intelligent Informatics 23, no. 5 (September 20, 2019): 898–908. http://dx.doi.org/10.20965/jaciii.2019.p0898.
Full textAbstract:
In the area of network development, especially cloud computing, security has been a long-standing issue. In order to better utilize physical resources, cloud service providers usually allocate different tenants on the same physical machine, i.e., physical resources such as CPU, memory, and network devices are shared among multiple tenants on the same host. Virtual machine (VM) co-resident attack, a serious threat in this sharing methodology, includes malicious tenants who tend to steal private data. Currently, most solutions focus on how to eliminate known specific side channels, but they have little effect on unknown side channels. Compared to eliminating side channels, developing a VM allocation strategy is an effective countermeasure against VM co-resident attack as it reduces the probability of VM co-residency, but research on this topic is still in its infancy. In this study, firstly, a novel, efficient, and secure VM allocation strategy named Against VM Co-resident attack based on Multi-objective Optimization Best Fit Decreasing (AC-MOBFD) is proposed, which simultaneously optimizes load balancing, energy consumption, and host resource utilization during VM placement. Subsequently, security of the proposed allocation strategy is measured using two metrics – VM attack efficiency and VM attack coverage. Extensive experiments on simulated and real cloud platforms, CloudSim and OpenStack, respectively, demonstrate that using our strategy, the attack efficiency of VM co-residency is reduced by 37.3% and VM coverage rate is reduced by 24.4% when compared to existing strategies. Finally, we compare the number of co-resident hosts with that of hosts in a real cloud platform. Experimental results show that the deviation is below 9.4%, which validates the feasibility and effectiveness of the presented strategy.
27
Molotkov, S. N. "Trojan Horse Attacks, Decoy State Method, and Side Channels of Information Leakage in Quantum Cryptography." Journal of Experimental and Theoretical Physics 130, no. 6 (June 2020): 809–32. http://dx.doi.org/10.1134/s1063776120050064.
Full text
28
Zoughbi, Dina Mohsen, and Nitul Dutta. "Hypervisor Vulnerabilities and Some Defense Mechanisms, in Cloud Computing Environment." International Journal of Innovative Technology and Exploring Engineering 10, no. 2 (December 10, 2020): 42–48. http://dx.doi.org/10.35940/ijitee.b8262.1210220.
Full textAbstract:
Cloud computing is the most important technology at the present time, in terms of reducing applications costs and makes them more scalable and flexible. As the cloud currency is based on building virtualization technology, so it can secure a large-scale environment with limited security capacity such as the cloud. Where, Malicious activities lead the attackers to penetrate virtualization technologies that endanger the infrastructure, and then enabling attacker access to other virtual machines which running on the same vulnerable device. The proposed work in this paper is to review and discuss the attacks and intrusions that allow a malicious virtual machine (VM) to penetrate hypervisor, especially the technologies that malicious virtual machines work on, to steal more than their allocated quota from material resources, and the use of side channels to steal data and Passing buffer barriers between virtual machines. This paper is based on the Security Study of Cloud Hypervisors and classification of vulnerabilities, security issues, and possible solutions that virtual machines are exposed to. Therefore, we aim to provide researchers, academics, and industry with a better understanding of all attacks and defense mechanisms to protect cloud security. and work on building a new security architecture in a virtual technology based on hypervisor to protect and ensure the security of the cloud.
29
Molotkov, S. N., and A. A. Shcherbachenko. "On the Robustness of Reference-Frame-Independent Quantum Key Distribution Systems Against Active Probing Attacks." JETP Letters 119, no. 5 (March 2024): 402–12. http://dx.doi.org/10.1134/s0021364024600216.
Full textAbstract:
A quantum key distribution protocol for optical fiber systems that does not require the adjustment of the receiving optical system has been proposed. It significantly simplifies the practical implementation of the system and ensures stable operation even at the imbalance of the receiving optical system. The robustness of the protocol has been explicitly proven taking into account side channels of information leakage.
30
Babukhin, D., and D. Sych. "Explicit attacks on passive side channels of the light source in the BB84 decoy state protocol." Journal of Physics: Conference Series 1984, no. 1 (July 1, 2021): 012008. http://dx.doi.org/10.1088/1742-6596/1984/1/012008.
