4,257 research outputs found
Attacks and Countermeasures for White-box Designs
In traditional symmetric cryptography, the adversary has access only to the inputs and outputs of a cryptographic primitive. In the white-box model the adversary is given full access to the implementation. He can use both static and dynamic analysis as well as fault analysis in order to break the cryptosystem, e.g. to extract the embedded secret key. Implementations secure in such model have many applications in industry. However, creating such implementations turns out to be a very challenging if not an impossible task.
Recently, Bos et al. proposed a generic attack on white-box primitives called differential computation analysis (DCA). This attack was applied to many white-box implementations both from academia and industry. The attack comes from the area of side-channel analysis and the most common method protecting against such attacks is masking, which in turn is a form of secret sharing. In this paper we present multiple generic attacks against masked white-box implementations. We use the term âmaskingâ in a very broad sense. As a result, we deduce new constraints that any secure white-box implementation must satisfy.
Based on the new constraints, we develop a general method for protecting white-box implementations. We split the protection into two independent components: value hiding and structure hiding. Value hiding must pro- vide protection against passive DCA-style attacks that rely on analysis of computation traces. Structure hiding must provide protection against circuit analysis attacks. In this paper we focus on developing the value hiding component. It includes protection against the DCA attack by Bos et al. and protection against a new attack called algebraic attack. We present a provably secure first-order protection against the new al- gebraic attack. The protection is based on small gadgets implementing secure masked XOR and AND operations. Furthermore, we give a proof of compositional security allowing to freely combine secure gadgets. We derive concrete security bounds for circuits built using our construction
Attacks and Countermeasures for White-box Designs
In traditional symmetric cryptography, the adversary has
access only to the inputs and outputs of a cryptographic primitive. In the
white-box model the adversary is given full access to the implementation.
He can use both static and dynamic analysis as well as fault analysis in
order to break the cryptosystem, e.g. to extract the embedded secret
key. Implementations secure in such model have many applications in
industry. However, creating such implementations turns out to be a very
challenging if not an impossible task.
Recently, Bos et al. proposed a generic attack on white-box primitives
called differential computation analysis (DCA). This attack was applied
to many white-box implementations both from academia and industry.
The attack comes from the area of side-channel analysis and the most
common method protecting against such attacks is masking, which in
turn is a form of secret sharing. In this paper we present multiple generic
attacks against masked white-box implementations. We use the term
âmaskingâ in a very broad sense. As a result, we deduce new constraints
that any secure white-box implementation must satisfy.
Based on the new constraints, we develop a general method for protecting
white-box implementations. We split the protection into two independent
components: value hiding and structure hiding. Value hiding must pro-
vide protection against passive DCA-style attacks that rely on analysis
of computation traces. Structure hiding must provide protection against
circuit analysis attacks. In this paper we focus on developing the value
hiding component. It includes protection against the DCA attack by Bos
et al. and protection against a new attack called algebraic attack.
We present a provably secure first-order protection against the new al-
gebraic attack. The protection is based on small gadgets implementing
secure masked XOR and AND operations. Furthermore, we give a proof
of compositional security allowing to freely combine secure gadgets. We
derive concrete security bounds for circuits built using our construction
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Learning-based pattern classifiers, including deep networks, have shown
impressive performance in several application domains, ranging from computer
vision to cybersecurity. However, it has also been shown that adversarial input
perturbations carefully crafted either at training or at test time can easily
subvert their predictions. The vulnerability of machine learning to such wild
patterns (also referred to as adversarial examples), along with the design of
suitable countermeasures, have been investigated in the research field of
adversarial machine learning. In this work, we provide a thorough overview of
the evolution of this research area over the last ten years and beyond,
starting from pioneering, earlier work on the security of non-deep learning
algorithms up to more recent work aimed to understand the security properties
of deep learning algorithms, in the context of computer vision and
cybersecurity tasks. We report interesting connections between these
apparently-different lines of work, highlighting common misconceptions related
to the security evaluation of machine-learning algorithms. We review the main
threat models and attacks defined to this end, and discuss the main limitations
of current work, along with the corresponding future challenges towards the
design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201
CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery
Over the last years, most websites on which users can register (e.g., email
providers and social networks) adopted CAPTCHAs (Completely Automated Public
Turing test to tell Computers and Humans Apart) as a countermeasure against
automated attacks. The battle of wits between designers and attackers of
CAPTCHAs led to current ones being annoying and hard to solve for users, while
still being vulnerable to automated attacks.
