Biblio

The NIST standardization process for post-quantum cryptography has been drawing the attention of researchers to the submitted candidates. One direction of research consists in implementing those candidates on embedded systems and that exposes them to physical attacks in return. The Classic McEliece cryptosystem, which is among the four finalists of round 3 in the Key Encapsulation Mechanism category, builds its security on the hardness of the syndrome decoding problem, which is a classic hard problem in code-based cryptography. This cryptosystem was recently targeted by a laser fault injection attack leading to message recovery. Regrettably, the attack setting is very restrictive and it does not tolerate any error in the faulty syndrome. Moreover, it depends on the very strong attacker model of laser fault injection, and does not apply to optimised implementations of the algorithm that make optimal usage of the machine words capacity. In this article, we propose a to change the angle and perform a message-recovery attack that relies on side-channel information only. We improve on the previously published work in several key aspects. First, we show that side-channel information, obtained with power consumption analysis, is sufficient to obtain an integer syndrome, as required by the attack framework. This is done by leveraging classic machine learning techniques that recover the Hamming weight information very accurately. Second, we put forward a computationally-efficient method, based on a simple dot product and information-set decoding algorithms, to recover the message from the, possibly inaccurate, recovered integer syndrome. Finally, we present a masking countermeasure against the proposed attack.

With the development of the Internet of Things (IoT), the demand for lightweight cipher came into being. At the same time, the security of lightweight cipher has attracted more and more attention. FESH algorithm is a lightweight cipher proposed in 2019. Relevant studies have proved that it has strong ability to resist differential attack and linear attack, but its research on resisting side-channel attack is still blank. In this paper, we first introduce a correlation power analysis for FESH algorithm and prove its effectiveness by experiments. Then we propose a mask scheme for FESH algorithm, and prove the security of the mask. According to the experimental results, protected FESH only costs 8.6%, 72.3%, 16.7% of extra time, code and RAM.

A tamper-resistant logical operation method based on integrated nanophotonics is proposed focusing on electromagnetic side-channel attacks. In the proposed method, only the phase of each optical signal is modulated depending on its logical state, which keeps the power of optical signals in optical logic circuits constant. This provides logic-gate-level tamper resistance which is difficult to achieve with CMOS circuits. An optical implementation method based on electronically-controlled phase shifters is then proposed. The electrical part of proposed circuits achieves 300 times less instantaneous current change, which is proportional to intensity of the leaked electromagnetic wave, than a CMOS logic gate.

Attacks on mobile devices have gained a significant amount of attention lately. This is because more and more individuals are switching to smartphones from traditional non-smartphones. Therefore, attackers or cybercriminals are now getting on the bandwagon to have an opportunity at obtaining information stored on smartphones. In this paper, we present an Android mobile application that will aid to minimize data exfiltration from attacks, such as, Acoustic Side-Channel Attack, Clipboard Jacking, Permission Misuse and Malicious Apps. This paper will commence its inception with an introduction explaining the current issues in general and how attacks such as side-channel attacks and clipboard jacking paved the way for data exfiltration. We will also discuss a few already existing solutions that try to mitigate these problems. Moving on to the methodology we will emphasize how we came about the solution and what methods we followed to achieve the end goal of securing the smartphone. In the final section, we will discuss the outcomes of the project and conclude what needs to be done in the future to enhance this project so that this mobile application will continue to keep the user's data safe from the criminals' grasps.

Using the physical characteristics of the encryption device, an attacker can more easily obtain the key, which is called side-channel attack. Common side-channel attacks, such as simple power analysis (SPA) and differential power analysis (DPA), mainly focus on the statistical analysis of the data involved in the encryption algorithm, while there are relatively few studies on the Hamming weight of the addresses. Therefore, a new method of address-based Hamming weight analysis, address collision attack, is proposed in this research. The collision attack method (CA) and support vector machines algorithm (SVM) are used for analysis, meanwhile, the scalar multiplication implemented by protected address-bit DPA (ADPA) can be attack on the ChipWhisperer-Pro CW1200.

Advances in technology have led not only to increased security and privacy but also to new channels of information leakage. New leak channels have resulted in the emergence of increased relevance of various types of attacks. One such attacks are Side-Channel Attacks, i.e. attacks aimed to find vulnerabilities in the practical component of the algorithm. However, with the development of these types of attacks, methods of protection against them have also appeared. One of such methods is White-Box Cryptography.