Full text
31
Cabodi, Gianpiero, Paolo Camurati, Fabrizio Finocchiaro, and Danilo Vendraminetto. "Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification." Electronics 8, no. 9 (September 19, 2019): 1057. http://dx.doi.org/10.3390/electronics8091057.
Full textAbstract:
Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker.
32
Mishra, Nimish, Kuheli Pratihar, Satota Mandal, Anirban Chakraborty, Ulrich Rührmair, and Debdeep Mukhopadhyay. "CalyPSO: An Enhanced Search Optimization based Framework to Model Delay-based PUFs." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024, no. 1 (December 4, 2023): 501–26. http://dx.doi.org/10.46586/tches.v2024.i1.501-526.
Full textAbstract:
Delay-based Physically Unclonable Functions (PUFs) are a popular choice for “keyless” cryptography in low-power devices. However, they have been subjected to modeling attacks using Machine Learning (ML) approaches, leading to improved PUF designs that resist ML-based attacks. On the contrary, evolutionary search (ES) based modeling approaches have garnered little attention compared to their ML counterparts due to their limited success. In this work, we revisit the problem of modeling delaybased PUFs using ES algorithms and identify drawbacks in present state-of-the-art genetic algorithms (GA) when applied to PUFs. This leads to the design of a new ES-based algorithm called CalyPSO, inspired by Particle Swarm Optimization (PSO) techniques, which is fundamentally different from classic genetic algorithm design rationale. This allows CalyPSO to avoid the pitfalls of textbook GA and mount successful modeling attacks on a variety of delay-based PUFs, including k-XOR APUF variants. Empirically, we show attacks for the parameter choices of k as high as 20, for which there are no reported ML or ES-based attacks without exploiting additional information like reliability or power/timing side-channels. We further show that CalyPSO can invade PUF designs like interpose-PUFs (i-PUFs) and (previously unattacked) LP-PUFs, which attempt to enhance ML robustness by obfuscating the input challenge. Furthermore, we evolve CalyPSO to CalyPSO++ by observing that the PUF compositions do not alter the input challenge dimensions, allowing the attacker to investigate cross-architecture modeling. This allows us to model a k-XOR APUF using a (k − 1)-XOR APUF as well as perform cross-architectural modeling of BRPUF and i-PUF using k-XOR APUF variants. CalyPSO++ provides the first modeling attack on 4 LP-PUF by reducing it to a 4-XOR APUF. Finally, we demonstrate the potency of CalyPSO and CalyPSO++ by successfully modeling various PUF architectures on noisy simulations as well as real-world hardware implementations.
33
Repka, Marek, and Pavol Zajac. "Overview of the Mceliece Cryptosystem and its Security." Tatra Mountains Mathematical Publications 60, no. 1 (September 1, 2014): 57–83. http://dx.doi.org/10.2478/tmmp-2014-0025.
Full textAbstract:
Abstract McEliece cryptosystem (MECS) is one of the oldest public key cryptosystems, and the oldest PKC that is conjectured to be post-quantum secure. In this paper we survey the current state of the implementation issues and security of MECS, and its variants. In the first part we focus on general decoding problem, structural attacks, and the selection of parameters in general. We summarize the details of MECS based on irreducible binary Goppa codes, and review some of the implementation challenges for this system. Furthermore, we survey various proposals that use alternative codes for MECS, and point out some attacks on modified systems. Finally, we review notable existing implementations on low-resource platforms, and conclude with the topic of side channels in the implementations of MECS
34
Yesina, Maryna, and Ivan Gorbenko. "Substantiation of requirements and ways of their realization at synthesis of proof-stable perspective electronic signatures." Physico-mathematical modelling and informational technologies, no. 32 (July 8, 2021): 116–20. http://dx.doi.org/10.15407/fmmit2021.32.116.
