Siga este enlace para ver otros tipos de publicaciones sobre el tema: Side channels attacks.
Tesis sobre el tema "Side channels attacks"
Crea una cita precisa en los estilos APA, MLA, Chicago, Harvard y otros
Consulte los 50 mejores tesis para su investigación sobre el tema "Side channels attacks".
Junto a cada fuente en la lista de referencias hay un botón "Agregar a la bibliografía". Pulsa este botón, y generaremos automáticamente la referencia bibliográfica para la obra elegida en el estilo de cita que necesites: APA, MLA, Harvard, Vancouver, Chicago, etc.
También puede descargar el texto completo de la publicación académica en formato pdf y leer en línea su resumen siempre que esté disponible en los metadatos.
Explore tesis sobre una amplia variedad de disciplinas y organice su bibliografía correctamente.
1
Subramanian, Venkatachalam. "Proximity-based attacks in wireless sensor networks." Thesis, Georgia Institute of Technology, 2013. http://hdl.handle.net/1853/47610.
Texto completoResumen
The nodes in wireless sensor networks (WSNs) utilize the radio frequency (RF) channel to communicate. Given that the RF channel is the primary communication channel, many researchers have developed techniques for securing that
channel. However, the RF channel is not the only interface into a sensor. The sensing components, which are primarily designed to sense characteristics about the outside world, can also be used (or misused) as a communication (side)
channel. In our work, we aim to characterize the side channels for various sensory components (i.e., light sensor, acoustic sensor, and accelerometer). While previous work has focused on the use of these side channels to improve the
security and performance of a WSN, we seek to determine if the side channels have enough capacity to potentially be used for malicious activity. Specifically, we evaluate the feasibility and practicality of the side channels using today's sensor technology and illustrate that these channels have enough capacity to enable the transfer of common, well-known malware. Given that a significant number of modern robotic systems depend on the external side channels for navigation and environment-sensing, they become potential targets for side-channel attacks. Therefore, we demonstrate
this relatively new form of attack which exploits the uninvestigated but predominantly used side channels to trigger malware residing in real-time robotic systems such as the iRobot Create.
The ultimate goal of our work is to show the impact of this new class of attack and also to motivate the need for an intrusion detection system (IDS) that not only monitors the RF channel, but also monitors the values returned by the sensory components.
2
Goudarzi, Dahmun. "Secure implementation of block ciphers against physical attacks." Electronic Thesis or Diss., Paris Sciences et Lettres (ComUE), 2018. http://www.theses.fr/2018PSLEE082.
Texto completoResumen
Depuis leur introduction à la fin des années 1990, les attaques par canaux auxiliaires sont considérées comme une menace majeure contre les implémentations cryptographiques. Parmi les stratégies de protection existantes, une des plus utilisées est le masquage d’ordre supérieur. Elle consiste à séparer chaque variable interne du calcul cryptographique en plusieurs variables aléatoires. Néanmoins, l’utilisation de cette protection entraîne des pertes d’efficacité considérables, la rendant souvent impraticable pour des produits industriels. Cette thèse a pour objectif de réduire l’écart entre les solutions théoriques, prouvées sûres, et les implémentations efficaces déployables sur des systèmes embarqués. Plus particulièrement, nous nous intéressons à la protection de chiffrement par bloc tel que l’AES, dont l’enjeu principal revient à protéger les boîtes-s avec un surcoût minimal. Nous essayons d’abord de trouver des représentations mathématiques optimales pour l’évaluation des boîtes-s en minimisant le nombre de multiplications (un paramètre déterminant pour l’efficacité du masquage, mais aussi pour le chiffrement homomorphe). Pour cela, nous définissons une méthode générique pour décomposer n’importe quelle fonction sur un corps fini avec une complexité multiplicative faible. Ces représentations peuvent alors être évaluées efficacement avec du masquage d’ordre supérieur. La flexibilité de la méthode de décomposition permet également de l’ajuster facilement selon les nécessités du développeur. Nous proposons ensuite une méthode formelle pour déterminer la sécurité d’un circuit évaluant des schémas de masquages. Cette technique permet notamment de déterminer de manière exacte si une attaque est possible sur un circuit protégé ou non. Par rapport aux autres outils existants, son temps de réponse n’explose pas en la taille du circuit, ce qui permet d’obtenir une preuve de sécurité quelque soit l’ordre de masquage employé. De plus, elle permet de diminuer de manière stricte l’emploi d’outils coûteux en aléas, requis pour renforcer la sécurité des opérations de masquages. Enfin, nous présentons des résultats d’implémentation en proposant des optimisations tant sur le plan algorithmique que sur celui de la programmation. Nous utilisons notamment une stratégie d’implémentation bitslice pour évaluer les boîtes-s en parallèle. Cette stratégie nous permet d’atteindre des records de rapidité pour des implémentations d’ordres élevés. Les différents codes sont développés et optimisés en assembleur ARM, un des langages les plus répandus dans les systèmes embarqués tels que les cartes à puces et les téléphones mobiles. Ces implémentations sont, en outre, disponibles en ligne pour une utilisation publique<br>Since their introduction at the end of the 1990s, side-channel attacks are considered to be a major threat against cryptographic implementations. Higher-order masking is considered to be one the most popular existing protection strategies. It consists in separating each internal variable in the cryptographic computation into several random variables. However, the use of this type of protection entails a considerable efficiency loss, making it unusable for industrial solutions. The goal of this thesis is to reduce the gap between theoretical solutions, proven secure, and efficient implementations that can be deployed on embedded systems. More precisely, I am analysing the protection of block ciphers such as the AES encryption scheme, where the main issue is to protect the s-boxes with minimal overhead in costs. I have tried, first, to find optimal mathematical representations in order to evaluate the s-boxes while minimizing the number of multiplications (a decisive parameter for masking schemes, but also for homomorphic encryption). For this purpose, I have defined a generic method to decompose any function on any finite field with a low multiplicative complexity. These representations can, then, be efficiently evaluated with higher-order masking. The flexibility of the decomposition technique allows also easy adjusting to the developer’s needs. Secondly, I have proposed a formal method for measuring the security of circuits evaluating masking schemes. This technique allows to define with exact precision whether an attack on a protected circuit is feasible or not. Unlike other tools, its response time is not exponential in the circuit size, making it possible to obtain a security proof regardless of the masking order used. Furthermore, this method can strictly reduce the use of costly tools in randomness required for reinforcing the security of masking operations. Finally, we present the implementation results with optimizations both on algorithmic and programming fronts. We particularly employ a bitslice implementation strategy for evaluating the s-boxes in parallel. This strategy leads to speed record for implementations protected at high order. The different codes are developed and optimized under ARM assembly, one of the most popular programming language in embedded systems such as smart cards and mobile phones. These implementations are also available online for public use
3
Moghimi, Ahmad. "Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attack." Digital WPI, 2017. https://digitalcommons.wpi.edu/etd-theses/399.
Texto completoResumen
In modern computing environments, hardware resources are commonly shared, and parallel computation is more widely used. Users run their services in parallel on the same hardware and process information with different confidentiality levels every day. Running parallel tasks can cause privacy and security problems if proper isolation is not enforced. Computers need to rely on a trusted root to protect the data from malicious entities. Intel proposed the Software Guard eXtension (SGX) to create a trusted execution environment (TEE) within the processor. SGX allows developers to benefit from the hardware level isolation. SGX relies only on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards any kind of side-channel attacks. Researchers have demonstrated that microarchitectural sidechannels are very effective in thwarting the hardware provided isolation. In scenarios that involve SGX as part of their defense mechanism, system adversaries become important threats, and they are capable of initiating these attacks. This work introduces a new and more powerful cache side-channel attack that provides system adversaries a high resolution channel. The developed attack is able to virtually track all memory accesses of SGX execution with temporal precision. As a proof of concept, we demonstrate our attack to recover cryptographic AES keys from the commonly used implementations including those that were believed to be resistant in previous attack scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous attacks which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover the AES key from T-Table based implementations in a known plaintext and ciphertext scenario with an average of 15 and 7 samples respectively.
4
Wen, David M. Eng (David Y. ). Massachusetts Institute of Technology. "Defending against side-channel attacks : DynamoREA." Thesis, Massachusetts Institute of Technology, 2011. http://hdl.handle.net/1721.1/76992.
Texto completoResumen
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2011.<br>Cataloged from PDF version of thesis.<br>Includes bibliographical references (p. 67-68).<br>Modern computer architectures are prone to leak information about their applications through side-channels caused by micro-architectural side-effects. Through these side-channels, attackers can launch timing attacks by observing how long an application takes to execute and using this timing information to exfiltrate secrets from the application. Timing attacks are dangerous because they break mechanisms that are thought to be secure, such as sandboxing or cryptography. Cloud systems are especially vulnerable, as virtual machines that are thought to be completely isolated on the cloud are at risk of leaking information through side-channels to other virtual machines. DynamoREA is a software solution to protect applications from leaking information through micro-architectural side-channels. DynamoREA uses dynamic binary rewriting to transform application binaries at runtime so that they appear to an observer to be executing on a machine that is absent of micro-architectural side-effects and thus do not leak information through micro-architectural side-channels. A set of test applications and standard applications was used to confirm that DynamoREA does indeed prevent sensitive information from leaking through timing channels. DynamoREA is a promising start to using dynamic binary rewriting as a tool to defend against side-channel attacks.<br>by David Wen.<br>M.Eng.
5
Raimondi, Gautier. "Secure compilation against side channel attacks." Electronic Thesis or Diss., Université de Rennes (2023-....), 2023. http://www.theses.fr/2023URENS094.
Texto completoResumen
De par leur omniprésence, la sécurité des systèmes informatiques est un enjeu majeur. Dans cette thèse, nous visons à garantir une sécurité contre un certain type d'attaque : les attaques par canal caché temporel. Ces attaques utilisent le temps d'exécution d'un programme pour déduire des informations sur le système. En particulier, on dit d'un programme qu'il est constant-time lorsqu'il n'est pas sensible à ce type d'attaques. Cela passe par des contraintes sur le programmes, qui ne doit ni réaliser de décisions en utilisant de valeurs secrètes, ni utiliser un de ces secrets pour accéder à la mémoire. Nous présentons dans ce document une méthode permettant de garantir la propriété constant-time d'un programme. Cette méthode est une transformation à haut niveau, suivi d'une compilation par Jasmin pour préserver la propriété. Nous présentons également la preuve de la sécurité et de la préservation sémantique de cette méthode<br>Given their ubiquity, the security of computer systems is a major issue. In this thesis, we aim to guarantee security against a certain type of attack: timing side-channel attacks. These attacks use the execution time of a program to deduce information about the system. In particular, a program is said to be constant-time when it is not sensitive to this type of attack. This requires constraints on the program, which must neither make decisions using secret values, nor use one of these secrets to access memory. In this document, we present a method for guaranteeing the constant-time property of a program. This method is a high-level transformation, followed by compilation using Jasmin to preserve the property. We also present a proof of the security and semantic preservation of this method
6
Cagli, Eleonora. "Feature Extraction for Side-Channel Attacks." Electronic Thesis or Diss., Sorbonne université, 2018. http://www.theses.fr/2018SORUS295.
