115,969 research outputs found
Architecture Correlation Analysis (ACA): Identifying the Source of Side-channel Leakage at Gate-level
Power-based side-channel leakage is a known problem in the design of security-centric electronic systems. As the complexity of modern systems rapidly increases through the use of System-on-Chip (SoC) integration, it becomes difficult to determine the precise source of the side-channel leakage. Designers of secure SoC must therefore proactively apply expensive countermeasures to protect entire subsystems such as encryption modules, and this increases the design cost of the chip. We propose a methodology to determine, at design time, the source of side-channel leakage with much greater accuracy, at the granularity of a single cell. Our methodology, Architecture Correlation Analysis, uses a leakage model, well known from differential side-channel analysis techniques, to rank the cells within a netlist according to their contribution to the side-channel leakage. With this analysis result, the designer can selectively apply countermeasures where they are most effective. We demonstrate Architecture Correlation Analysis (ACA) on an AES coprocessor in an SoC design, and we determine the sources of side-channel leakage at the gate-level within the AES module as well as within the overall SoC. We validate ACA by demonstrating its use in an optimized hiding countermeasure
On Mitigation of Side-Channel Attacks in 3D ICs: Decorrelating Thermal Patterns from Power and Activity
Various side-channel attacks (SCAs) on ICs have been successfully
demonstrated and also mitigated to some degree. In the context of 3D ICs,
however, prior art has mainly focused on efficient implementations of classical
SCA countermeasures. That is, SCAs tailored for up-and-coming 3D ICs have been
overlooked so far. In this paper, we conduct such a novel study and focus on
one of the most accessible and critical side channels: thermal leakage of
activity and power patterns. We address the thermal leakage in 3D ICs early on
during floorplanning, along with tailored extensions for power and thermal
management. Our key idea is to carefully exploit the specifics of material and
structural properties in 3D ICs, thereby decorrelating the thermal behaviour
from underlying power and activity patterns. Most importantly, we discuss
powerful SCAs and demonstrate how our open-source tool helps to mitigate them.Comment: Published in Proc. Design Automation Conference, 201
On the security of embedded systems against side-channel attacks
Side-Channel Analysis (SCA) represents a serious threat to the security of millions of smart devices that form part of the so-called Internet of Things (IoT). On the other hand, perform the "right- fitting" cryptographic code for the IoT is a highly challenging task due to the reduced resource constraints of must of the IoT devices and the variety of cryptographic algorithms on disposal. An important criterion to assess the suitability of a light-weight cipher implementation, with respect to the SCA point of view, is the amount of energy leakage available to an adversary. In this thesis, the efficiency of a selected function that is commonly used in AES implementations in the perspective of Correlation Power Analysis (CPA) attacks are analyzed, leading to focus on the very common situation where the exact time of the sensitive processing is drowned in a large number of leakage points. In the particular case of statistical attacks, much of the existing literature essentially develop the theory under the assumption that the exact sensitive time is known and cannot be directly applied when the latter assumption is relaxed, being such a particular aspect for the simple Differential Power Analysis (DPA) in contrast with the CPA. To deal with this issue, an improvement that makes the statistical attack a real alternative compared with the simple DPA has been proposed. For the power consumption model (Hamming Weight model), and by rewriting the simple DPA attacks in terms of correlation coefficients between Boolean functions. Exhibiting properties of S-boxes relied on CPA attacks and showing that these properties are opposite to the non-linearity criterion and to the propagation criterion assumed for the former DPA. In order to achieve this goal, the study has been illustrated by various attack experiments performed on several copies implementations of the light-weight AES chipper in a well-known micro-controller educative platform within an 8-bit processor architecture deployed on a 350 nanometers CMOS technology. The Side-channel attacks presented in this work have been set in ideal conditions to capture the full complexity of an attack performed in real-world conditions, showing that certain implementation aspects can influence the leakage levels. On the other side, practical improvements are proposed for specific contexts by exploring the relationship between the non-linearity of the studied selection function and the measured leakages, with the only pretension to bridge the gap between the theory and the practice. The results point to new enlightenment on the resilience of basic operations executed by common light-weight ciphers implementations against CPA attacks
Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels
We show that subtle acoustic noises emanating from within computer screens
can be used to detect the content displayed on the screens. This sound can be
picked up by ordinary microphones built into webcams or screens, and is
inadvertently transmitted to other parties, e.g., during a videoconference call
or archived recordings. It can also be recorded by a smartphone or "smart
speaker" placed on a desk next to the screen, or from as far as 10 meters away
using a parabolic microphone.
Empirically demonstrating various attack scenarios, we show how this channel
can be used for real-time detection of on-screen text, or users' input into
on-screen virtual keyboards. We also demonstrate how an attacker can analyze
the audio received during video call (e.g., on Google Hangout) to infer whether
the other side is browsing the web in lieu of watching the video call, and
which web site is displayed on their screen
CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information
Machine learning has become mainstream across industries. Numerous examples
proved the validity of it for security applications. In this work, we
investigate how to reverse engineer a neural network by using only power
side-channel information. To this end, we consider a multilayer perceptron as
the machine learning architecture of choice and assume a non-invasive and
eavesdropping attacker capable of measuring only passive side-channel leakages
like power consumption, electromagnetic radiation, and reaction time.
We conduct all experiments on real data and common neural net architectures
in order to properly assess the applicability and extendability of those
attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our
experiments show that the side-channel attacker is capable of obtaining the
following information: the activation functions used in the architecture, the
number of layers and neurons in the layers, the number of output classes, and
weights in the neural network. Thus, the attacker can effectively reverse
engineer the network using side-channel information.
Next, we show that once the attacker has the knowledge about the neural
network architecture, he/she could also recover the inputs to the network with
only a single-shot measurement. Finally, we discuss several mitigations one
could use to thwart such attacks.Comment: 15 pages, 16 figure
Power Side Channels in Security ICs: Hardware Countermeasures
Power side-channel attacks are a very effective cryptanalysis technique that
can infer secret keys of security ICs by monitoring the power consumption.
Since the emergence of practical attacks in the late 90s, they have been a
major threat to many cryptographic-equipped devices including smart cards,
encrypted FPGA designs, and mobile phones. Designers and manufacturers of
cryptographic devices have in response developed various countermeasures for
protection. Attacking methods have also evolved to counteract resistant
implementations. This paper reviews foundational power analysis attack
techniques and examines a variety of hardware design mitigations. The aim is to
highlight exposed vulnerabilities in hardware-based countermeasures for future
more secure implementations
- …