Full textAbstract:
The paper identifies and substantiates the requirements and ways to implement these requirements at the synthesis of proof-stable perspective electronic signatures. Today there is a problem of building post-quantum electronic signatures. At the stages of solving this problem, a wide range of requirements for technical, technical-economical and other capabilities is formed. At the national and international levels, in the most generalized form, these requirements are implemented at the NIST USA level during the NIST PQC competition for electronic signatures, asymmetric ciphers and key encapsulation protocols. In Ukraine, work is also underway to synthesize such post-quantum cryptotransformations. Requirements in these areas are justified and approved at the state level. The peculiarity of the national requirements is that the requirements for protection against special quantum attacks and attacks through side channels have been significantly increased.
35
Tatarnikova, Tatiyana. "Restricting data leakage through non-obvious features of Android 5 smartphone." Information and Control Systems, no. 5 (October 16, 2019): 24–29. http://dx.doi.org/10.31799/1684-8853-2019-5-24-29.
Full textAbstract:
Introduction: The data from the gyroscopic sensor and acceleration sensor of a smartphone are seldom considered as a possibleinformation leakage, which makes the owners of gadgets working under Android 5 operating system or below vulnerable to losingvaluable information. Purpose: Offering a practical way to counteract the reading of data from a smartphone via third-party channels,and developing a mobile application which would help prevent the leakage of information from the gadget owner via side channelsof information transfer. Results: A review of studies was performed demonstrating the vulnerability of Android 5 smartphones toleaks through third-party channels using acoustic cryptanalysis techniques. It is shown that in modern works, the use of acousticcryptanalysis of noise emitted by a keyboard or by microelectronic components of a computer allows you to arrange the leakage ofvaluable data via a smartphone located next to the computer under attack. A mobile application has been developed which creates activeinterference in the form of vibration and audio signal to the malicious application which accesses the accelerometer and gyroscopein order to retrieve information. The results of an experiment are given, demonstrating the ability of the application to successfullyinterfere with the internal sensors of a smartphone by addressing its vibrating output and audio output, and prevent the attacks overthird-party channels. Practical relevance: The proposed application installed on a smartphone will allow you to communicate moresafely, enter passwords and type secret information on a computer keyboard with a smartphone in its close proximity.
36
Fischer, Andreas, Benny Fuhry, Florian Kerschbaum, and Eric Bodden. "Computation on Encrypted Data using Dataflow Authentication." Proceedings on Privacy Enhancing Technologies 2020, no. 1 (January 1, 2020): 5–25. http://dx.doi.org/10.2478/popets-2020-0002.
Full textAbstract:
AbstractEncrypting data before sending it to the cloud protects it against attackers, but requires the cloud to compute on encrypted data. Trusted modules, such as SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program, which becomes part of the trusted code base (TCB), give attackers ample opportunity to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side-channels. Since any larger code base is rife with vulnerabilities, it is not a good idea to outsource entire programs to SGX enclaves. A secure alternative relying solely on cryptography would be fully homomorphic encryption. However, due to its high computational complexity it is unlikely to be adopted in the near future. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data.We introduce the concept of dataflow authentication (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described above. We implemented DFAuth using a novel authenticated homomorphic encryption scheme, a Java bytecode-tobytecode compiler producing fully executable programs, and an SGX enclave running a small and program-independent TCB. We applied DFAuth to an existing neural network that performs machine learning on sensitive medical data. The transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in 0.86 s.
37
Gnad, Dennis R. E., Cong Dang Khoa Nguyen, Syed Hashim Gillani, and Mehdi B. Tahoori. "Voltage-Based Covert Channels Using FPGAs." ACM Transactions on Design Automation of Electronic Systems 26, no. 6 (June 28, 2021): 1–25. http://dx.doi.org/10.1145/3460229.
