Biblio

Filters: Author is Nikov, Ventzislav  [Clear All Filters]
2022-03-22
Medwed, Marcel, Nikov, Ventzislav, Renes, Joost, Schneider, Tobias, Veshchikov, Nikita.  2021.  Cyber Resilience for Self-Monitoring IoT Devices. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :160—167.
Modern embedded IoT devices are an attractive target for cyber attacks. For example, they can be used to disable entire factories and ask for ransom. Recovery of compromised devices is not an easy task, because malware can subvert the original software and make itself persistent. In addition, many embedded devices do not implement remote recovery procedures and, therefore, require manual intervention.Recent proposals from NIST and TCG define concepts and building blocks for cyber resilience: protection, detection and recovery. In this paper, we describe a system which allows implementing cyber resilient IoT devices that can be recovered remotely and timely. The proposed architecture consists of trusted data monitoring, local and remote attack detection, and enforced connections to remote services as building blocks for attack detection and recovery. Further, hardware- and software-based implementations of such a system are presented.
2017-07-24
De Cnudde, Thomas, Reparaz, Oscar, Bilgin, Begül, Nikova, Svetla, Nikov, Ventzislav, Rijmen, Vincent.  2016.  Masking AES With D+1 Shares in Hardware. Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. :43–43.

Masking requires splitting sensitive variables into at least d+1 shares to provide security against DPA attacks at order d. To this date, this minimal number has only been deployed in software implementations of cryptographic algorithms and in the linear parts of their hardware counterparts. So far there is no hardware construction that achieves this lower bound if the function is nonlinear and the underlying logic gates can glitch. In this paper, we give practical implementations of the AES using d+1 shares aiming at first- and second-order security even in the presence of glitches. To achieve this, we follow the conditions presented by Reparaz et al. at CRYPTO 2015 to allow hardware masking schemes, like Threshold Implementations, to provide theoretical higher-order security with d+1 shares. The decrease in number of shares has a direct impact in the area requirements: our second-order DPA resistant core is the smallest in area so far, and its S-box is 50% smaller than the current smallest Threshold Implementation of the AES S-box with similar security and attacker model. We assess the security of our masked cores by practical side-channel evaluations. The security guarantees are met with 100 million traces.