Texto completoResumen
La cryptographie embarquée sur les composants sécurisés peut être vulnérable à des attaques par canaux auxiliaires basées sur l’observation de fuites d’information issues de signaux acquis durant l’exécution de l’algorithme. Aujourd’hui, la présence de nombreuses contremesures peut conduire à l’acquisition de signaux à la fois très bruités, ce qui oblige un attaquant, ou un évaluateur sécuritaire, à utiliser des modèles statistiques, et très larges, ce qui rend difficile l’estimation de tels modèles. Dans cette thèse nous étudions les techniques de réduction de dimension en tant que prétraitement, et plus généralement le problème de l’extraction d’information dans le cas des signaux de grandes dimensions. Les premiers travaux concernent l’application des extracteurs de caractéristiques linéaires classiques en statistiques appliquées, comme l'analyse en composantes principales et l’analyse discriminante linéaire. Nous analysons ensuite une généralisation non linéaire de ce deuxième extracteur qui permet de définir une méthode de prétraitement qui reste efficace en présence de contremesures de masquage. Finalement, en généralisant davantage les modèles d’extractions, nous explorons certaines méthodes d’apprentissage profond pour réduire les prétraitements du signal et extraire de façon automatique l’information du signal brut. En particulier, l’application des réseaux de neurones convolutifs nous permet de mener des attaques qui restent efficaces en présence de désynchronisation<br>Cryptographic integrated circuits may be vulnerable to attacks based on the observation of information leakages conducted during the cryptographic algorithms' executions, the so-called Side-Channel Attacks. Nowadays the presence of several countermeasures may lead to the acquisition of signals which are at the same time highly noisy, forcing an attacker or a security evaluator to exploit statistical models, and highly multi-dimensional, letting hard the estimation of such models. In this thesis we study preprocessing techniques aiming at reducing the dimension of the measured data, and the more general issue of information extraction from highly multi-dimensional signals. The first works concern the application of classical linear feature extractors, such as Principal Component Analysis and Linear Discriminant Analysis. Then we analyse a non-linear generalisation of the latter extractor, obtained through the application of a « Kernel Trick », in order to let such preprocessing effective in presence of masking countermeasures. Finally, further generalising the extraction models, we explore the deep learning methodology, in order to reduce signal preprocessing and automatically extract sensitive information from rough signal. In particular, the application of the Convolutional Neural Network allows us to perform some attacks that remain effective in presence of signal desynchronisation
7
Akdemir, Kahraman D. "Error Detection Techniques Against Strong Adversaries." Digital WPI, 2010. https://digitalcommons.wpi.edu/etd-dissertations/406.
Texto completoResumen
"Side channel attacks (SCA) pose a serious threat on many cryptographic devices and are shown to be effective on many existing security algorithms which are in the black box model considered to be secure. These attacks are based on the key idea of recovering secret information using implementation specific side-channels. Especially active fault injection attacks are very effective in terms of breaking otherwise impervious cryptographic schemes. Various countermeasures have been proposed to provide security against these attacks. Double-Data-Rate (DDR) computation, dual-rail encoding, and simple concurrent error detection (CED) are the most popular of these solutions. Even though these security schemes provide sufficient security against weak adversaries, they can be broken relatively easily by a more advanced attacker. In this dissertation, we propose various error detection techniques that target strong adversaries with advanced fault injection capabilities. We first describe the advanced attacker in detail and provide its characteristics. As part of this definition, we provide a generic metric to measure the strength of an adversary. Next, we discuss various techniques for protecting finite state machines (FSMs) of cryptographic devices against active fault attacks. These techniques mainly depend on nonlinear robust codes and physically unclonable functions (PUFs). We show that due to the nonuniform behavior of FSM variables, securing FSMs using nonlinear codes is an important and difficult problem. As a solution to this problem, we propose error detection techniques based on nonlinear codes with different randomization methods. We also show how PUFs can be utilized to protect a class of FSMs. This solution provides security on the physical level as well as the logical level. In addition, for each technique, we provide possible hardware realizations and discuss area/security performance. Furthermore, we provide an error detection technique for protecting elliptic curve point addition and doubling operations against active fault attacks. This technique is based on nonlinear robust codes and provides nearly perfect error detection capability (except with exponentially small probability). We also conduct a comprehensive analysis in which we apply our technique to different elliptic curves (i.e. Weierstrass and Edwards) over different coordinate systems (i.e. affine and projective). "
8
Köpf, Boris Alexander. "Formal approaches to countering side-channel attacks /." Zürich : ETH, 2007. http://e-collection.ethbib.ethz.ch/show?type=diss&nr=17500.
Texto completo
9
Brisfors, Martin, and Sebastian Forsmark. "Deep-Learning Side-Channel Attacks on AES." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-253008.
Texto completoResumen
Nyligen har stora framsteg gjorts i att tillämpa djupinlärning på sidokanalat- tacker. Detta medför ett hot mot säkerheten för implementationer av kryp- tografiska algoritmer. Konceptuellt är tanken att övervaka ett chip medan det kör kryptering för informationsläckage av ett visst slag, t.ex. Energiförbrukning. Man använder då kunskap om den underliggande krypteringsalgoritmen för att träna en modell för att känna igen nyckeln som används för kryptering. Modellen appliceras sedan på mätningar som samlats in från ett chip under attack för att återskapa krypteringsnyckeln. Vi försökte förbättra modeller från ett tidigare arbete som kan finna en byte av en 16-bytes krypteringsnyckel för Advanced Advanced Standard (AES)-128 från över 250 mätningar. Vår modell kan finna en byte av nyckeln från en enda mätning. Vi har även tränat ytterligare modeller som kan finna inte bara en enda nyckelbyte, men hela nyckeln. Vi uppnådde detta genom att ställa in vissa parametrar för bättre modellprecision. Vi samlade vår egen tränings- data genom att fånga en stor mängd strömmätningar från ett Xmega 128D4 mikrokontrollerchip. Vi samlade också mätningar från ett annat chip - som vi inte tränade på - för att fungera som en opartisk referens för testning. När vi uppnådde förbättrad precision märkte vi också ett intressant fenomen: vissa labels var mycket enklare att identifiera än andra. Vi fann också en stor varians i modellprecision och undersökte dess orsak.<br>Recently, substantial progress has been made in applying deep learning to side channel attacks. This imposes a threat to the security of implementations of cryptographic algorithms. Conceptually, the idea is to monitor a chip while it’s running encryption for information leakage of a certain kind, e.g. power consumption. One then uses knowledge of the underlying encryption algorithm to train a model to recognize the key used for encryption. The model is then applied to traces gathered from a victim chip in order to recover the encryption key.We sought to improve upon models from previous work that can recover one byte of the 16-byte encryption key of Advanced Encryption Standard (AES)-128 from over 250 traces. Our model can recover one byte of the key from a single trace. We also trained additional models that can recover not only a single keybyte, but the entire key. We accomplished this by tuning certain parameters for better model accuracy. We gathered our own training data by capturing a large amount of power traces from an Xmega 128D4 microcontroller chip. We also gathered traces from a second chip - that we did not train on - to serve as an unbiased set for testing. Upon achieving improved accuracy we also noticed an interesting phenomenon: certain labels were much easier to identify than others. We also found large variance in model accuracy and investigated its cause.
10
Irazoki, Gorka. "Cross-core Microarchitectural Attacks and Countermeasures." Digital WPI, 2017. https://digitalcommons.wpi.edu/etd-dissertations/160.
Texto completoResumen
In the last decade, multi-threaded systems and resource sharing have brought a number of technologies that facilitate our daily tasks in a way we never imagined. Among others, cloud computing has emerged to offer us powerful computational resources without having to physically acquire and install them, while smartphones have almost acquired the same importance desktop computers had a decade ago. This has only been possible thanks to the ever evolving performance optimization improvements made to modern microarchitectures that efficiently manage concurrent usage of hardware resources. One of the aforementioned optimizations is the usage of shared Last Level Caches (LLCs) to balance different CPU core loads and to maintain coherency between shared memory blocks utilized by different cores. The latter for instance has enabled concurrent execution of several processes in low RAM devices such as smartphones. Although efficient hardware resource sharing has become the de-facto model for several modern technologies, it also poses a major concern with respect to security. Some of the concurrently executed co-resident processes might in fact be malicious and try to take advantage of hardware proximity. New technologies usually claim to be secure by implementing sandboxing techniques and executing processes in isolated software environments, called Virtual Machines (VMs). However, the design of these isolated environments aims at preventing pure software- based attacks and usually does not consider hardware leakages. In fact, the malicious utilization of hardware resources as covert channels might have severe consequences to the privacy of the customers. Our work demonstrates that malicious customers of such technologies can utilize the LLC as the covert channel to obtain sensitive information from a co-resident victim. We show that the LLC is an attractive resource to be targeted by attackers, as it offers high resolution and, unlike previous microarchitectural attacks, does not require core-colocation. Particularly concerning are the cases in which cryptography is compromised, as it is the main component of every security solution. In this sense, the presented work does not only introduce three attack variants that can be applicable in different scenarios, but also demonstrates the ability to recover cryptographic keys (e.g. AES and RSA) and TLS session messages across VMs, bypassing sandboxing techniques. Finally, two countermeasures to prevent microarchitectural attacks in general and LLC attacks in particular from retrieving fine- grain information are presented. Unlike previously proposed countermeasures, ours do not add permanent overheads in the system but can be utilized as preemptive defenses. The first identifies leakages in cryptographic software that can potentially lead to key extraction, and thus, can be utilized by cryptographic code designers to ensure the sanity of their libraries before deployment. The second detects microarchitectural attacks embedded into innocent-looking binaries, preventing them from being posted in official application repositories that usually have the full trust of the customer.
11
Patrick, Conor Persson. "Software Protection Against Fault and Side Channel Attacks." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/78685.
Texto completoResumen
Embedded systems are increasingly ubiquitous. Many of them have security
requirements such as smart cards, mobile phones, and internet connected
appliances. It can be a challenge to fulfill security requirements due to the
constrained nature of embedded devices. This security challenge is worsened by
the possibility of implementation attacks. Despite well formulated
cryptosystems being used, the underlying hardware
can often undermine any security proven on paper.
If a secret key is at play, an adversary has a chance of revealing it by simply
looking at the power variation. Additionally, an adversary can tamper with an embedded
system's environment to get it to skip a security check or generate side
channel information.
Any adversary with physical access to an embedded system can conduct such
implementation attacks. It is the focus of this work to explore different
countermeasures against both side channel and fault attacks. A new
countermeasure call Intra-instruction Redundancy, based on bit-slicing, or
N-bit SIMD processing, is proposed. Another challenge with implementing
countermeasures against implementation attacks, is that they need to be able to
be combined. Most proposed side channel countermeasures do not prevent fault
injection and vice versa. Combining them is non-trivial as demonstrated with a
combined implementation attack.<br>Master of Science
12
Lantz, David. "Detection of side-channel attacks targeting Intel SGX." Thesis, Linköpings universitet, Programvara och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177987.
Texto completoResumen
In recent years, trusted execution environments like Intel SGX have allowed developers to protect sensitive code inside so called enclaves. These enclaves protect its code and data even in the cases of a compromised OS. However, SGX enclaves have been shown to be vulnerable to numerous side-channel attacks. Therefore, there is a need to investigate ways that such attacks against enclaves can be detected. This thesis investigates the viability of using performance counters to detect an SGX-targeting side-channel attack, specifically the recent Load Value Injection (LVI) class of attacks. A case study is thus presented where performance counters and a threshold-based detection method is used to detect variants of the LVI attack. The results show that certain attack variants could be reliably detected using this approach without false positives for a range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection tool. Some of the practical limitations of using performance counters, particularly in an SGX-context, are also brought up and discussed.
13
Lu, Shiting. "Micro-architectural Attacks and Countermeasures." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-65733.
Texto completoResumen
Micro-architectural analysis (MA) is a fast evolving area of side-channel cryptanalysis. This new area focuses on the effects of common processor components and their functionalities on the security of software cryptosystems. The main characteristic of micro-architectural attacks, which sets them aside from classical side-channel attacks, is the simple fact that they exploit the micro-architectural behavior of modern computer systems. Attackers could get running information through malicious software, then get some sensitive information through off-line analysis. This kind of attack has the following features: 1.) side channel information are acquired through software measurement on target machine with no need to use sophisticated devices. 2.) non-privilege process could get the running information of the privilege process. 3.) people can mount both a remote attack and local attack. This thesis mainly focuses one kinds of these attacks, data cache based timing attacks(CBTA). First, the main principle of CBTA is introduced, and several kinds of CBTA technique are discussed. Moreover, theoretical model is given under some attacks. Second, various countermeasures are described and their advantages and disadvantages are pointed out. Based on these discussions, the author proposes two anti-attack measures using hardware modification. Aiming at access-driven attacks, a XOR address remapping technique is proposed, which could obfuscate the mapping relationship between cache line and memory block. Aiming at timing-driven attacks, the IPMG mechanism is proposed innovatively. This mechanism could generate cache miss dynamically through observing the historic miss rate. These two mechanisms are realized on the MIPS processor and their effectiveness is verified on the FPGA board. At last, performance penalty and hardware cost are evaluated. The result shows that the proposed solution is effective with very low performance penalty and area cost
14
Calza, Cristina. "Timing attack di Paul C. Kocher: attacco al sistema di sicurezza RSA mediante strumenti di statistica." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/6930/.