Hardware security is a critical concern in design and fabrication of integrated circuits (ICs). Contemporary hardware threats comprise tens of advance invasive and non-invasive attacks for compromising security of modern ICs. Numerous attack-specific countermeasures against the individual threats have been proposed, trading power, area, speed, and design complexity of a system for security. These typical overheads combined with strict performance requirements in advanced technology nodes and high complexity of modern ICs often make the codesign of multiple countermeasures impractical. In this paper, on-chip distribution networks are exploited for detecting those hardware security threats that require non-invasive, yet physical interaction with an operating device-under-attack (e.g., measuring equipment for collecting sensitive information in side-channel attacks). With the proposed approach, the effect of the malicious physical interference with the device-under-attack is captured in the form of on-chip voltage variations and utilized for detecting malicious activity in the compromised device. A machine learning (ML) security IC is trained to predict system security based on sensed variations of signals within on-chip distribution networks. The trained ML ICs are distributed on-chip, yielding a robust and high-confidence security network on-chip. To halt an active attack, a variety of desired counteractions can be executed in a cost-effective manner upon the attack detection. The applicability and effectiveness of these security networks is demonstrated in this paper with respect to power, timing, and electromagnetic analysis attacks.

Speculative execution is an essential performance enhancing technique in modern processors, but it has been shown to be insecure. In this paper, we propose SpectreGuard, a novel defense mechanism against Spectre attacks. In our approach, sensitive memory blocks (e.g., secret keys) are marked using simple OS/library API, which are then selectively protected by hardware from Spectre attacks via low-cost micro-architecture extension. This technique allows microprocessors to maintain high performance, while restoring the control to software developers to make security and performance trade-offs.

Big data which is collected by IoT devices is utilized in various businesses. For security and privacy, some data must be encrypted. IoT devices for encryption require not only to tamper resistance but also low latency and low power. PRINCE is one of the lowest latency cryptography. A glitch canceller reduces power consumption, although it affects tamper resistance. Therefore, this study evaluates the tamper resistance of dedicated hardware with glitch canceller for PRINCE by statistical power analysis and T-test. The evaluation experiments in this study performed on field-programmable gate array (FPGA), and the results revealed the vulnerability of dedicated hardware implementation with glitch canceller.

In industrial internet of things, various devices are connected to external internet. For the connected devices, the authentication is very important in the viewpoint of security; therefore, physical unclonable functions (PUFs) have attracted attention as authentication techniques. On the other hand, the risk of modeling attacks on PUFs, which clone the function of PUFs mathematically, is pointed out. Therefore, a resistant-PUF such as a lightweight PUF has been proposed. However, new analytical methods (side-channel attacks: SCAs), which use side-channel information such as power or electromagnetic waves, have been proposed. The countermeasure method has also been proposed; however, an evaluation using actual devices has not been studied. Since PUFs use small production variations, the implementation evaluation is very important. Therefore, this study proposes a SCA countermeasure of the lightweight PUF. The proposed method is based on the previous studies, and maintains power consumption consistency during the generation of response. In experiments using a field programmable gate array, the measured power consumption was constant regardless of output values of the PUF could be confirmed. Then, experimental results showed that the predicted rate of the response was about 50 %, and the proposed method had a tamper resistance against SCAs.

Protection of secured data content in volatile memories (processor caches, embedded RAMs etc) is essential in networking, wireless, automotive and other embedded secure applications. It is utmost important to protect secret data, like authentication credentials, cryptographic keys etc., stored over volatile memories which can be hacked during normal device operations. Several security attacks like cold boot, disclosure attack, data remanence, physical attack, cache attack etc. can extract the cryptographic keys or secure data from volatile memories of the system. The content protection of memory is typically done by assuring data deletion in minimum possible time to minimize data remanence effects. In today's state-of-the-art SoCs, dedicated hardwares are used to functionally erase the private memory contents in case of security violations. This paper, in general, proposes a novel approach of using existing memory built-in-self-test (MBIST) hardware to zeroize (initialize memory to all zeros) on-chip memory contents before it is being hacked either through different side channels or secuirty attacks. Our results show that the proposed MBIST based content zeroization approach is substantially faster than conventional techniques. By adopting the proposed approach, functional hardware requirement for memory zeroization can be waived.

