1,239 research outputs found
Attacking AES-Masking Encryption Device with Correlation Power Analysis
Modern communication system use cryptography algorithm to ensure data still confidentiality, integrity, and authentic. There is a new vulnerability in a cryptographic algorithm when implemented on a hardware device. This vulnerability is considered capable of uncovering a secret key used in a cryptographic algorithm. This technique is known as a power analysis attack. Previous and other research introduces countermeasure to countering this new vulnerability. Some researchers suggest using logic level with encoding the AES. The countermeasure using logic is meager cost and efficient. The contribution of this paper is to analyze CPA on encryption device that has been given logic level countermeasure. Our finding of this paper is the use of encoding with one-hot masking technique does not provide the maximum countermeasure effect against CPA-based attacks. In this research, CPA attack can be successfully revealing the AES secret-ke
Systematic Literature Review of EM-SCA Attacks on Encryption
Cryptography is vital for data security, but cryptographic algorithms can
still be vulnerable to side-channel attacks (SCAs), physical assaults
exploiting power consumption and EM radiation. SCAs pose a significant threat
to cryptographic integrity, compromising device keys. While literature on SCAs
focuses on real-world devices, the rise of sophisticated devices necessitates
fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers
information by monitoring EM radiation, capable of retrieving encryption keys
and detecting malicious activity. This study evaluates EM-SCA's impact on
encryption across scenarios and explores its role in digital forensics and law
enforcement. Addressing encryption susceptibility to EM-SCA can empower
forensic investigators in overcoming encryption challenges, maintaining their
crucial role in law enforcement. Additionally, the paper defines EM-SCA's
current state in attacking encryption, highlighting vulnerable and resistant
encryption algorithms and devices, and promising EM-SCA approaches. This study
offers a comprehensive analysis of EM-SCA in law enforcement and digital
forensics, suggesting avenues for further research
You cannot hide behind the mask : power analysis on a provably secure S-box implementation
Power analysis has shown to be successful in breaking symmetric cryptographic algorithms implemented on low resource devices. Prompted by the breaking of many protected implementations in practice, researchers saw the need of validating security of implementations with formal methods. Three generic S-box implementation methods have been proposed by Prouff el al., together with formal proofs of their security against 1st or 2nd-order side-channel analysis. These methods use a similar combination of masking and hiding countermeasures. In this paper, we show that although proven resistant to standard power analysis, these implementation methods are vulnerable to a more sophisticated form of power analysis that combines Differential Power Analysis (DPA) and pattern matching techniques. This new form of power analysis is possible under the same assumptions about power leakage as standard DPA attacks and the added complexity is limited: our experiments show that 900 traces are sufficient to break these algorithms on a device where 150 traces are typically needed for standard DPA. We conclude that the defense strategies—hiding by repeating operations for each possible value, and masking and hiding using the same random number—can create new vulnerabilities
Cutting Through the Complexity of Reverse Engineering Embedded Devices
Performing security analysis of embedded devices is a challenging task. They present many difficulties not usually found when analyzing commodity systems: undocumented peripherals, esoteric instruction sets, and limited tool support. Thus, a significant amount of reverse engineering is almost always required to analyze such devices. In this paper, we present Incision, an architecture and operating-system agnostic reverse engineering framework. Incision tackles the problem of reducing the upfront effort to analyze complex end-user devices. It combines static and dynamic analyses in a feedback loop, enabling information from each to be used in tandem to improve our overall understanding of the firmware analyzed. We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. We demonstrate that Incision does not introduce significant complexity to the standard reverse engineering process and requires little manual effort to use. Moreover, its analyses produce correct results with high confidence and are robust across different OSes and ISAs
The uncertainty of Side-Channel Analysis: A way to leverage from heuristics
Performing a comprehensive side-channel analysis evaluation of small embedded
devices is a process known for its variability and complexity. In real-world
experimental setups, the results are largely influenced by a huge amount of
parameters that are not easily adjusted without trial and error and are heavily
relying on the experience of professional security analysts. In this paper, we
advocate the use of an existing statistical methodology called Six Sigma
(6{\sigma}) for side-channel analysis optimization for this purpose. This
well-known methodology is commonly used in other industrial fields, such as
production and quality engineering, to reduce the variability of industrial
processes. We propose a customized Six Sigma methodology, which enables even a
less-experienced security analysis to select optimal values for the different
variables that are critical for the side-channel analysis procedure. Moreover,
we show how our methodology helps in improving different phases in the
side-channel analysis process.Comment: 30 pages, 8 figure
SoK: Design Tools for Side-Channel-Aware Implementations
Side-channel attacks that leak sensitive information through a computing
device's interaction with its physical environment have proven to be a severe
threat to devices' security, particularly when adversaries have unfettered
physical access to the device. Traditional approaches for leakage detection
measure the physical properties of the device. Hence, they cannot be used
during the design process and fail to provide root cause analysis. An
alternative approach that is gaining traction is to automate leakage detection
by modeling the device. The demand to understand the scope, benefits, and
limitations of the proposed tools intensifies with the increase in the number
of proposals.
In this SoK, we classify approaches to automated leakage detection based on
the model's source of truth. We classify the existing tools on two main
parameters: whether the model includes measurements from a concrete device and
the abstraction level of the device specification used for constructing the
model. We survey the proposed tools to determine the current knowledge level
across the domain and identify open problems. In particular, we highlight the
absence of evaluation methodologies and metrics that would compare proposals'
effectiveness from across the domain. We believe that our results help
practitioners who want to use automated leakage detection and researchers
interested in advancing the knowledge and improving automated leakage
detection
Research On Hardware-based Hiding Countermeasures Against Power Analysis Attacks
電気通信大ĺ¦202
- …