Texto completoResumen
In questa tesi ho voluto descrivere il Timing Attack al sistema crittografico RSA, il suo funzionamento, la teoria su cui si basa, i suoi punti di forza e i punti deboli.
Questo particolare tipo di attacco informatico fu presentato per la prima volta da Paul C. Kocher nel 1996 all’“RSA Data Security and CRYPTO conferences”.
Nel suo articolo “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems” l’autore svela una nuova possibile falla nel sistema RSA, che non dipende da debolezze del crittosistema puramente matematiche, ma da un aspetto su cui nessuno prima di allora si era mai soffermato: il tempo di esecuzione delle operazioni crittografiche.
Il concetto è tanto semplice quanto geniale: ogni operazione in un computer ha una certa durata.
Le variazioni dei tempi impiegati per svolgere le operazioni dal computer infatti, necessariamente dipendono dal tipo di algoritmo e quindi dalle chiavi private e dal particolare input che si è fornito.
In questo modo, misurando le variazioni di tempo e usando solamente strumenti statistici, Kocher mostra che è possibile ottenere informazioni sull’implementazione del crittosistema e quindi forzare RSA e altri sistemi di sicurezza, senza neppure andare a toccare l’aspetto matematico dell’algoritmo.
Di centrale importanza per questa teoria diventa quindi la statistica.
Questo perché entrano in gioco molte variabili che possono influire sul tempo di calcolo nella fase di decifrazione:
- La progettazione del sistema crittografico
- Quanto impiega la CPU ad eseguire il processo
- L’algoritmo utilizzato e il tipo di implementazione
- La precisione delle misurazioni
- Ecc.
Per avere più possibilità di successo nell’attaccare il sistema occorre quindi fare prove ripetute utilizzando la stessa chiave e input differenti per effettuare analisi di correlazione statistica delle informazioni di temporizzazione, fino al punto di recuperare completamente la chiave privata.
Ecco cosa asserisce Kocher: “Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext.”, cioè, contro sistemi vulnerabili, l’attacco è computazionalmente poco costoso e spesso richiede solo di conoscere testi cifrati e di ottenere i tempi necessari per la loro decifrazione.
15
Longo, Galea Jake. "Side-channel attacks : bridging the gap between theory and practice." Thesis, University of Bristol, 2016. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.720828.
Texto completo
16
Ambrose, Jude Angelo Computer Science & Engineering Faculty of Engineering UNSW. "Power analysis side channel attacks: the processor design-level context." Publisher:University of New South Wales. Computer Science & Engineering, 2009. http://handle.unsw.edu.au/1959.4/43756.
Texto completoResumen
The rapid increase in the use of embedded systems for performing secure transactions, has proportionally increased the security threats which are faced by such devices. Side channel attack, a sophisticated security threat to embedded devices like smartcards, mobile phones and PDAs, exploits the external manifestations like processing time, power consumption and electromagnetic emission to identify the internal computations. Power analysis attack, introduced by Kocher in 1998, is used by adversaries to eavesdrop on confidential data while the device is executing a secure transaction. The adversary observes the power trace dissipated/consumed by the chip during the encryption/decryption of the AES cryptographic program and predicts the secret key used for encryption by extracting necessary information from the power trace. Countermeasures proposed to overcome power analysis are data masking, table masking, current flattening, circuitry level solutions, dummy instruction insertions, balancing bit-flips, etc. All these techniques are either susceptible to multi-order side channel attacks, not sufficiently generic to cover all encryption algorithms, or burden the system with high area cost, run-time or energy consumption. The initial solution presented in this thesis is a HW/SW based randomised instruction injection technique, which infuses random instructions at random places during the execution of an application. Such randomisation obfuscates the secure information from the power profile, not allowing the adversary to extract the critical power segments for analysis. Further, the author devised a systematic method to measure the security level of a power sequence and used it to measure the number of random instructions needed, to suitably confuse the adversary. The proposed processor model costs 1.9% in additional area for a simplescalar processor, and costs on average 29.8% in runtime and 27.1% in additional energy consumption for six industry standard cryptographic algorithms. This design is extended to a processor architecture which automatically detects the execution of the most common encryption algorithms, starts to scramble the power waveform by adding randomly placed instructions with random register accesses, and stops injecting instructions when it is safe to do so. This approach has less overheads compared to previous solutions and avoids software instrumentation, allowing programmers with no special knowledge to use the system. The extended processor model costs an additional area of 1.2%, and an average of 25% in runtime and 28.5% in energy overheads for industry standard cryptographic algorithms. Due to the possibility of removing random injections using large number of samples (due to the random nature, a large number of samples will eliminate noise), the author proposes a multiprocessor 'algorithmic' balancing technique. This technique uses a dual processor architecture where two processors execute the same program in parallel, but with complementary intermediate data, thus balancing the bitflips. The second processor works in conjunction with the first processor for balancing only when encryption is performed, and both processors carry out independent tasks when no encryption is being performed. Both DES and AES cryptographic programs are investigated for balancing and the author shows that this technique is economical, while completely preventing power analysis attacks. The signature detection unit to capture encryption is also utilised, which is used in the instruction injection approach. This multiprocessor balancing approach reduces performance by 0.42% and 0.94% for AES and DES respectively. The hardware increase is 2X only when balancing is performed. Further, several future extensions for the balancing approach are proposed, by introducing random swapping of encryption iterations between cores. FPGA implementations of these processor designs are briefly described at the end of this thesis.
17
Lomne, Victor. "Power and Electro-Magnetic Side-Channel Attacks : threats and countermeasures." Thesis, Montpellier 2, 2010. http://www.theses.fr/2010MON20220.
Texto completoResumen
En cryptographie classique, un algorithme de chiffrement est considéré comme une boîte noire, et un attaquant n'a accès qu'aux textes clairs et chiffrés. Mais un circuit cryptographique émet aussi des informations sensibles lors d'une opération cryptographique, comme sa consommation de courant ou ses émissions électro-magnétiques. Par conséquent, différentes techniques, appelées attaques par canaux auxiliaires, permettent d'exploiter ces fuites d'informations physiques pour casser des algorithmes cryptographiques avec une complexité très faible en comparaison avec les méthodes de la cryptanalyse classique. Dans ce travail, les attaques par canaux auxiliaires basées sur la consommation de courant ou les émissions électro-magnétiques sont d'abord étudiées d'un point de vue algorithmique, et différentes améliorations sont proposées. Ensuite, une attention particulière est consacrée à l'exploitation du canal auxiliaire électro-magnétique, et un flot de simulation des radiations magnétiques des circuits intégrés est proposé et validé sur deux microcontrôleurs. Finalement, certaines contremesures permettant de protéger les algorithmes de chiffrement contre ces menaces, basées sur des styles de logique équilibrées, sont présentées et évaluées<br>In cryptography, a cipher is considered as a black-box, and an attacker has only access to plaintexts and ciphertexts. But a real world cryptographic device leaks additionnal sensitive informations during a cryptographic operation, such as power consumption or electro-magnetic radiations. As a result, several techniques, called Side-Channel Attacks, allow exploiting these physical leakages to break ciphers with a very low complexity in comparison with methods of classical cryptanalysis. In this work, power and electro-magnetic Side-Channel Attacks are firstly studied from an algorithmic point-of-view, and some improvements are proposed. Then, a particular attention is given on the exploitation of the electro-magnetic side-channel, and a simulation flow predicting magnetic radiations of ICs is proposed and validated on two microcontrollers. Finally, some countermeasures allowing to protect ciphers against these threats, based on balanced logic styles, are presented and evaluated
18
Miller, Rachel A. S. M. (Rachel Ann) Massachusetts Institute of Technology. "New cryptographic protocols With side-channel attack security." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/75684.
Texto completoResumen
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.<br>"June 2012." Cataloged from PDF version of thesis.<br>Includes bibliographical references (p. 76-80).<br>Cryptographic protocols implemented in real world devices are subject to tampering attacks, where adversaries can modify hardware or memory. This thesis studies the security of many different primitives in the Related-Key Attack (RKA) model, where the adversary can modify a secret key. We show how to leverage the RKA security of blockciphers to provide RKA security for a suite of high-level primitives. This motivates a more general theoretical question, namely, when is it possible to transfer RKA security from a primitive P1 to a primitive P2? We provide both positive and negative answers. What emerges is a broad and high level picture of the way achievability of RKA security varies across primitives, showing, in particular, that some primitives resist "more" RKAs than others. A technical challenge was to achieve RKA security without assuming the class of allowed tampering functions is "claw-free"; this mathematical assumption fails to describe how tampering occurs in practice, but was made for all prior constructions in the RKA model. To solve this challenge, we present a new construction of psuedorandom generators that are not only RKA secure but satisfy a new notion of identity-collision-resistance.<br>by Rachel A. Miller.<br>S.M.
19
Harris, Rae. "Spectre: Attack and Defense." Scholarship @ Claremont, 2019. https://scholarship.claremont.edu/scripps_theses/1384.
Texto completoResumen
Modern processors use architecture like caches, branch predictors, and speculative execution in order to maximize computation throughput. For instance, recently accessed memory can be stored in a cache so that subsequent accesses take less time. Unfortunately microarchitecture-based side channel attacks can utilize this cache property to enable unauthorized memory accesses. The Spectre attack is a recent example of this attack.
The Spectre attack is particularly dangerous because the vulnerabilities that it exploits are found in microprocessors used in billions of current systems. It involves the attacker inducing a victim’s process to speculatively execute code with a malicious input and store the recently accessed memory into the cache.
This paper describes the previous microarchitecture side channel attacks. It then describes the three variants of the Spectre attack. It describes and evaluates proposed defenses against Spectre.
20
Kiaei, Pantea. "Architecture Support for Countermeasures against Side-Channel Analysis and Fault Attack." Thesis, Virginia Tech, 2019. http://hdl.handle.net/10919/93537.
Texto completoResumen
The cryptographic algorithms are designed to be mathematically secure; however, side-channel analysis attacks go beyond mathematics by taking measurements of the device’s electrical activity to reveal the secret data of a cipher. These attacks also go hand in hand with fault analysis techniques to disclose the secret key used in cryptographic ciphers with even fewer measurements. This is of practical concern due to the ubiquity of embedded systems that allow physical access to the adversary such as smart cards, ATMs, etc.. Researchers through the years have come up with techniques to block physical attacks to the hardware or make such attacks less likely to succeed. Most of the conducted research consider one or the other of side-channel analysis and fault injection attacks whereas, in a real setting, the adversary can simultaneously take advantage of both to retrieve the secret data with less effort. Furthermore, very little work considers a software implementation of these ciphers although, with the availability of small and affordable or free microarchitectures, and flexibility and simplicity of software implementations, it is at times more practical to have a software implementation of ciphers instead of dedicated hardware chips.
In this project, we come up with a modular presentation, suitable for software implementation of ciphers, to allow having simultaneous resistance against side-channel and fault analysis attacks. We also present an extension at the microarchitecture level to make our proposed countermeasures more intact and efficient.<br>M.S.<br>Ciphers are algorithms designed by mathematicians. They protect data by encrypting them. In one of the main categories of these ciphers, called symmetric-key ciphers, a secret key is used to both encrypt and decrypt the data. Once the secret key of a cipher is retrieved, anyone can find the decoded data and thereby access the original data. Cryptographers traditionally sought to design ciphers in such a way that no adversary could reveal the secret key by finding holes in the algorithm. However, this has been shown insufficient for a specific implementation of a cryptographic algorithm to be considered as “unbreakable” since the physical properties of the implementation, can help an adversary find the secret key and break the encryption. Analyzing these physical properties can be either active; by making controlled changes in the normal progress of its execution, or passive; by merely measuring the physical properties during normal execution.