This paper shows that stochastic heuristic approach for implicitly solving addition chain problem (ACP) in public-key cryptosystem (PKC) enhances the efficiency of the PKC and improves the security by blinding the multiplications/squaring operations involved against side-channel attack (SCA). We show that while the current practical heuristic approaches being deterministic expose the fixed pattern of the operations, using stochastic method blinds the pattern by being unpredictable and generating diffident pattern of operation for the same exponent at a different time. Thus, if the addition chain (AC) is generated implicitly every time the exponentiation operation is being made, needless for such approaches as padding by insertion of dummy operations and the operation is still totally secured against the SCA. Furthermore, we also show that the stochastic approaches, when carefully designed, further reduces the length of the operation than state-of-the-art practical methods for improving the efficiency. We demonstrated our investigation by implementing RSA cryptosystem using the stochastic approach and the results benchmarked with the existing current methods.

The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.

Electromagnetic (EM) analysis is to reveal the secret information by analyzing the EM emission from a cryptographic device. EM analysis (EMA) attack is emerging as a serious threat to hardware security. It has been noted that the on-chip power grid (PG) has a security implication on EMA attack by affecting the fluctuations of supply current. However, there is little study on exploiting this intrinsic property as an active countermeasure against EMA. In this paper, we investigate the effect of PG on EM emission and propose an active countermeasure against EMA, i.e. EM Equalizer (EME). By adjusting the PG impedance, the current waveform can be flattened, equalizing the EM profile. Therefore, the correlation between secret data and EM emission is significantly reduced. As a first attempt to the co-optimization for power and EM security, we extend the EME method by fixing the vulnerability of power analysis. To verify the EME method, several cryptographic designs are implemented. The measurement to disclose (MTD) is improved by 1138x with area and power overheads of 0.62% and 1.36%, respectively.

The security of current key exchange protocols such as Diffie-Hellman key exchange is based on the hardness of number theoretic problems. However, these key exchange protocols are threatened by weak random number generators, advances to CPU power, a new attack from the eavesdropper, and the emergence of a quantum computer. Quantum Key Distribution (QKD) addresses these challenges by using quantum properties to exchange a secret key without the risk of being intercepted. Recent developments on the QKD system resulted in a stable key generation with fewer errors so that the QKD system is rapidly becoming a solid commercial proposition. However, although the security of the QKD system is guaranteed by quantum physics, its careless implementation could make the system vulnerable. In this paper, we proposed the first side-channel attack on plug-and-play QKD system. Through a single electromagnetic trace obtained from the phase modulator on Alice's side, we were able to classify the electromagnetic trace into four classes, which corresponds to the number of bit and basis combination in the BB84 protocol. We concluded that the plug-and-play QKD system is vulnerable to side-channel attack so that the countermeasure must be considered.

Scan design is a universal design for test (DFT) technology to increase the observability and controllability of the circuits under test by using scan chains. However, it also leads to a potential security problem that attackers can use scan design as a backdoor to extract confidential information. Researchers have tried to address this problem by using secure scan structures that usually have some keys to confirm the identities of users. However, the traditional methods to store intermediate data or keys in memory are also under high risk of being attacked. In this paper, we propose a dynamic-key secure DFT structure that can defend scan-based and memory attacks without decreasing the system performance and the testability. The main idea is to build a scan design key generator that can generate the keys dynamically instead of storing and using keys in the circuit statically. Only specific patterns derived from the original test patterns are valid to construct the keys and hence the attackers cannot shift in any other patterns to extract correct internal response from the scan chains or retrieve the keys from memory. Analysis results show that the proposed method can achieve a very high security level and the security level will not decrease no matter how many guess rounds the attackers have tried due to the dynamic nature of our method.

Virtualization offers the possibility of hosting services of multiple customers on shared hardware. When more than one Virtual Machine (VM) run on the same host, memory deduplication can save physical memory by merging identical pages of the VMs. However, this comes at the cost of leaking information between VMs. Based on that, we propose a novel timing-based side-channel attack that allows to identify software versions running in co-resident VMs or on the host. Our attack tests for the existence of memory pages in co-resident VMs that are unique among all versions of the respective software. Our evaluation results indicate that with few repetitions of our attack we can precisely identify software versions within reasonable time frames.