Full textAbstract:
Field Programmable Gate Arrays ( FPGAs ) are increasingly used in cloud applications and being integrated into Systems-on-Chip. For these systems, various side-channel attacks on cryptographic implementations have been reported, motivating one to apply proper countermeasures. Beyond cryptographic implementations, maliciously introduced covert channel receivers and transmitters can allow one to exfiltrate other secret information from the FPGA. In this article, we present a fast covert channel on FPGAs, which exploits the on-chip power distribution network. This can be achieved without any logical connection between the transmitter and receiver blocks. Compared to a recently published covert channel with an estimated 4.8 Mbit/s transmission speed, we show 8 Mbit/s transmission and reduced errors from around 3% to less than 0.003%. Furthermore, we demonstrate proper transmissions of word-size messages and test the channel in the presence of noise generated from other residing tenants’ modules in the FPGA. When we place and operate other co-tenant modules that require 85% of the total FPGA area, the error rate increases to 0.02%, depending on the platform and setup. This error rate is still reasonably low for a covert channel. Overall, the transmitter and receiver work with less than 3–5% FPGA LUT resources together. We also show the feasibility of other types of covert channel transmitters, in the form of synchronous circuits within the FPGA.
38
Fischer, Andreas, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum, and Eric Bodden. "Computation on Encrypted Data Using Dataflow Authentication." ACM Transactions on Privacy and Security 25, no. 3 (August 31, 2022): 1–36. http://dx.doi.org/10.1145/3513005.
Full textAbstract:
Encrypting data before sending it to the cloud ensures data confidentiality but requires the cloud to compute on encrypted data. Trusted execution environments, such as Intel SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program give attackers ample opportunities to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side channels. Fully homomorphic encryption would be an alternative to compute on encrypted data without data leaks. However, due to its high computational complexity, its applicability to general-purpose computing remains limited. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data. We introduce the concept of dataflow authentication (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described previously. We implemented two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave running a small and program-independent trusted code base. We applied DFAuth to a neural network performing machine learning on sensitive medical data and a smart charging scheduler for electric vehicles. Our transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in \( 12.55 \,\mathrm{m}\mathrm{s} \) . Our protected scheduler is capable of updating the encrypted charging plan in approximately 1.06 seconds.
39
Maji, Saurav, Utsav Banerjee, and Anantha P. Chandrakasan. "Leaky Nets: Recovering Embedded Neural Network Models and Inputs Through Simple Power and Timing Side-Channels—Attacks and Defenses." IEEE Internet of Things Journal 8, no. 15 (August 1, 2021): 12079–92. http://dx.doi.org/10.1109/jiot.2021.3061314.
Full text
40
Wang, Xingyu, Wei Liu, Tianyi Wu, Chang Guo, Yijun Zhang, Shanghong Zhao, and Chen Dong. "Free Space Measurement Device Independent Quantum Key Distribution with Modulating Retro-Reflectors under Correlated Turbulent Channel." Entropy 23, no. 10 (October 1, 2021): 1299. http://dx.doi.org/10.3390/e23101299.
Full textAbstract:
Modulating retro-reflector (MRR), originally introduced to support laser communication, relieves most of the weight, power, and pointing requirements to the ground station. In this paper, a plug-and-play measurement device independent quantum key distribution (MDI-QKD) scheme with MRR is proposed not only to eliminate detector side channels and allow an untrusted satellite relay between two users, but also to simplify the requirements set-ups in practical flexible moving scenarios. The plug-and-play architecture compensates for the polarization drift during the transmission to provide superior performance in implementing the MDI-QKD on a free-space channel, and the MRR device is adopted to relax the requirements on both communication terminals. A double-pass correlated turbulent channel model is presented to investigate the complex and unstable channel characteristics caused by the atmospheric turbulence. Furthermore, the security of the modified MDI-QKD scheme is analyzed under some classical attacks and the simulation results indicate the feasibility under the situation that the system performance deteriorates with the increase of fading correlation coefficient and the turbulence intensity, which provides a meaningful step towards an MDI-QKD based on the moving platforms to join a dynamic quantum network with untrusted relays.
41
Ainapure, Bharati, Deven Shah, and A. Ananda Rao. "Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing." International Journal of Modeling, Simulation, and Scientific Computing 09, no. 05 (October 2018): 1850045. http://dx.doi.org/10.1142/s1793962318500459.