Designers try to take these analyses into account when implementing a cryptographic function and so, in this project, we aim to present architectural support for a combination of some of the countermeasures.
21
Muir, James. "Techniques of Side Channel Cryptanalysis." Thesis, University of Waterloo, 2001. http://hdl.handle.net/10012/1098.
Texto completoResumen
The traditional model of cryptography examines the security of cryptographic primitives as mathematical functions. This approach does not account for the physical side effects of using these primitives in the real world. A more realistic model employs the concept of a <I>side channel</I>. A side channel is a source of information that is inherent to a physical implementation of a primitive. Research done in the last half of the 1990s has shown that the information transmitted by side channels, such as execution time, computational faults and power consumption, can be detrimental to the security of ciphers like DES and RSA. This thesis surveys the techniques of side channel cryptanalysis presented in [Kocher1996], [Boneh1997], and [Kocher1998] and shows how side channel information can be used to break implementations of DES and RSA. Some specific techniques covered include the timing attack, differential fault analysis, simple power analysis and differential power analysis. Possible defenses against each of these side channel attacks are also discussed.
22
Lerman, Liran. "A machine learning approach for automatic and generic side-channel attacks." Doctoral thesis, Universite Libre de Bruxelles, 2015. http://hdl.handle.net/2013/ULB-DIPOT:oai:dipot.ulb.ac.be:2013/209070.
Texto completoResumen
L'omniprésence de dispositifs interconnectés amène à un intérêt massif pour la sécurité informatique fournie entre autres par le domaine de la cryptographie. Pendant des décennies, les spécialistes en cryptographie estimaient le niveau de sécurité d'un algorithme cryptographique indépendamment de son implantation dans un dispositif. Cependant, depuis la publication des attaques d'implantation en 1996, les attaques physiques sont devenues un domaine de recherche actif en considérant les propriétés physiques de dispositifs cryptographiques. Dans notre dissertation, nous nous concentrons sur les attaques profilées. Traditionnellement, les attaques profilées appliquent des méthodes paramétriques dans lesquelles une information a priori sur les propriétés physiques est supposée. Le domaine de l'apprentissage automatique produit des modèles automatiques et génériques ne nécessitant pas une information a priori sur le phénomène étudié.<p><p>Cette dissertation apporte un éclairage nouveau sur les capacités des méthodes d'apprentissage automatique. Nous démontrons d'abord que les attaques profilées paramétriques surpassent les méthodes d'apprentissage automatique lorsqu'il n'y a pas d'erreur d'estimation ni d'hypothèse. En revanche, les attaques fondées sur l'apprentissage automatique sont avantageuses dans des scénarios réalistes où le nombre de données lors de l'étape d'apprentissage est faible. Par la suite, nous proposons une nouvelle métrique formelle d'évaluation qui permet (1) de comparer des attaques paramétriques et non-paramétriques et (2) d'interpréter les résultats de chaque méthode. La nouvelle mesure fournit les causes d'un taux de réussite élevé ou faible d'une attaque et, par conséquent, donne des pistes pour améliorer l'évaluation d'une implantation. Enfin, nous présentons des résultats expérimentaux sur des appareils non protégés et protégés. La première étude montre que l'apprentissage automatique a un taux de réussite plus élevé qu'une méthode paramétrique lorsque seules quelques données sont disponibles. La deuxième expérience démontre qu'un dispositif protégé est attaquable avec une approche appartenant à l'apprentissage automatique. La stratégie basée sur l'apprentissage automatique nécessite le même nombre de données lors de la phase d'apprentissage que lorsque celle-ci attaque un produit non protégé. Nous montrons également que des méthodes paramétriques surestiment ou sous-estiment le niveau de sécurité fourni par l'appareil alors que l'approche basée sur l'apprentissage automatique améliore cette estimation. <p><p>En résumé, notre thèse est que les attaques basées sur l'apprentissage automatique sont avantageuses par rapport aux techniques classiques lorsque la quantité d'information a priori sur l'appareil cible et le nombre de données lors de la phase d'apprentissage sont faibles.<br>Doctorat en Sciences<br>info:eu-repo/semantics/nonPublished
23
Chabrier, Thomas. "Arithmetic recodings for ECC cryptoprocessors with protections against side-channel attacks." Phd thesis, Université Rennes 1, 2013. http://tel.archives-ouvertes.fr/tel-00910879.
Texto completoResumen
This PhD thesis focuses on the study, the hardware design, the theoretical and practical validation, and eventually the comparison of different arithmetic operators for cryptosystems based on elliptic curves (ECC). Provided solutions must be robust against some side-channel attacks, and efficient at a hardware level (execution speed and area). In the case of ECC, we want to protect the secret key, a large integer, used in the scalar multiplication. Our protection methods use representations of numbers, and behaviour of algorithms to make more difficult some attacks. For instance, we randomly change some representations of manipulated numbers while ensuring that computed values are correct. Redundant representations like signed-digit representation, the double- (DBNS) and multi-base number system (MBNS) have been studied. A proposed method provides an on-the-fly MBNS recoding which operates in parallel to curve-level operations and at very high speed. All recoding techniques have been theoretically validated, simulated extensively in software, and finally implemented in hardware (FPGA and ASIC). A side-channel attack called template attack is also carried out to evaluate the robustness of a cryptosystem using a redundant number representation. Eventually, a study is conducted at the hardware level to provide an ECC cryptosystem with a regular behaviour of computed operations during the scalar multiplication so as to protect against some side-channel attacks.
24
Gürkaynak, Frank Kağan. "GALS system design side channel attack secure cryptographic accelerators." Konstanz Hartung-Gorre, 2006. http://e-collection.ethbib.ethz.ch/ecol-pool/diss/fulltext/eth16351.pdf.
Texto completo
25
Borowczak, Mike. "Side channel attack resistance| Migrating towards high level methods." Thesis, University of Cincinnati, 2013. http://pqdtopen.proquest.com/#viewpdf?dispub=3601397.
Texto completoResumen
<p> Our world is moving towards ubiquitous networked computing with unstoppable momentum. With technology available at our every finger tip, we expect to connect quickly, cheaply, and securely on the sleekest devices. While the past four decades of design automation research has focused on making integrated circuits smaller, cheaper and quicker the past decade has drawn more attention towards security. Though security within the scope of computing is a large domain, the focus of this work is on the elimination of computationally based power byproducts from high-level device models down to physical designs and implementations The scope of this dissertation is within the analysis, attack and protection of power based side channels. Research in the field concentrates on determining, masking and/or eliminating the sources of data dependent information leakage within designs. While a significant amount of research is allocated to reducing this leakage at low levels of abstraction, significantly less research effort has gone into higher levels of abstraction. This dissertation focuses on both ends of the design spectrum while motivating the future need for hierarchical side channel resistance metrics for hardware designs. Current low level solutions focus on creating perfectly balanced standard cells through various straight-forward logic styles. Each of these existing logic styles, while enhancing side channel resistance by reducing the channels' variance, come at significant design expense in terms of area footprint, power consumption, delay and even logic style structure. The first portion of this proposal introduces a universal cell based on a dual multiplexer, implemented using a pass-transistor logic which approaches and exceeds some standard cell cost benchmarks. The proposed cell and circuit level methods shows significant improvements in security metrics over existing cells and approaches standard CMOS cell and circuit performance by reducing area, power consumption and delay. While most low level works stop at the cell level, this work also investigates the impact of environmental factors on security. On the other end of the design spectrum, existing secure architecture and algorithm research attempts to mask side channels through random noise, variable timing, instruction reordering and other similar methods. These methods attempt to obfuscate the primary source of information with side channels. Unfortunately, in most cases, the techniques are still susceptible to attack - of those with promise, most are algorithm specific. This dissertation approaches high-level security by eliminating the relationship between high level side channel models and the side channels themselves. This work discusses two different solutions targeting architecture level protection. The first, deals with the protection of Finite State Machines, while the seconds deals with protection of a class of cryptographic algorithms using Feedback Shift Registers. This dissertation includes methods for reducing the power overhead of any FSM circuit (secured or not). The solutions proposed herein render potential side channel models moot by eliminating or reducing the model's data dependent variability. Designers unwilling to compromise on a doubling of area can include some sub-optimal security to their devices. </p>
26
Tiran, Sébastien. "Side Channels in the Frequency Domain." Thesis, Montpellier 2, 2013. http://www.theses.fr/2013MON20164/document.
Texto completoResumen
De nos jours, l'emploi de la cryptographie est largement répandu et les circuits intègrent des primitives cryptographiques pour répondre à des besoins d'identification, de confidentialité, ... dans de nombreux domaines comme la communication, la PayTV, ...La sécurisation de ces circuits est donc un enjeu majeur. Les attaques par canaux cachés consistent à espionner ces circuits par différents biais comme le temps de calcul, la consommation en courant ou les émanations électromagnétiques pour obtenir des informations sur les calculs effectués et retrouver des secrets comme les clefs de chiffrement. Ces attaques ont l'avantage d'être indétectables, peu couteuses et ont fait l'objet des nombreuses études. Dans le cadre des attaques par analyse de la consommation en courant ou des émanations électromagnétiques l'acquisition de bonnes courbes est un point crucial. Malgré la forte utilisation de techniques de prétraitement dans la littérature, personne n'a tenté d'établir un modèle de fuite dans le domaine fréquentiel. Les travaux effectués durant cette thèse se concentrent donc sur cet aspect avec pour intérêt d'améliorer l'efficacité des attaques. De plus, de nouvelles attaques dans le domaine fréquentiel sont proposées, sujet peu étudié malgré l'intérêt de pouvoir exploiter plus efficacement la fuite éparpillée dans le temps<br>Nowadays, the use of cryptography is widely spread, and a lot of devices provide cryptographic functions to satisfy needs such as identification, confidentiality, ... in several fields like communication, PayTV, ...Security of these devices is thus a major issue.Side Channel Attacks consist in spying a circuit through different means like the computation time, power consumption or electromagnetic emissions to get information on the performed calculus and discover secrets such as the cipher keys.These attacks have the advantage to be cheap and undetectable, and have been studied a lot.In the context of attacks analysing the power consumption or the electromagnetic emissions, the acquisition of good traces is a crucial point.Despite the high use of preprocessing techniques in the literature, nobody has attempted to model the leakage in the frequency domain.The works performed during this thesis are focusing on this topic with the motivation of improving the efficiency of attacks.What's more, new frequency domain attacks are proposed, subject poorly studied despite the advantage of better exploiting the leakage spread in time
27
Jeong, Taehoon. "Secure analog-to-digital conversion against power side-channel attack." Thesis, Massachusetts Institute of Technology, 2020. https://hdl.handle.net/1721.1/127018.
Texto completoResumen
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, May, 2020<br>Cataloged from the official PDF of thesis.<br>Includes bibliographical references (pages 125-129).<br>At the interface between analog circuits and a digital processor, an ADC can create a critical hardware security loophole. By exploiting the power side-channel leakage of the ADC, an attacker can expose the private signal chain data. Having recognized the security threat, this thesis explores both aspects of the SAR ADC power side-channel attack (PSA): attack method and its countermeasure. Firstly, this thesis proposes two neural-network-based SAR ADC PSA methods based on multi-layer perceptron net-works (MLP-PSA) and convolutional neural networks (CNN-PSA). When applied to a SAR ADC without PSA protection, the proposed attack methods decode the power supply current waveforms of the SAR ADC into the corresponding A/D conversion results with very high accuracy, demonstrating themselves as powerful ADC PSA methods. Secondly, this thesis proposes a current-equalizer-based SAR ADC PSA countermeasure. A 12-bit, 1.25MS/s prototype SAR ADC is implemented in 65nm CMOS technology for the proof-of-concept. With the proposed PSA countermeasure, the prototype SAR ADC demonstrated a strong PSA-resistance against MLP-PSA. Due to the second-order power side-channel leakage sources of a current equalizer, the prototype SAR ADC showed weaker PSA-resistance against CNN-PSA, but generally protected a significant portion of the information from the attack.<br>by Taehoon Jeong.<br>Ph. D.<br>Ph.D. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
28
Kathuria, Tarun. "Gate-level Leakage Assessment and Mitigation." Thesis, Virginia Tech, 2019. http://hdl.handle.net/10919/101862.