Hardware Trojan (HT) is one of the well known hardware security issue in research community in last one decade. HT research is mainly focused on HT detection, HT defense and designing novel HT's. HT's are inserted by an adversary for leaking secret data, denial of service attacks etc. Trojan benchmark circuits for processors, cryptography and communication protocols from Trust-hub are widely used in HT research. And power analysis based side channel attacks and designing countermeasures against side channel attacks is a well established research area. Trust-Hub provides a power based side-channel attack promoting Advanced Encryption Standard (AES) HT benchmarks for research. In this work, we analyze the strength of AES HT benchmarks in the presence well known side-channel attack countermeasures. Masking, Random delay insertion and tweaking the operating frequency of clock used in sensitive operations are applied on AES benchmarks. Simulation and power profiling studies confirm that side-channel promoting HT benchmarks are resilient against these selected countermeasures and even in the presence of these countermeasures; an adversary can get the sensitive data by triggering the HT.

Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary's physical proximity to the victim, (ii) precise profiling of the victim's typing style and keyboard, and/or (iii) significant amount of victim's typed information (and its corresponding sounds) available to the adversary. This paper presents and explores a new keyboard acoustic eavesdropping attack that involves Voice-over-IP (VoIP), called Skype & Type (S&T), while avoiding prior strong adversary assumptions. This work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. As expected, VoIP software acquires and faithfully transmits all sounds, including emanations of pressed keystrokes, which can include passwords and other sensitive information. We show that one very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input – keystrokes typed on the remote keyboard. Our results demonstrate that, given some knowledge on the victim's typing style and keyboard model, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim. Furthermore, we demonstrate that S&T is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack. Finally, it applies to other popular VoIP software, such as Google Hangouts.

Side-channel collision attacks have been one of the most powerful attack techniques, combining advantages of traditional side-channel attack and mathematical cryptanalysis. In this paper, we propose a novel multiple-bits side-channel collision attack based on double distance voting detection, which can find all 120 relations among 16 key bytes with only 32 averaged power traces when applied to AES (Advanced Encryption Standard) algorithm. Practical attack experiments are performed successfully on a hardware implementation of AES on FPGA board. Results show that the necessary number of traces for our method is about 50% less than correlation-enhanced collision attack and 76% less than binary voting test with 90% success rate.

Additive manufacturing, also known as 3D printing, has been increasingly applied to fabricate highly intellectual property (IP) sensitive products. However, the related IP protection issues in 3D printers are still largely underexplored. On the other hand, smartphones are equipped with rich onboard sensors and have been applied to pervasive mobile surveillance in many applications. These facts raise one critical question: is it possible that smartphones access the side-channel signals of 3D printer and then hack the IP information? To answer this, we perform an end-to-end study on exploring smartphone-based side-channel attacks against 3D printers. Specifically, we formulate the problem of the IP side-channel attack in 3D printing. Then, we investigate the possible acoustic and magnetic side-channel attacks using the smartphone built-in sensors. Moreover, we explore a magnetic-enhanced side-channel attack model to accurately deduce the vital directional operations of 3D printer. Experimental results show that by exploiting the side-channel signals collected by smartphones, we can successfully reconstruct the physical prints and their G-code with Mean Tendency Error of 5.87% on regular designs and 9.67% on complex designs, respectively. Our study demonstrates this new and practical smartphone-based side channel attack on compromising IP information during 3D printing.

The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks. In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97% of 2,500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95% of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ\_HISTORY\_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.

Physical perturbations are performed against embedded systems that can contain valuable data. Such devices and in particular smart cards are targeted because potential attackers hold them. The embedded system security must hold against intentional hardware failures that can result in software errors. In a malicious purpose, an attacker could exploit such errors to find out secret data or disrupt a transaction. Simulation techniques help to point out fault injection vulnerabilities and come at an early stage in the development process. This paper proposes a generic fault injection simulation tool that has the particularity to embed the injection mechanism into the smart card source code. By its embedded nature, the Embedded Fault Simulator (EFS) allows us to perform fault injection simulations and side-channel analyses simultaneously. It makes it possible to achieve combined attacks, multiple fault attacks and to perform backward analyses. We appraise our approach on real, modern and complex smart card systems under data and control flow fault models. We illustrate the EFS capacities by performing a practical combined attack on an Advanced Encryption Standard (AES) implementation.

The advanced encryption standard (AES) has been sufficiently studied to confirm that its decryption is computationally impossible. However, its vulnerability against fault analysis attacks has been pointed out in recent years. To verify the vulnerability of electronic devices in the future, into which cryptographic circuits have been incorporated, fault Analysis attacks must be thoroughly studied. The present study proposes a new fault analysis attack method which utilizes the tendency of an operation error due to a glitch. The present study also verifies the validity of the proposed method by performing evaluation experiments using FPGA.