Full textAbstract:
Cloud computing supports multitenancy to satisfy the users’ demands for accessing resources and simultaneously it increases revenue for cloud providers. Cloud providers adapt multitenancy by virtualizing the resources, like CPU, network interfaces, peripherals, hard drives and memory using hypervisor to fulfill the demand. In a virtualized environment, many virtual machines (VMs) can run on the same core with the help of the hypervisor by sharing the resources. The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks. Among various side channel attacks in cloud computing, cache-based side channel attack is one that leaks private information of the users based on the shared resources. Here, as the shared resource is the cache, a process can utilize the cache usage of another by cache contention. Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred. Discovering this side channel attack is a challenging task. This requires identification of a feature that influences the attack. Even though there are various techniques available in the literature to mitigate such attacks, an effective solution to reduce the cache-based side channel attack is still an issue. Therefore, a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access (CDA). The factor that determines the attack is CDA in a log file created by the framework during authorization. The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.
42
Erata, Ferhat, Chuanqi Xu, Ruzica Piskac, and Jakub Szefer. "Quantum Circuit Reconstruction from Power Side-Channel Attacks on Quantum Computer Controllers." IACR Transactions on Cryptographic Hardware and Embedded Systems 2024, no. 2 (March 12, 2024): 735–68. http://dx.doi.org/10.46586/tches.v2024.i2.735-768.
Full textAbstract:
The interest in quantum computing has grown rapidly in recent years, and with it grows the importance of securing quantum circuits. A novel type of threat to quantum circuits that dedicated attackers could launch are power trace attacks. To address this threat, this paper presents first formalization and demonstration of using power traces to unlock and steal quantum circuit secrets. With access to power traces, attackers can recover information about the control pulses sent to quantum computers. From the control pulses, the gate level description of the circuits, and eventually the secret algorithms can be reverse engineered. This work demonstrates how and what information could be recovered. This work uses algebraic reconstruction from power traces to realize two new types of single trace attacks: per-channel and total power attacks. The former attack relies on per-channel measurements to perform a brute-force attack to reconstruct the quantum circuits. The latter attack performs a single-trace attack using Mixed-Integer Linear Programming optimization. Through the use of algebraic reconstruction, this work demonstrates that quantum circuit secrets can be stolen with high accuracy. Evaluation on 32 real benchmark quantum circuits shows that our technique is highly effective at reconstructing quantum circuits. The findings not only show the veracity of the potential attacks, but also the need to develop new means to protect quantum circuits from power trace attacks. Throughout this work real control pulse information from real quantum computers is used to demonstrate potential attacks based on simulation of collection of power traces.
43
Franzoni, Federico, Xavier Salleras, and Vanesa Daza. "AToM: Active topology monitoring for the bitcoin peer-to-peer network." Peer-to-Peer Networking and Applications 15, no. 1 (October 14, 2021): 408–25. http://dx.doi.org/10.1007/s12083-021-01201-7.
Full textAbstract:
AbstractOver the past decade, the Bitcoin P2P network protocol has become a reference model for all modern cryptocurrencies. While nodes in this network are known, the connections among them are kept hidden, as it is commonly believed that this helps protect from deanonymization and low-level attacks. However, adversaries can bypass this limitation by inferring connections through side channels. At the same time, the lack of topology information hinders the analysis of the network, which is essential to improve efficiency and security. In this paper, we thoroughly review network-level attacks and empirically show that topology obfuscation is not an effective countermeasure. We then argue that the benefits of an open topology potentially outweigh its risks, and propose a protocol to reliably infer and monitor connections among reachable nodes of the Bitcoin network. We formally analyze our protocol and experimentally evaluate its accuracy in both trusted and untrusted settings. Results show our system has a low impact on the network, and has precision and recall are over 90% with up to 20% of malicious nodes in the network.
44
Sauvage, Laurent, Sylvain Guilley, Florent Flament, Jean-Luc Danger, and Yves Mathieu. "Blind Cartography for Side Channel Attacks: Cross-Correlation Cartography." International Journal of Reconfigurable Computing 2012 (2012): 1–9. http://dx.doi.org/10.1155/2012/360242.