Texto completoResumen
Side-channel leakage, caused by imperfect implementation of cryptographic algorithms in
hardware, has become a serious security threat for connected devices that generate and
process sensitive data. This side-channel leakage can divulge secret information in the form of
power consumption or electromagnetic emissions. The side-channel leakage of a crytographic
device is commonly assessed after tape-out on a physical prototype.
This thesis presents a methodology called Gate-level Leakage Assessment (GLA), which
evaluates the power-based side-channel leakage of an integrated circuit at design time. By
combining side-channel leakage assessment with power simulations on the gate-level netlist,
GLA is able to pinpoint the leakiest cells in the netlist in addition to assessing the overall
side-channel vulnerability to side-channel leakage. As the power traces obtained from power
simulations are noiseless, GLA is able to precisely locate the sources of side-channel leakage
with fewer measurements than on a physical prototype. The thesis applies the methodology
on the design of a encryption co-processor to analyze sources of side-channel leakage.
Once the gate-level leakage sources are identified, this thesis presents a logic level replacement
strategy for the leakage sources that can thwart side-channel leakage. The countermeasures
presented selectively replaces gate-level cells with a secure logic style effectively removing
the side-channel leakage with minimal impact in area. The assessment methodology along
with the countermeasures demonstrated is a turnkey solution for IP module designers and
is also applicable to larger system level designs.<br>Master of Science
29
Yao, Yuan. "Towards Comprehensive Side-channel Resistant Embedded Systems." Diss., Virginia Tech, 2021. http://hdl.handle.net/10919/104662.
Texto completoResumen
Embedded devices almost involve every part of our lives, such as health condition monitoring, communicating with other people, traveling, financial transactions, etc. Within the embedded devices, our private information is utilized, collected and stored. Cryptography is the security mechanism within the embedded devices for protecting this secret information. However, cryptography algorithms can still be analyzed and attacked by malicious adversaries to steal secret data. There are different categories of attacks towards embedded devices, and the side-channel attack is one of the powerful attacks.
Unlike analyzing the vulnerabilities within the cryptography algorithm itself in traditional attacks, the side-channel attack observes the physical effect signals while the cryptography algorithm runs on the device. These physical effects include the power consumption of the devices, timing, electromagnetic radiations, etc., and we call these physical effects that carry secret information side-channel leakage. By statistically analyzing these side-channel leakages, an attacker can reconstruct the secret information.
The manifestation of side-channel leakage happens at the hardware level. Therefore, the designer has to ensure that the hardware design of the embedded system is secure against side-channel attacks. However, it is very arduous work. An embedded systems design including a large number of electronic components makes it very difficult to comprehensively capture every side-channel vulnerability, locate the root cause of the side-channel leakage, and efficiently fix the vulnerabilities. In this dissertation, we developed methodologies that can help designers detect and fix side-channel vulnerabilities within the embedded system design at low cost and early design stage.<br>Doctor of Philosophy<br>Side-channel leakage, which reveals the secret information from the physical effects of computing secret variables, has become a serious vulnerability in secure hardware and software implementations. In side-channel attacks, adversaries passively exploit variations such as power consumption, timing, and electromagnetic emission during the computation with secret variables to retrieve sensitive information. The side-channel attack poses a practical threat to embedded devices, an embedded device's cryptosystem without adequate protection against side-channel leakage can be easily broken by the side-channel attack.
In this dissertation, we investigate methodologies to build up comprehensive side-channel resistant embedded systems. However, this is challenging because of the complexity of the embedded system. First, an embedded system integrates a large number of components. Even if the designer can make sure that each component is protected within the system, the integration of the components will possibly introduce new vulnerabilities. Second, the existing side-channel leakage evaluation of embedded system design happens post-silicon and utilizes the measurement on the prototype of the taped-out chip. This is too late for mitigating the vulnerability in the design. Third, due to the complexity of the embedded system, even though the side-channel leakage is detected, it is very hard to precisely locate the root cause within the design. Existing side-channel attack countermeasures are very costly in terms of design overhead. Without a method that can precisely identify the side-channel leakage source within the design, huge overhead will be introduced by blindly add the side-channel countermeasure to the whole design. To make the challenge even harder, the Power Distribution Network (PDN) where the hardware design locates is also vulnerable to side-channel attacks. It has been continuously demonstrated by researchers that attackers can place malicious circuits on a shared PDN with victim design and open the opportunities for the attackers to inject faults or monitoring power changes of the victim circuit.
In this dissertation, we address the challenges mentioned above in designing a side-channel-resistant embedded system. We categorize our contributions into three major aspects—first, we investigating the effects of integration of security components and developing corresponding countermeasures. We analyze the vulnerability in a widely used countermeasure - masking, and identify that the random number transfer procedure is a weak link in the integration which can be bypassed by the attacker. We further propose a lightweight protection scheme to protect function calls from instruction skip fault attacks. Second, we developed a novel analysis methodology for pre-silicon side-channel leakage evaluation and root cause analysis. The methodology we developed enables the designer to detect the side-channel leakage at the early pre-silicon design stage, locate the leakage source in the design precisely to the individual gate and apply highly targeted countermeasure with low overhead. Third, we developed a multipurpose on-chip side-channel and fault monitoring extension - Programmable Ring Oscillator (PRO), to further guarantee the security of PDN. PRO can provide on-chip side-channel resistance, power monitoring, and fault detection capabilities to the secure design. We show that PRO as application-independent integrated primitives can provide side-channel and fault countermeasure to the design at a low cost.
30
Sinha, Ambuj Sudhir. "Design Techniques for Side-channel Resistant Embedded Software." Thesis, Virginia Tech, 2011. http://hdl.handle.net/10919/34465.
Texto completoResumen
Side Channel Attacks (SCA) are a class of passive attacks on cryptosystems that exploit implementation characteristics of the system. Currently, a lot of research is focussed towards developing countermeasures to side channel attacks. In this thesis, we address two challenges that are an inherent part of the efficient implementation of SCA countermeasures. While designing a system, design choices made for enhancing the efficiency or performance of the system can also affect the side channel security of the system. The first challenge is that the effect of different design choices on the side channel resistance of a system is currently not well understood. It is important to understand these effects in order to develop systems that are both secure and efficient. A second problem with incorporating SCA countermeasures is the increased design complexity. It is often difficult and time consuming to integrate an SCA countermeasure in a larger system.
In this thesis, we explore that above mentioned problems from the point of view of developing embedded software that is resistant to power based side channel attacks. Our first work is an evaluation of different software AES implementations, from the perspective of side channel resistance, that shows the effect of design choices on the security and performance of the implementation. Next we present work that identifies the problems that arise while designing software for a particular type of SCA resistant architecture - the Virtual Secure Circuit. We provide a solution in terms of a methodology that can be used for developing software for such a system - and also demonstrate that this methodology can be conveniently automated - leading to swifter and easier software development for side channel resistant designs.<br>Master of Science
31
Inci, Mehmet Sinan. "Micro-architectural Threats to Modern Computing Systems." Digital WPI, 2019. https://digitalcommons.wpi.edu/etd-dissertations/528.
Texto completoResumen
With the abundance of cheap computing power and high-speed internet, cloud and mobile computing replaced traditional computers. As computing models evolved, newer CPUs were fitted with additional cores and larger caches to accommodate run multiple processes concurrently. In direct relation to these changes, shared hardware resources emerged and became a source of side-channel leakage. Although side-channel attacks have been known for a long time, these changes made them practical on shared hardware systems. In addition to side-channels, concurrent execution also opened the door to practical quality of service attacks (QoS). The goal of this dissertation is to identify side-channel leakages and architectural bottlenecks on modern computing systems and introduce exploits. To that end, we introduce side-channel attacks on cloud systems to recover sensitive information such as code execution, software identity as well as cryptographic secrets. Moreover, we introduce a hard to detect QoS attack that can cause over 90+\% slowdown. We demonstrate our attack by designing an Android app that causes degradation via memory bus locking. While practical and quite powerful, mounting side-channel attacks is akin to listening on a private conversation in a crowded train station. Significant manual labor is required to de-noise and synchronizes the leakage trace and extract features. With this motivation, we apply machine learning (ML) to automate and scale the data analysis. We show that classical machine learning methods, as well as more complicated convolutional neural networks (CNN), can be trained to extract useful information from side-channel leakage trace. Finally, we propose the DeepCloak framework as a countermeasure against side-channel attacks. We argue that by exploiting adversarial learning (AL), an inherent weakness of ML, as a defensive tool against side-channel attacks, we can cloak side-channel trace of a process. With DeepCloak, we show that it is possible to trick highly accurate (99+\% accuracy) CNN classifiers. Moreover, we investigate defenses against AL to determine if an attacker can protect itself from DeepCloak by applying adversarial re-training and defensive distillation. We show that even in the presence of an intelligent adversary that employs such techniques, DeepCloak still succeeds.
32
Méndez, Real Maria. "Spatial Isolation against Logical Cache-based Side-Channel Attacks in Many-Core Architectures." Thesis, Lorient, 2017. http://www.theses.fr/2017LORIS454/document.
Texto completoResumen
L’évolution technologique ainsi que l’augmentation incessante de la puissance de calcul requise par les applications font des architectures ”many-core” la nouvelle tendance dans la conception des processeurs. Ces architectures sont composées d’un grand nombre de ressources de calcul (des centaines ou davantage) ce qui offre du parallélisme massif et un niveau de performance très élevé. En effet, les architectures many-core permettent d’exécuter en parallèle un grand nombre d’applications, venant d’origines diverses et de niveaux de sensibilité et de confiance différents, tout en partageant des ressources physiques telles que des ressources de calcul, de mémoire et de communication. Cependant, ce partage de ressources introduit également des vulnérabilités importantes en termes de sécurité. En particulier, les applications sensibles partageant des mémoires cache avec d’autres applications, potentiellement malveillantes, sont vulnérables à des attaques logiques de type canaux cachés basées sur le cache. Ces attaques, permettent à des applications non privilégiées d’accéder à des informations secrètes sensibles appartenant à d’autres applications et cela malgré des méthodes de partitionnement existantes telles que la protection de la mémoire et la virtualisation. Alors que d’importants efforts ont été faits afin de développer des contremesures à ces attaques sur des architectures multicoeurs, ces solutions n’ont pas été originellement conçues pour des architectures many-core récemment apparues et nécessitent d’être évaluées et/ou revisitées afin d’être applicables et efficaces pour ces nouvelles technologies. Dans ce travail de thèse, nous proposons d’étendre les services du système d’exploitation avec des mécanismes de déploiement d’applications et d’allocation de ressources afin de protéger les applications s’exécutant sur des architectures many-core contre les attaques logiques basées sur le cache. Plusieurs stratégies de déploiement sont proposées et comparées à travers différents indicateurs de performance. Ces contributions ont été implémentées et évaluées par prototypage virtuel basé sur SystemC et sur la technologie ”Open Virtual Platforms” (OVP)<br>The technological evolution and the always increasing application performance demand have made of many-core architectures the necessary new trend in processor design. These architectures are composed of a large number of processing resources (hundreds or more) providing massive parallelism and high performance. Indeed, many-core architectures allow a wide number of applications coming from different sources, with a different level of sensitivity and trust, to be executed in parallel sharing physical resources such as computation, memory and communication infrastructure. However, this resource sharing introduces important security vulnerabilities. In particular, sensitive applications sharing cache memory with potentially malicious applications are vulnerable to logical cache-based side-channel attacks. These attacks allow an unprivileged application to access sensitive information manipulated by other applications despite partitioning methods such as memory protection and virtualization. While a lot of efforts on countering these attacks on multi-core architectures have been done, these have not been designed for recently emerged many-core architectures and require to be evaluated, and/or revisited in order to be practical for these new technologies. In this thesis work, we propose to enhance the operating system services with security-aware application deployment and resource allocation mechanisms in order to protect sensitive applications against cached-based attacks. Different application deployment strategies allowing spatial isolation are proposed and compared in terms of several performance indicators. Our proposal is evaluated through virtual prototyping based on SystemC and Open Virtual Platforms(OVP) technology
33
Khan, Ahmed Waheed. "Towards Utilization of Distributed On-Chip Power Delivery Against EM Side-Channel Attacks." Scholar Commons, 2018. http://scholarcommons.usf.edu/etd/7178.
