1,605 research outputs found
Side-channel based intrusion detection for industrial control systems
Industrial Control Systems are under increased scrutiny. Their security is
historically sub-par, and although measures are being taken by the
manufacturers to remedy this, the large installed base of legacy systems cannot
easily be updated with state-of-the-art security measures. We propose a system
that uses electromagnetic side-channel measurements to detect behavioural
changes of the software running on industrial control systems. To demonstrate
the feasibility of this method, we show it is possible to profile and
distinguish between even small changes in programs on Siemens S7-317 PLCs,
using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see
https://polvanaubel.com/research/em-ics/code
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
Test Vector Leakage Assessment Development
Devices with a lack of countermeasures, which are defenses put into place to thwart an assailant, can be subject to physical attacks. These attacks can lead to the extraction of sensitive information such as keys that are used in cryptographic operations to secure for example intellectual property. Test Vector Leakage Assessment (TVLA) aims at being able to provide detection of information leakage using statistical analysis. This work presents multiple implementations of TVLA that aid in the testing of these systems and countermeasures, which is crucial in keeping information secure
SoK: Design Tools for Side-Channel-Aware Implementations
Side-channel attacks that leak sensitive information through a computing
device's interaction with its physical environment have proven to be a severe
threat to devices' security, particularly when adversaries have unfettered
physical access to the device. Traditional approaches for leakage detection
measure the physical properties of the device. Hence, they cannot be used
during the design process and fail to provide root cause analysis. An
alternative approach that is gaining traction is to automate leakage detection
by modeling the device. The demand to understand the scope, benefits, and
limitations of the proposed tools intensifies with the increase in the number
of proposals.
In this SoK, we classify approaches to automated leakage detection based on
the model's source of truth. We classify the existing tools on two main
parameters: whether the model includes measurements from a concrete device and
the abstraction level of the device specification used for constructing the
model. We survey the proposed tools to determine the current knowledge level
across the domain and identify open problems. In particular, we highlight the
absence of evaluation methodologies and metrics that would compare proposals'
effectiveness from across the domain. We believe that our results help
practitioners who want to use automated leakage detection and researchers
interested in advancing the knowledge and improving automated leakage
detection
Security Analysis of Phasor Measurement Units in Smart Grid Communication Infrastructures
Phasor Measurement Units (PMUs), or synchrophasors, are rapidly being deployed in the smart grid with the goal of measuring phasor quantities concurrently from wide area distribution substations. By utilizing GPS receivers, PMUs can take a wide area snapshot of power systems. Thus, the possibility of blackouts in the smart grid, the next generation power grid, will be reduced. As the main enabler of Wide Area Measurement Systems (WAMS), PMUs transmit measured values to Phasor Data Concentrators (PDCs) by the synchrophasor standard IEEE C37.118. IEC 61850 and IEC 62351 are the communication protocols for the substation automation system and the security standard for the communication protocol of IEC 61850, respectively. According to the aforementioned communication and security protocols, as well as the implementation constraints of different platforms, HMAC-SHA1 was suggested by the TC 57 WG group in October 2009. The hash-based Message Authentication Code (MAC) is an algorithm for verifying both message integrity and authentication by using an iterative hash function and a supplied secret key. There are a variety of security attacks on the PMU communications infrastructure. Timing Side Channel Attack (SCA) is one of these possible attacks. In this thesis, timing side channel vulnerability against execution time of the HMAC-SHA1 authentication algorithm is studied. Both linear and negative binomial regression are used to model some security features of the stored key, e.g., its length and Hamming weight. The goal is to reveal secret-related information based on leakage models. The results would mitigate the cryptanalysis process of an attacker.
Adviser: Yi Qia
- …