Full textAbstract:
Side channel and fault injection attacks are major threats to cryptographic applications of embedded systems. Best performances for these attacks are achieved by focusing sensors or injectors on the sensible parts of the application, by means of dedicated methods to localise them. Few methods have been proposed in the past, and all of them aim at pinpointing the cryptoprocessor. However it could be interesting to exploit the activity of other parts of the application, in order to increase the attack's efficiency or to bypass its countermeasures. In this paper, we present a localisation method based on cross-correlation, which issues a list of areas of interest within the attacked device. It realizes an exhaustive analysis, since it may localise any module of the device, and not only those which perform cryptographic operations. Moreover, it also does not require a preliminary knowledge about the implementation, whereas some previous cartography methods require that the attacker could choose the cryptoprocessor inputs, which is not always possible. The method is experimentally validated using observations of the electromagnetic near field distribution over a Xilinx Virtex 5 FPGA. The matching between areas of interest and the application layout in the FPGA floorplan is confirmed by correlation analysis.
45
Haehyun Cho. "A Systematic Study on Spectre Attacks and Defenses." Research Briefs on Information and Communication Technology Evolution 7 (November 30, 2021): 197–203. http://dx.doi.org/10.56801/rebicte.v7i.129.
Full textAbstract:
Spectre attacks is an important category of side channel methods, which allows attacker to obtainsensitive data by observing the system. Spectre attacks exploit modern processors’ features designedfor the performance: out-of-order execution and speculative execution. Also, in Spectre attacks,cache side-channel attack methods play an important role. The high-level goal of Spectre attacksis to load target data into the cache through the speculative execution. Once it has been done, thenext step is leaking information. To the end, the cache side-channel methods are employed to leakinformation, because there is no direct way to read data from the cache. In this paper, we discussvariations of Spectre attacks and discuss defense mechanisms for each of them.
46
Abduljabbar, Zaid Ameen, Vincent Omollo Nyangaresi, Hend Muslim Jasim, Junchao Ma, Mohammed Abdulridha Hussain, Zaid Alaa Hussien, and Abdulla J. Y. Aldarwish. "Elliptic Curve Cryptography-Based Scheme for Secure Signaling and Data Exchanges in Precision Agriculture." Sustainability 15, no. 13 (June 28, 2023): 10264. http://dx.doi.org/10.3390/su151310264.
Full textAbstract:
Precision agriculture encompasses automation and application of a wide range of information technology devices to improve farm output. In this environment, smart devices collect and exchange a massive number of messages with other devices and servers over public channels. Consequently, smart farming is exposed to diverse attacks, which can have serious consequences since the sensed data are normally processed to help determine the agricultural field status and facilitate decision-making. Although a myriad of security schemes has been presented in the literature to curb these challenges, they either have poor performance or are susceptible to attacks. In this paper, an elliptic curve cryptography-based scheme is presented, which is shown to be formally secure under the Burrows–Abadi–Needham (BAN) logic. In addition, it is semantically demonstrated to offer user privacy, anonymity, unlinkability, untraceability, robust authentication, session key agreement, and key secrecy and does not require the deployment of verifier tables. In addition, it can withstand side-channeling, physical capture, eavesdropping, password guessing, spoofing, forgery, replay, session hijacking, impersonation, de-synchronization, man-in-the-middle, privileged insider, denial of service, stolen smart device, and known session-specific temporary information attacks. In terms of performance, the proposed protocol results in 14.67% and 18% reductions in computation and communication costs, respectively, and a 35.29% improvement in supported security features.
47
Shepherd, Michael, Scott Brookes, and Robert Denz. "Transient Execution and Side Channel Analysis: a Vulnerability or a Science Experiment?" International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 288–97. http://dx.doi.org/10.34190/iccws.17.1.20.
Full textAbstract:
In the world of computer security, attackers are constantly looking for new exploits to gain data from or control over a computer system. One category of exploit that can prove quite effective at accessing privileged data is side channel exploits. These exploits attempt to take advantage of vulnerabilities that are inherent in the design of a system rather than vulnerabilities in the code that has been written for and is running on said system. In other words, they exploit side effects of computation. Examples of this include measuring the power consumption of a system’s processor over time and analysing that power usage to leak system secrets or reading secrets from a system by analysing the electromagnetic radiation the system leaks as it processes data. Another type of side channel attack is a cache-based side channel attack, which exploits the timings of cache and memory accesses to determine data from the target system. We discuss some of the more common types of side channel attacks used to interpret data values from the microarchitectural changes created by transient executions. In particular, we will focus on attacks that are capable of recovering data that is processed through transient execution in some way and then wrongly accessed using a side channel, such as the Spectre and Meltdown classes of attack. We also discuss other attacks of a similar type and survey some popular mitigations for these attacks. We provide a survey of all available Spectre proof-of-concept repositories on GitHub, evaluating whether they work on different platforms. Finally, we review our experiences with these types of attacks on modern systems and comment on the attacks’ practicality, reliability, and portability. We conclude that these types of attacks are interesting, but there are some practicality and reliability concerns that make other attacks easier much of the time.