Texto completoResumen
Non-invasive side-channel attacks (SCAs) are potent attacks on a cryptographic circuit that can reveal its secret key without requiring lots of equipment. EM side-channel leakage is typically the derivative of the power consumption profile of a circuit. Since the fluctuations of the supply voltage strongly depend on the topology and features of the power distribution network (PDN), design of the PDN has a direct impact on EM side-channel leakage signature.
In this thesis, we explore the security implications of distributed on-chip voltage regulators against EM side-channel attacks. Extensive HFSS simulations have demonstrated that the maximum EM radiation can be reduced by 33 dB and 11 dB, respectively, at the top and bottom sides of an integrated circuit through distributed on-chip voltage regulation. The primary reason is that the power is delivered locally through partially shorter and thinner metal lines as compared to off-chip implementation.
34
Bazm, Mohammad Mahdi. "Unified isolation architecture and mechanisms against side channel attacks for decentralized cloud infrastructures." Thesis, Nantes, 2019. http://www.theses.fr/2019NANT4042.
Texto completoResumen
Depuis les travaux de Ristenpart [Ristenpart et al., 2009], les attaques par canaux auxiliaires se sont imposées comme un enjeu sécurité important pour les environnements virtualises, avec une amélioration rapide des techniques d’attaque, et de nombreux travaux de recherche pour les détecter et s’en prémunir. Ces attaques exploitent le partage de ressources matérielles comme les différents niveaux de cache processeur entre des locataires multiples en utilisant la couche de virtualisation. Il devient alors possible d’en contourner les mécanismes de sécurité entre différentes instances virtualisées, par exemple pour obtenir des informations sensibles comme des clés cryptographiques. L’analyse des défis d’isolation et des formes d’attaques par canaux auxiliaires basées sur le cache dans les infrastructures virtualisées met en évidence différentes approches pour les détecter ou les contrer, entre machines virtuelles ou conteneurs Linux. Ces approches se distinguent selon la couche logicielle ou seront appliquées les contre-mesures, applicative, système ou matérielle. La détection reste principalement effectuée au niveau de la couche système ou de virtualisation, ce niveau permettant simplement d’analyser le comportement des instances virtualisées. De nouvelles formes distribuées d’attaques ont aussi pu être mises en évidence. Pour la détection, nous explorons une approche combinant des compteurs de performance matériels (HPCs) et la technologie Intel CMT (Cache Monitoring Technology), s’appuyant également sur la détection d’anomalies pour identifier les machines virtuelles ou les conteneurs malveillants. Les résultats obtenus montrent un taux élevé de détection d’attaques. Pour la réaction, nous proposons une approche de Moving Target Defense (MTD) pour interrompre une attaque entre deux conteneurs Linux, ce qui permet de rendre la configuration du système plus dynamique et plus difficilement attaquable, a différents niveaux du système et du cloud. Cette approche ne nécessite pas d’apporter de modification dans l’OS invite ou dans l’hyperviseur, avec de plus un surcoût très faible en performance. Nous explorons enfin l’utilisation de techniques d’exécution matérielle a base d’enclaves comme Intel SGX (Software Guard Extensions) pour assurer une exécution repartie de confiance de conteneurs Linux sur des couches logicielles qui ne le sont pas nécessairement. Ceci s’est traduit par la proposition d’un modèle d’exécution repartie sur infrastructure Fog pour conteneurs Linux. Il s’agit d’un premier pas vers une infrastructure repartie sécurisée Fog illustrant le potentiel de telles technologies<br>Since their discovery by Ristenpart [Ristenpart et al., 2009], the security concern of sidechannelattacks is raising in virtualized environments such as cloud computing infrastructuresbecause of rapid improvements in the attack techniques. Therefore, the mitigationand the detection of such attacks have been getting more attention in these environments,and consequently have been the subject of intense research works.These attacks exploit for instance sharing of hardware resources such as the processorin virtualized environments. Moreover, the resources are often shared between differentusers at very low-level through the virtualization layer. As a result, such sharing allowsbypassing security mechanisms implemented at virtualization layer through such a leakysharing. Cache levels of the processor are the resources which are shared between instances,and play as an information disclosure channel. Side-channel attacks thus use this leakychannel to obtain sensitive information such as cryptographic keys.Different research works are already exist on the detection/mitigation of these attackin information systems. Mitigation techniques of cache-based side-channel attacks aremainly divided into three classes according to different layer of application in cloud infrastructures(i.e., application, system, and hardware). The detection is essentially done atOS/hypervisor layer because of possibility of analyzing virtualized instances behavior atboth layers.In this thesis, we first provide a survey on the isolation challenge and on the cachebasedside-channel attacks in cloud computing infrastructures. We then present differentapproaches to detect/mitigate cross-VM/cross-containers cache-based side-channel attacks.Regarding the detection of cache-based side-channel attacks, we achieve that by leveragingHardware performance Counters (HPCs) and Intel Cache Monitoring Technology (CMT)with anomaly detection approaches to identify a malicious virtual machine or a Linux container.Our experimental results show a high detection rate.We then leverage an approach based on Moving Target Defense (MTD) theory to interrupta cache-based side-channel attack between two Linux containers. MTD allows us tomake the configuration of system more dynamic and consequently more harder to attackby an adversary, by using shuffling at different level of system and cloud. Our approachdoes not need to carrying modification neither into the guest OS or the hypervisor. Experimentalresults show that our approach imposes very low performance overhead.We also discuss the challenge of isolated execution on remote hosts, different scenariosto secure execution of Linux containers on remote hosts and different trusted executiontechnologies for cloud computing environments. Finally, we propose a secure model fordistributed computing through using Linux containers secured by Intel SGX, to performtrusted execution on untrusted Fog computing infrastructures
35
Paglialonga, Clara [Verfasser], Sebastian [Akademischer Betreuer] Faust, and Stefan [Akademischer Betreuer] Dziembowski. "Provable Secure Countermeasures Against Side-Channel Attacks / Clara Paglialonga ; Sebastian Faust, Stefan Dziembowski." Darmstadt : Universitäts- und Landesbibliothek, 2021. http://d-nb.info/1234657783/34.
Texto completo
36
Banciu, Valentina. "Side-channel information extraction and exploitation in the context of single trace attacks." Thesis, University of Bristol, 2016. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.701650.
Texto completoResumen
This thesis is dedicated to the study of single trace attacks, a sub-class of profiled power analysis attacks which is receiving an increased amount of attention in recent years. In practice, an adversary will consider single trace attacks when they can only get access to a limited number of power traces from the targeted device but have unlimited access to an identical test device. This scenario is highly realistic, and even implementations protected with simple countermeasures such as masking or shuffling remain theoretically vulnerable. As a natural representation of the above specified preconditions, single trace attacks generally consist of two interdependent phases: side-channel information extraction and exploitation. Our goal is to study the trade-off between the invested effort in the first phase and the subsequent required effort in the second phase. This information can be used to e.g. assess the feasibility or 'budget' the effort when considering specific implementations. From this perspective, the first question we ask is which classifiers or methods are most likely to return the correct side-channel information among their first (say s) ranked outputs. We investigate multiple combinations of data transformation techniques, feature selection algorithms and machine learning classifiers, utilising two data sets with different leakage characteristics. We systematically report results considering increasing numbers of points of interest and training traces. Next, we compare and contrast the two classic approaches (which we call 'pragmatic' and 'elegant') to information exploitation. Attacks from the first category are more error-resilient, in the sense that they allow for s taking relatively larger values. We then describe a pragmatic attack in a scenario that we consider to be ~ore realistic than previously tested, and possible optimisations. Finally, targeting publicly available software implementations for a suite of encryption algorithms, we investigate which cipher properties contribute to the success of single trace attacks.
37
Poggi, Davide. "Simulating and interpreting EM side-channel attacks at chip level prior to fabrication." Electronic Thesis or Diss., Université de Montpellier (2022-....), 2022. http://www.theses.fr/2022UMONS006.
Texto completoResumen
Au cours des dernières décennies, les attaques par canal latéral (SCA) ont démontré leur dangerosité dans la récupération des données sensibles des circuits intégrés. Parmi ces attaques, celles exploitant les rayonnements électromagnétiques des circuits intégrés sont particulièrement efficaces. En effet, les adversaires n'ont besoin de trouver qu'un seul point chaud (position de la sonde EM sur la surface du CI) où il y a une fuite exploitable pour compromettre la sécurité du circuit. En conséquence, la conception de circuits intégrés sécurisés et robustes contre ces attaques est incroyablement difficile car les concepteurs doivent garantir qu'il n'y a pas de point chaud sur l'ensemble du circuit intégré surface. Cette tâche est d'autant plus difficile qu'il n'existe pas d'outil CAO permettant de vérifier la robustesse des circuits intégrés contre EM SCA au stade de la conception, c'est-à-dire avant la fabrication. Dans cette thèse un flux de simulation permettant de reproduire EM SCA par simulation est proposé. Le Biot-Savart loi est utilisée pour modéliser le champ magnétique rayonné par des circuits intégrés entiers et une méthodologie innovante, appelé Noise-to-Add, est introduit. Ce dernier permet de pallier l'absence de bruit dans simulations et interpréter correctement les résultats des attaques par corrélation de simulation<br>In the last decades, side-channel attacks (SCA) have demonstrated their dangerousnessin retrieving sensitive data from ICs. Among these attacks, those exploiting EM radiationsof ICs are particularly efficient. Indeed, adversaries need to find only one hotspot (positionof the EM probe over the IC surface) where there is an exploitable leakage to compromisethe security of the circuit. As a result, designing secure ICs robust against these attacks isincredibly difficult because designers must warrant there is no hotspot over the whole ICsurface. This task is all the more difficult as there is no CAD tool allowing to verify therobustness of ICs against EM SCA at the design stage, i.e. prior to fabrication. In this thesisa simulation flow allowing to reproduce EM SCA by simulation is proposed. The Biot-Savartlaw is used to model the magnetic field radiated by entire ICs and an innovative methodology, called Noise-to-Add, is introduced. This latter allows to overcome the absence of noise in simulations and correctly interpret simulation correlation attacks results
38
Casalino, Lorenzo. "(On) The Impact of the Micro-architecture on Countermeasures against Side-Channel Attacks." Electronic Thesis or Diss., Sorbonne université, 2024. http://www.theses.fr/2024SORUS036.