In this paper, we propose CAPTCHaStar, a new image-based CAPTCHA that relies
on user interaction. This novel CAPTCHA leverages the innate human ability to
recognize shapes in a confused environment. We assess the effectiveness of our
proposal for the two key aspects for CAPTCHAs, i.e., usability, and resiliency
to automated attacks. In particular, we evaluated the usability, carrying out a
thorough user study, and we tested the resiliency of our proposal against
several types of automated attacks: traditional ones; designed ad-hoc for our
proposal; and based on machine learning. Compared to the state of the art, our
proposal is more user friendly (e.g., only some 35% of the users prefer current
solutions, such as text-based CAPTCHAs) and more resilient to automated
attacks.Comment: 15 page
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
Analysis and Mitigation of Remote Side-Channel and Fault Attacks on the Electrical Level
In der fortlaufenden Miniaturisierung von integrierten Schaltungen werden physikalische Grenzen erreicht, wobei beispielsweise Einzelatomtransistoren eine mögliche untere Grenze fĂŒr StrukturgröĂen darstellen.
Zudem ist die Herstellung der neuesten Generationen von Mikrochips heutzutage finanziell nur noch von groĂen, multinationalen Unternehmen zu stemmen.
Aufgrund dieser Entwicklung ist Miniaturisierung nicht lÀnger die treibende Kraft um die Leistung von elektronischen Komponenten weiter zu erhöhen.
Stattdessen werden klassische Computerarchitekturen mit generischen Prozessoren weiterentwickelt zu heterogenen Systemen mit hoher ParallelitÀt und speziellen Beschleunigern.
Allerdings wird in diesen heterogenen Systemen auch der Schutz von privaten Daten gegen Angreifer zunehmend schwieriger.
Neue Arten von Hardware-Komponenten, neue Arten von Anwendungen und eine allgemein erhöhte KomplexitÀt sind einige der Faktoren, die die Sicherheit in solchen Systemen zur Herausforderung machen.
Kryptografische Algorithmen sind oftmals nur unter bestimmten Annahmen ĂŒber den Angreifer wirklich sicher.
Es wird zum Beispiel oft angenommen, dass der Angreifer nur auf Eingaben und Ausgaben eines Moduls zugreifen kann, wÀhrend interne Signale und Zwischenwerte verborgen sind.
In echten Implementierungen zeigen jedoch Angriffe ĂŒber SeitenkanĂ€le und Faults die Grenzen dieses sogenannten Black-Box-Modells auf.
WĂ€hrend bei Seitenkanalangriffen der Angreifer datenabhĂ€ngige MessgröĂen wie Stromverbrauch oder elektromagnetische Strahlung ausnutzt, wird bei Fault Angriffen aktiv in die Berechnungen eingegriffen, und die falschen Ausgabewerte zum Finden der geheimen Daten verwendet.
Diese Art von Angriffen auf Implementierungen wurde ursprĂŒnglich nur im Kontext eines lokalen Angreifers mit Zugriff auf das ZielgerĂ€t behandelt.
Jedoch haben bereits Angriffe, die auf der Messung der Zeit fĂŒr bestimmte Speicherzugriffe basieren, gezeigt, dass die Bedrohung auch durch Angreifer mit Fernzugriff besteht.
In dieser Arbeit wird die Bedrohung durch Seitenkanal- und Fault-Angriffe ĂŒber Fernzugriff behandelt, welche eng mit der Entwicklung zu mehr heterogenen Systemen verknĂŒpft sind.
Ein Beispiel fĂŒr neuartige Hardware im heterogenen Rechnen sind Field-Programmable Gate Arrays (FPGAs), mit welchen sich fast beliebige Schaltungen in programmierbarer Logik realisieren lassen.
Diese Logik-Chips werden bereits jetzt als Beschleuniger sowohl in der Cloud als auch in EndgerÀten eingesetzt.
Allerdings wurde gezeigt, wie die FlexibilitÀt dieser Beschleuniger zur Implementierung von Sensoren zur AbschÀtzung der Versorgungsspannung ausgenutzt werden kann.
Zudem können durch eine spezielle Art der Aktivierung von groĂen Mengen an Logik Berechnungen in anderen Schaltungen fĂŒr Fault Angriffe gestört werden.
Diese Bedrohung wird hier beispielsweise durch die Erweiterung bestehender Angriffe weiter analysiert und es werden Strategien zur Absicherung dagegen entwickelt
- âŠ