48
Zhang, Qi, An Wang, Yongchuan Niu, Ning Shang, Rixin Xu, Guoshuang Zhang, and Liehuang Zhu. "Side-Channel Attacks and Countermeasures for Identity-Based Cryptographic Algorithm SM9." Security and Communication Networks 2018 (2018): 1–14. http://dx.doi.org/10.1155/2018/9701756.
Full textAbstract:
Identity-based cryptographic algorithm SM9, which has become the main part of the ISO/IEC 14888-3/AMD1 standard in November 2017, employs the identities of users to generate public-private key pairs. Without the support of digital certificate, it has been applied for cloud computing, cyber-physical system, Internet of Things, and so on. In this paper, the implementation of SM9 algorithm and its Simple Power Attack (SPA) are discussed. Then, we present template attack and fault attack on SPA-resistant SM9. Our experiments have proved that if attackers try the template attack on an 8-bit microcontrol unit, the secret key can be revealed by enabling the device to execute one time. Fault attack even allows the attackers to obtain the 256-bit key of SM9 by performing the algorithm twice and analyzing the two different results. Accordingly, some countermeasures to resist the three kinds of attacks above are given.
49
Tran, Ngoc Quy, and Hong Quang Nguyen. "EFFICIENT CNN-BASED PROFILED SIDE CHANNEL ATTACKS." Journal of Computer Science and Cybernetics 37, no. 1 (March 29, 2021): 1–22. http://dx.doi.org/10.15625/1813-9663/37/1/15418.
Full textAbstract:
Profiled side-channel attacks are now considered as powerful forms of attacks used to break the security of cryptographic devices. A recent line of research has investigated a new profiled attack based on deep learning and many of them have used convolution neural network (CNN) as deep learning architecture for the attack. The effectiveness of the attack is greatly influenced by the CNN architecture. However, the CNN architecture used for current profiled attacks have often been based on image recognition fields, and choosing the right CNN architectures and parameters for adaption to profiled attacks is still challenging. In this paper, we propose an efficient profiled attack for on unprotected and masking-protected cryptographic devices based on two CNN architectures, called CNNn, CNNd respectively. Both of CNN architecture parameters proposed in this paper are based on the property of points of interest on the power trace and further determined by the Grey Wolf Optimization (GWO) algorithm. To verify the proposed attacks, experiments were performed on a trace set collected from an Atmega8515 smart card when it performs AES-128 encryption, a DPA contest v4 dataset and the ASCAD public dataset
50
Zhou, Ziqiao, and Michael K. Reiter. "Interpretable noninterference measurement and its application to processor designs." Proceedings of the ACM on Programming Languages 5, OOPSLA (October 20, 2021): 1–30. http://dx.doi.org/10.1145/3485518.
Full textAbstract:
Noninterference measurement quantifies the secret information that might leak to an adversary from what the adversary can observe and influence about the computation. Static and high-fidelity noninterference measurement has been difficult to scale to complex computations, however. This paper scales a recent framework for noninterference measurement to the open-source RISC-V BOOM core as specified in Verilog, through three key innovations: logically characterizing the core’s execution incrementally, applying specific optimizations between each cycle; permitting information to be declassified, to focus leakage measurement to only secret information that cannot be inferred from the declassified information; and interpreting leakage measurements for the analyst in terms of simple rules that characterize when leakage occurs. Case studies on cache-based side channels generally, and on specific instances including Spectre attacks, show that the resulting toolchain, called DINoMe, effectively scales to this modern processor design.