Texto completoResumen
Les attaques par canaux auxiliaires sont une menace pour la confidentialité des données, en particulier sur les systèmes embarqués. La contre-mesure de masquage constitue une approche de protection sûre et prouvée. Néanmoins, des réalités physiques réduisent les garanties de sécurité prouvées. En particulier, dans le contexte logiciel, le jeu d'instructions (ISA) supporté par un processeur cache au concepteur du schéma de masquage l'une des causes de cette réduction de la sécurité : la micro-architecture. Ainsi, le concepteur ne peut pas déterminer les sources de fuite induites par la micro-architecture et leur impact sur la sécurité d'une implémentation logicielle. Des informations peuvent fuir, par exemple, lors des transitions d'état dans les registres cachés, ou si les signaux dans des éléments combinatoires ont des temps de propagation différents. À cela s'ajoutent les effets de mécanismes spéculatifs potentiels et de la structuration du système mémoire. Plusieurs méthodologies permettent d'atténuer l'impact de la micro-architecture sur les implémentations logicielles masquées, mais ces travaux requièrent une connaissance fine de la micro-architecture, ce qui a plusieurs inconvénients : portabilité limitée des garanties de sécurité entre différentes micro-architectures, connaissance souvent incomplète de la micro-architecture, complexité des micro-architectures. On peut donc se demander s'il existe des approches moins dépendantes de la micro-architecture sous-jacente. Dans cette thèse, nous abordons, selon deux axes, la problématique du développement de logiciels masqués sécurisés en pratique contre les attaques par canal auxiliaire. Le premier axe vise le développement automatisé de logiciel masqué résistant aux fuites en transitions. Nous proposons une méthodologie qui tire parti des compilateurs optimisants : étant donné une implémentation logicielle, annotée avec des informations relatives aux données sensibles et une description de la micro-architecture cible, nous montrons comment l'ordonnancement des instructions et l'allocation des registres peut atténuer les fuites basées sur les transitions de manière automatisée. Le deuxième axe vise une approche indépendante de l'architecture cible. Dans la littérature, les travaux se concentrent en majorité sur l'atténuation de l'impact de la micro-architecture sur les implémentations logicielles protégées par le schéma de masquage Booléen. D'autres types de schémas de masquage ont été montrés plus résistants aux fuites en transition en théorie, et donc potentiellement aux effets de la micro-architecture de la cible. Cependant, leur résistance en pratique n'a pas été étudiée. De plus, l'exploitation potentielle d'informations provenant du parallélisme des données potentiellement induit par la micro-architecture n'a pas été étudié pour les implémentations logicielles. Nous étudions ainsi la sécurité en pratique offerte par les schémas de masquage de premier ordre Booléen, arithmétique et produit scalaire contre les fuites induites par la micro-architecture, y compris le parallélisme des données. D'abord, nous montrons que le parallélisme de données se manifeste même sur de simples micro-architectures scalaires. Ensuite, nous étudions l'impact des fuites en transition et du parallélisme de données sur les valeurs masquées avec les schémas de masquage étudiés. Enfin, nous étudions l'impact de ces fuites sur des implémentations masquées du cryptosystème AES-128. Nous montrons qu'aucun des schémas de masquage étudiés n'apporte de protection parfaite face aux fuites micro-architecturales considérées, bien que leur résistance soit très hétérogène<br>Side-channels attacks are recognized as a threat for the confidentiality of data, in particular on embedded systems. The masking countermeasure constitutes a provably secure protection approach. Nonetheless, physical non-idealities reduce its proven security guarantees. In particular, in the software implementations, the Instruction Set Architecture (ISA) supported by a processor hides to the masking scheme designer one cause of such physical non-idealities: the micro-architecture. As such, the designer is not aware of the actual micro-architecture-induced side-channel sources and their security impact on a software implementation. Information can leak, for instance, during the state transition of hidden registers, or in the case signals of combinatorial elements exhibit different propagation times. Furthermore, speculative features and the memory subsystems can play a role in such information leakage. Several methodologies allow the mitigation of the impact of the micro-architecture on masked software implementations, but these approaches depend on the detailed knowledge of the micro-architecture, which implies several shortcomings: limited portability of the security guarantees between different micro-architectures, incomplete knowledge of the microarchitecture, complexity of the micro-architecture design. Thus, one might wonder whether there exist approaches less dependent on the underlying micro-architecture. With this thesis, we address, along two axes, the problem of developing practically secure masked software. The first axis targets the automated development of masked software resilient to transition-based leakages. We propose a methodology that takes advantage of optimizing compilers: given in input a software implementation, annotated with sensitive-data-related information, and a description of the target micro-architecture, we show how to exploit the instruction scheduling and register allocation tools to mitigate transition-based leakages in an automated manner. The second axis targets an architecture-independent approach. In literature, most of the works focuses on mitigating the impact of the micro-architecture on software implementations protected with the so-called Boolean masking scheme. Theoretical studies show the better resilience of alternative types masking schemes against transition-based leakages, suggesting their employment against micro-architectural leakage. Yet, their practical resilience has not been explored. Furthermore, the potential exploitation of the information leaked by data parallelism, potentially induced by the micro-architecture, has not been studied for software implementations. As such, we study the practical security offered by first-order Boolean, arithmetic and Inner-Product masking against micro-architecture-induced leakage, encompassing data parallelism as well. We first show that data parallelism can manifest also on simple scalar micro-architectures. Then, we evaluate the impact of transition-based leakage and data parallelism on values masked with the studied masking schemes. Eventually, we evaluate the impact of such information leakages on different masked implementations of the AES-128 cryptosystem. We show that, although their different leakage resilience, none of the studied masking schemes can perfectly mitigate the considered micro-architectural leakages
39
Lindqvist, Maria. "Dynamic Eviction Set Algorithms and Their Applicability to Cache Characterisation." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-420317.
Texto completoResumen
Eviction sets are groups of memory addresses that map to the same cache set. They can be used to perform efficient information-leaking attacks against the cache memory, so-called cache side channel attacks. In this project, two different algorithms that find such sets are implemented and compared. The second of the algorithms improves on the first by using a concept called group testing. It is also evaluated if these algorithms can be used to analyse or reverse engineer the cache characteristics, which is a new area of application for this type of algorithms. The results show that the optimised algorithm performs significantly better than the previous state-of-the-art algorithm. This means that countermeasures developed against this type of attacks need to be designed with the possibility of faster attacks in mind. The results also shows, as a proof-of-concept, that it is possible to use these algorithms to create a tool for cache analysis.
40
Battistello, Alberto. "On the security of embedded systems against physical attacks." Thesis, Université Paris-Saclay (ComUE), 2016. http://www.theses.fr/2016SACLV047/document.
Texto completoResumen
Le sujet de cette thèse est l'analyse de sécurité des implantations cryptographiques embarquées.La sécurité a toujours été un besoin primaire pour les communications stratégiques et diplomatiques dans l'histoire. Le rôle de la cryptologie a donc été de fournir les réponses aux problèmes de sécurité, et le recours à la cryptanalyse a souvent permis de récupérer le contenu des communications des adversaires.L'arrivée des ordinateurs a causé un profond changement des paradigmes de communication et aujourd'hui le besoin de sécuriser les communications ne s'étend qu’aux échanges commerciaux et économiques.La cryptologie moderne offre donc les solutions pour atteindre ces nouveaux objectifs de sécurité, mais ouvre la voie à des nouvelles attaques : c'est par exemple le cas des attaques par fautes et par canaux auxiliaires, qui représentent aujourd'hui les dangers plus importants pour les implantations embarquées.Cette thèse résume le travail de recherche réalisé ces trois dernières années dans le rôle d'ingénieur en sécurité au sein d'Oberthur Technologies. La plupart des résultats a été publiée sous forme d'articles de recherche [9,13-17] ou de brevets [1-6].Les objectifs de recherche en sécurité pour les entreprises du milieu de la sécurité embarqué sont doubles. L'ingénieur en sécurité doit montrer la capacité d'évaluer correctement la sécurité des algorithmes et de mettre en avant les possibles dangers futurs. Par ailleurs il est désirable de découvrir des nouvelles techniques de défense qui permettent d'obtenir un avantage sur les concurrents. C'est dans ce contexte que ce travail est présenté.Ce manuscrit est divisé en quatre chapitres principaux.Le premier chapitre présente une introduction aux outils mathématiques et formels nécessaires pour comprendre la suite. Des résultats et notions fondamentaux de la théorie de l'information, de la complexité, et des probabilités sont présentés, ainsi qu'une introduction à l'architecture des micro-ordinateurs.Le chapitre suivant présente la notion d'attaque par faute et des stratégies connues pour contrecarrer ce type d'attaques. Le corps du deuxième chapitre est ensuite dédié à notre travail sur le code infectif pour les algorithmes symétriques et asymétriques [15-17] ainsi que à notre travail sur les attaques par faute sur courbes elliptiques [13].Le troisième chapitre est dédié aux attaques par canaux auxiliaires, et présente une introduction aux résultats et à certaines attaques et contremesures classiques du domaine. Ensuite nos deux nouvelles attaques ciblant des contremesures considérées sécurisées sont présentées [9,14]. Dans ce troisième chapitre est enfin présentée notre nouvelle attaque combinée qui permet de casser des implémentations sécurisées à l'état de l'art.A la fin de ce manuscrit, le quatrième chapitre présente les conclusions de notre travail, ainsi que des perspectives pour des nouveaux sujets de recherche.Pendant nos investigations nous avons trouvé différentes contremesures qui permettent de contrecarrer certaines attaques.Ces contremesures ont été publiées sous la forme de brevets [1-6]. Dans certains cas les contremesures sont présentées avec l'attaque qu'elles contrecarrent<br>The subject of this thesis is the security analysis of cryptographic implementations. The need for secure communications has always been a primary need for diplomatic and strategic communications. Cryptography has always been used to answer this need and cryptanalysis have often been solicited to reveal the content of adversaries secret communications. The advent of the computer era caused a shift in the communication paradigms and nowadays the need for secure communications extends to most of commercial and economical exchanges. Modern cryptography provides solutions to achieve such new security goals but also open the way to a number of new threats. It is the case of fault and side-channel-attacks, which today represents the most dangerous threats for embedded cryptographic implementations. This thesis resumes the work of research done during the last years as a security engineer at Oberthur Technologies. Most of the results obtained have been published as research papers [9,13-17] or patents [1-6]. The security research goals of companies around the world working in the embedded domain are twofold. The security engineer has to demonstrate the ability to correctly evaluate the security of algorithms and to highlight possible threats that the product may incur during its lifetime. Furthermore it is desirable to discover new techniques that may provide advantages against competitors. It is in this context that we present our work.This manuscript is divided into four main chapters.The first chapter presents an introduction to various mathematical and computational aspects of cryptography and information theory. We also provide an introduction to the main aspects of the architecture of secure micro-controllers.Afterwards the second chapter introduces the notion of fault attacks and presents some known attack and countermeasure [15-17]. We then detail our work on asymmetric and symmetric infective fault countermeasures as long as on elliptic curves fault attacks [13].The third chapter discusses about side-channels, providing a brief introduction to the subject and to well-known side-channel attacks and countermeasures. We then present two new attacks on implementations that have been considered secure against side channels [9,14]. Afterwards we discuss our combined attack which breaks a state-of-the-art secure implementation [10].Finally, the fourth chapter concludes this works and presents some perspectives for further research.During our investigations we have also found many countermeasures that can be used to thwart attacks. These countermeasures have been mainly published in the form of patents [1-6]. Where possible some of them are presented along with the attack they are conceived to thwart
41
Gohil, Nikhil N. "Design of DPA-Resistant Integrated Circuits." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1516622822794541.
Texto completo
42
Karakoyunlu, Deniz. "Efficient Side-Channel Aware Elliptic Curve Cryptosystems over Prime Fields." Digital WPI, 2010. https://digitalcommons.wpi.edu/etd-dissertations/338.
Texto completoResumen
"Elliptic Curve Cryptosystems (ECCs) are utilized as an alternative to traditional public-key cryptosystems, and are more suitable for resource limited environments due to smaller parameter size. In this dissertation we carry out a thorough investigation of side-channel attack aware ECC implementations over finite fields of prime characteristic including the recently introduced Edwards formulation of elliptic curves, which have built-in resiliency against simple side-channel attacks. We implement Joye's highly regular add-always scalar multiplication algorithm both with the Weierstrass and Edwards formulation of elliptic curves. We also propose a technique to apply non-adjacent form (NAF) scalar multiplication algorithm with side-channel security using the Edwards formulation. Our results show that the Edwards formulation allows increased area-time performance with projective coordinates. However, the Weierstrass formulation with affine coordinates results in the simplest architecture, and therefore has the best area-time performance as long as an efficient modular divider is available."
43
Ordas, Sébastien. "Évaluation de méthodes faible consommation contre les attaques matérielles." Thesis, Montpellier, 2015. http://www.theses.fr/2015MONTS023/document.
