Visible to the public Biblio

Filters: Author is Schneider, Tobias  [Clear All Filters]
2022-03-22
Medwed, Marcel, Nikov, Ventzislav, Renes, Joost, Schneider, Tobias, Veshchikov, Nikita.  2021.  Cyber Resilience for Self-Monitoring IoT Devices. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :160—167.
Modern embedded IoT devices are an attractive target for cyber attacks. For example, they can be used to disable entire factories and ask for ransom. Recovery of compromised devices is not an easy task, because malware can subvert the original software and make itself persistent. In addition, many embedded devices do not implement remote recovery procedures and, therefore, require manual intervention.Recent proposals from NIST and TCG define concepts and building blocks for cyber resilience: protection, detection and recovery. In this paper, we describe a system which allows implementing cyber resilient IoT devices that can be recovered remotely and timely. The proposed architecture consists of trusted data monitoring, local and remote attack detection, and enforced connections to remote services as building blocks for attack detection and recovery. Further, hardware- and software-based implementations of such a system are presented.
2017-09-15
Schneider, Tobias, Moradi, Amir, Güneysu, Tim.  2016.  ParTI: Towards Combined Hardware Countermeasures Against Side-Channeland Fault-Injection Attacks. Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. :39–39.

Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Protecting cryptographic implementations with suitable countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects. In this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 4.3%.