Texto completoResumen
La consommation des circuits intégrés n'a cessé d'augmenter cette dernière décennie. Avec l'augmentation du prix de l'énergie et la démocratisation des systèmes embarqués, des méthodes permettant de gérer le compromis consommation performance, comme la gestion dynamique de la fréquence et de la tension d'alimentation ou encore du potentiel de substrat, ont été élaborées. Ces méthodes, qui sont de plus en plus couramment mises en œuvre dans les systèmes intégrés, permettent de diminuer la consommation de ceux-ci, et mieux de gérer le compromis consommation performance. Certains de ces circuits, embarquant ces méthodes peuvent avoir à effectuer des opérations traitant des informations confidentielles. Il est donc nécessaire de s'interroger sur l'éventuel impact de ces sur la sécurité des systèmes intégrés. Dans ce contexte, les travaux de thèse reportés dans le présent document, ont eu pour objectif d'analyser la compatibilité de ces méthodes de gestion de la consommation avec la conception de circuits robustes aux attaques matérielles. Plus particulièrement, l'objectif a été de déterminer si ces techniques de conception faible consommation, constituent des obstacles réels ou bien facilitent les attaques matérielles par observation et perturbation exploitant le canal électromagnétique. Dans un premier temps, une étude sur l'efficacité des attaques par observation en présence de gestion aléatoire de la tension, de la fréquence et de la polarisation de substrat a été conduite. Dans un deuxième temps, l'impact de la gestion dynamique des tensions d'alimentation et de substrat sur la capacité à injecter des fautes par médium électromagnétique a été étudié. Ce document présente l'ensemble des résultats de ces analyses.Mots-clés : Attaques Matérielles, Attaques par Canaux Auxiliaires, Attaques par fautes, Canal électromagnétique, DVFS, Body-Biasing<br>The consumption of integrated circuits has been increasing over the last decade. With the increase of energy prices and the democratization of embedded systems, methods to manage the consumption performance compromise, such as the dynamic management of the frequency and the supply voltage or the substrate potential, were developed. These methods, which are becoming more commonly implemented in integrated systems, allow to reduce the consumption of those latter, and to better manage the tradeoff between consumption and performance.Some of these circuits, embedding these methods, may have to perform some operations with confidential information. It is therefore necessary to consider the possible impact of these methods on the safety of the integrated systems. In this context, the work reported in this thesis aimed to analyze the compatibility of these methods of power management with the design of robust circuits to physical attacks.Specifically, the objective was to determine whether these low-power techniques constitute real obstacles or facilitate the attacks by observation or perturbation exploiting the electromagnetic channel. Initially, a study on the effectiveness of attacks by observation in the presence of random management of voltage, frequency and substrate polarization was done. Secondly, the impact of the dynamic management of supply voltages and substrate polarization on the ability to inject faults by electromagnetic medium was studied. This document presents the overall results of these analyzes. Keyword : Hardware Attacks, Side Channel Attacks, Faults Attacks, Electromagnetic canal, DVFS, Body-biasing
44
Green, Marc. "Implicit Cache Lockdown on ARM: An Accidental Countermeasure to Cache-Timing Attacks." Digital WPI, 2017. https://digitalcommons.wpi.edu/etd-theses/119.
Texto completoResumen
As Moore`s law continues to reduce the cost of computation at an exponential rate, embedded computing capabilities spread to ever-expanding application scenarios, such as smartphones, the Internet of Things, and automation, among many others. This trend has naturally caused the underlying technology to evolve and has introduced increasingly complex microarchitectures into embedded processors in attempts to optimize for performance. While other microarchitectures, like those used in personal computers, have been extensively studied, there has been relatively less research done on embedded microarchitectures. This is especially true in terms of their security, which is growing more important as widespread adoption increases.
This thesis explores an undocumented cache behavior found in ARM Cortex processors that we call implicit cache lockdown. While it was presumably implemented for performance reasons, it has a large impact on the recently popular class of cybersecurity attacks that utilize cache-timing side-channels. These attacks leverage the underlying hardware, specifically, the small timing differences between algorithm executions due to CPU caches, to glean sensitive information from a victim process.
Since the affected processors are found in an overwhelming majority of smart phones, this sensitive information can include cryptographic secrets, credit card information, and passwords. As the name implies, implicit cache lockdown limits the ability for an attacker to evict certain data from a CPU`s cache. Since this is precisely what known cache-timing attacks rely on, they are rendered ineffective in their current form. This thesis analyzes implicit cache lockdown in great detail, including the methodology we used to discover it, its implications on all existing cache-timing attacks, and how it can be circumvented by an attacker.
45
Shvartsman, Phillip. "Side-Channel-Attack Resistant AES Design Based on Finite Field Construction Variation." The Ohio State University, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=osu1555438117106036.
Texto completo
46
RAMMOHAN, SRIVIDHYA. "REDUCED COMPLEMENTARY DYNAMIC AND DIFFERENTIAL CMOS LOGIC: A DESIGN METHODOLOGY FOR DPA RESISTANT CRYPTOGRAPHIC CIRCUITS." University of Cincinnati / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1179459225.
Texto completo
47
Shahverdi, Aria. "Lightweight Cryptography Meets Threshold Implementation: A Case Study for SIMON." Digital WPI, 2015. https://digitalcommons.wpi.edu/etd-theses/985.
Texto completoResumen
"Securing data transmission has always been a challenge. While many cryptographic algorithms are available to solve the problem, many applications have tough area constraints while requiring high-level security. Lightweight cryptography aims at achieving high-level security with the benefit of being low cost. Since the late nineties and with the discovery of side channel attacks the approach towards cryptography has changed quite significantly. An attacker who can get close to a device can extract sensitive data by monitoring side channels such as power consumption, sound, or electromagnetic emanation. This means that embedded implementations of cryptographic schemes require protection against such attacks to achieve the desired level of security. In this work we combine a low-cost embedded cipher, Simon, with a stateof-the-art side channel countermeasure called Threshold Implementation (TI). We show that TI is a great match for lightweight cryptographic ciphers, especially for hardware implementation. Our implementation is the smallest TI of a block-cipher on an FPGA. This implementation utilizes 96 slices of a low-cost Spartan-3 FPGA and 55 slices a modern Kintex-7 FPGA. Moreover, we present a higher order TI which is resistant against second order attacks. This implementation utilizes 163 slices of a Spartan-3 FPGA and 95 slices of a Kintex-7 FPGA. We also present a state of the art leakage analysis and, by applying it to the designs, show that the implementations achieve the expected security. The implementations even feature a significant robustness to higher order attacks, where several million observations are needed to detect leakage."
48
Chen, Cong. "Side Channel Leakage Exploitation, Mitigation and Detection of Emerging Cryptosystems." Digital WPI, 2018. https://digitalcommons.wpi.edu/etd-dissertations/472.
Texto completoResumen
With the emerging computing technologies and applications in the past decades, cryptography is facing tremendous challenges in its position of guarding our digital world.
The advent of quantum computers is potentially going to cease the dominance of RSA and other public key algorithms based on hard problems of factorization and discrete logarithm. In order to protect the Internet at post-quantum era, great efforts have been dedicated to the design of RSA substitutions. One of them is code- based McEliece public key schemes which are immune to quantum attacks.
Meanwhile, new infrastructures like Internet of Things are bringing the world enormous benefits but, due to the resource-constrained nature, require compact and still reliable cryptographic solutions. Motivated by this, many lightweight cryptographic algorithms are introduced.
Nevertheless, side channel attack is still a practical threat for implementations of these new algorithms if no countermeasures are employed. In the past decades two major categories of side channel countermeasures, namely masking and hiding, have been studied to mitigate the threat of such attacks. As a masking countermeasure, Threshold Implementation becomes popular in recent years. It is sound in providing provable side channel resistance for hardware-based cryptosystems but meanwhile it also incurs significant overheads which need further optimization for constrained applications. Masking, especially for higher order masking schemes, requires low signal-to-noise ratio to be effective which can be achieved by applying hiding countermeasures.
In order to evaluate side channel resistance of countermeasures, several tools have been introduced. Due to its simplicity, TVLA is being accepted by academy and industry as a one-size-fit-all leakage detection methodolgy that can be used by non-experts. However, its effectiveness can be negatively impacted by environmental factors such as temperature variations. Thus, a robust and simple evaluation method is desired.
In this dissertation, we first show how differential power analysis can efficiently exploit the power consumption of a McEliece implementation to recover the private key.
Then, we apply Threshold Implementation scheme in order to protect from the proposed attack. This is, to the best of our knowledge, the first time of applying Threshold Implementation in a public key cryptosystem.
Next, we investigate the reduction of shares in Threshold Implementation so as to bring down its overhead for constrained applications. Our study shows that Threshold Implementation using only two shares reduces the overheads while still provides reliable first-order resistance but in the meantime it also leaks a strong second-order leakage.
We also propose a hiding countermeasure, namely balanced encoding scheme based on the idea of Dual- Rail Pre-charge logic style in hardwares. We show that it is effective to mitigate the leakage and can be combined with masking schemes to achieve better resistance.
Finally, we study paired t-test versus Welch's t-test in the original TVLA and show its robustness against environmental noises. We also found that using moving average in computing t statistics can detect higher-order leakage faster.
49
Cherisey, Eloi de. "Towards a better formalisation of the side-channel threat." Thesis, Université Paris-Saclay (ComUE), 2018. http://www.theses.fr/2018SACLT016/document.
Texto completoResumen
Dans le cadre de la sécurité des systèmes embarqués, il est nécessaire de connaître les attaques logicielles et physiques pouvant briser la sécurité de composants cryptographiques garantissant l’intégrité, la fiabilité et la confidentialité des données. Etant donné que les algorithmes utilisés aujourd’hui comme Advanced Encryption Standard (AES) sont considérés comme résistants contre la cryptanalyse linéaire et différentielle, d’autres méthodes plus insidieuses sont utilisées pour récupérer les secrets de ces composants. En effet, la clé secrète utilisée pour le chiffrement de données peut fuiter pendant l’algorithme. Il est ainsi possible de mesurer cette fuite et de l’exploiter. Cette technique est appelée attaque par canal auxiliaire.Le principal objectif de ce manuscrit de thèse est de consolider les connaissances théoriques sur ce type de menace. Pour cela, nous appliquons des résultats de théorie de l’information à l’ étude par canal auxiliaire. Nous montrons ainsi comment il est possible de comparer un modèle de fuite par canal auxiliaire à un modèle de transmission de l’information. Dans un premier temps, nous montrons que la sécurité d’un composant est fortement dépendante du rapport signal à bruit de la fuite. Ce résultat a un impact fort car il ne dépend pas de l’attaque choisie. Lorsqu’un designer équipe son produit, il ne connaît pas encore la manière dont son système embarqué pourra être attaque plusieurs années plus tard. Les outils mathématiques proposés dans ce manuscrit pourront aider les concepteurs à estimer le niveau de fiabilité de leurs puces électroniques<br>In the field of the security of the embeded systems, it is necessary to know and understandthe possible physical attacks that could break the security of cryptographic components. Sincethe current algorithms such as Advanced Encryption Standard (AES) are very resilient agaisntdifferential and linear cryptanalysis, other methods are used to recover the secrets of thesecomponents. Indeed, the secret key used to encrypt data leaks during the computation of thealgorithm, and it is possible to measure this leakage and exploit it. This technique to recoverthe secret key is called side-channel analysis.The main target of this Ph. D. manuscript is to increase and consolidate the knowledge onthe side-channel threat. To do so, we apply some information theoretic results to side-channelanalysis. The main objective is show how a side-channel leaking model can be seen as acommunication channel.We first show that the security of a chip is dependant to the signal-to-noise ratio (SNR) ofthe leakage. This result is very usefull since it is a genereic result independant from the attack.When a designer builds a chip, he might not be able to know in advance how his embededsystem will be attacked, maybe several years later. The tools that we provide in this manuscriptwill help designers to estimated the level of fiability of their chips
50
Chen, Guoxing. "Exploitable Hardware Features and Vulnerabilities Enhanced Side-Channel Attacks on Intel SGX and Their Countermeasures." The Ohio State University, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=osu1554949268465917.
Texto completo