297 research outputs found
The low area probing detector as a countermeasure against invasive attacks
© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksMicroprobing allows intercepting data from on-chip wires as well as injecting faults into data or control lines. This makes it a commonly used attack technique against security-related semiconductors, such as smart card controllers. We present the low area probing detector (LAPD) as an efficient approach to detect microprobing. It compares delay differences between symmetric lines such as bus lines to detect timing asymmetries introduced by the capacitive load of a probe. Compared with state-of-the-art microprobing countermeasures from industry, such as shields or bus encryption, the area overhead is minimal and no delays are introduced; in contrast to probing detection schemes from academia, such as the probe attempt detector, no analog circuitry is needed. We show the Monte Carlo simulation results of mismatch variations as well as process, voltage, and temperature corners on a 65-nm technology and present a simple reliability optimization. Eventually, we show that the detection of state-of-the-art commercial microprobes is possible even under extreme conditions and the margin with respect to false positives is sufficient.Peer ReviewedPostprint (author's final draft
Security of practical private randomness generation
Measurements on entangled quantum systems necessarily yield outcomes that are
intrinsically unpredictable if they violate a Bell inequality. This property
can be used to generate certified randomness in a device-independent way, i.e.,
without making detailed assumptions about the internal working of the quantum
devices used to generate the random numbers. Furthermore these numbers are also
private, i.e., they appear random not only to the user, but also to any
adversary that might possess a perfect description of the devices. Since this
process requires a small initial random seed, one usually speaks of
device-independent randomness expansion.
The purpose of this paper is twofold. First, we point out that in most real,
practical situations, where the concept of device-independence is used as a
protection against unintentional flaws or failures of the quantum apparatuses,
it is sufficient to show that the generated string is random with respect to an
adversary that holds only classical-side information, i.e., proving randomness
against quantum-side information is not necessary. Furthermore, the initial
random seed does not need to be private with respect to the adversary, provided
that it is generated in a way that is independent from the measured systems.
The devices, though, will generate cryptographically-secure randomness that
cannot be predicted by the adversary and thus one can, given access to free
public randomness, talk about private randomness generation.
The theoretical tools to quantify the generated randomness according to these
criteria were already introduced in [S. Pironio et al, Nature 464, 1021
(2010)], but the final results were improperly formulated. The second aim of
this paper is to correct this inaccurate formulation and therefore lay out a
precise theoretical framework for practical device-independent randomness
expansion.Comment: 18 pages. v3: important changes: the present version focuses on
security against classical side-information and a discussion about the
significance of these results has been added. v4: minor changes. v5: small
typos correcte
A quantum key distribution protocol for rapid denial of service detection
We introduce a quantum key distribution protocol designed to expose fake
users that connect to Alice or Bob for the purpose of monopolising the link and
denying service. It inherently resists attempts to exhaust Alice and Bob's
initial shared secret, and is 100% efficient, regardless of the number of
qubits exchanged above the finite key limit. Additionally, secure key can be
generated from two-photon pulses, without having to make any extra
modifications. This is made possible by relaxing the security of BB84 to that
of the quantum-safe block cipher used for day-to-day encryption, meaning the
overall security remains unaffected for useful real-world cryptosystems such as
AES-GCM being keyed with quantum devices.Comment: 13 pages, 3 figures. v2: Shifted focus of paper towards DoS and added
protocol 4. v1: Accepted to QCrypt 201
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
Observation-based Cooperation Enforcement in Ad Hoc Networks
Ad hoc networks rely on the cooperation of the nodes participating in the
network to forward packets for each other. A node may decide not to cooperate
to save its resources while still using the network to relay its traffic. If
too many nodes exhibit this behavior, network performance degrades and
cooperating nodes may find themselves unfairly loaded. Most previous efforts to
counter this behavior have relied on further cooperation between nodes to
exchange reputation information about other nodes. If a node observes another
node not participating correctly, it reports this observation to other nodes
who then take action to avoid being affected and potentially punish the bad
node by refusing to forward its traffic. Unfortunately, such second-hand
reputation information is subject to false accusations and requires maintaining
trust relationships with other nodes. The objective of OCEAN is to avoid this
trust-management machinery and see how far we can get simply by using direct
first-hand observations of other nodes' behavior. We find that, in many
scenarios, OCEAN can do as well as, or even better than, schemes requiring
second-hand reputation exchanges. This encouraging result could possibly help
obviate solutions requiring trust-management for some contexts.Comment: 10 pages, 7 figure
Quantum-secured blockchain
Blockchain is a distributed database which is cryptographically protected
against malicious modifications. While promising for a wide range of
applications, current blockchain platforms rely on digital signatures, which
are vulnerable to attacks by means of quantum computers. The same, albeit to a
lesser extent, applies to cryptographic hash functions that are used in
preparing new blocks, so parties with access to quantum computation would have
unfair advantage in procuring mining rewards. Here we propose a possible
solution to the quantum era blockchain challenge and report an experimental
realization of a quantum-safe blockchain platform that utilizes quantum key
distribution across an urban fiber network for information-theoretically secure
authentication. These results address important questions about realizability
and scalability of quantum-safe blockchains for commercial and governmental
applications.Comment: 7 pages, 2 figures; published versio
Experimental quantum key distribution with simulated ground-to-satellite photon losses and processing limitations
Quantum key distribution (QKD) has the potential to improve communications
security by offering cryptographic keys whose security relies on the
fundamental properties of quantum physics. The use of a trusted quantum
receiver on an orbiting satellite is the most practical near-term solution to
the challenge of achieving long-distance (global-scale) QKD, currently limited
to a few hundred kilometers on the ground. This scenario presents unique
challenges, such as high photon losses and restricted classical data
transmission and processing power due to the limitations of a typical satellite
platform. Here we demonstrate the feasibility of such a system by implementing
a QKD protocol, with optical transmission and full post-processing, in the
high-loss regime using minimized computing hardware at the receiver. Employing
weak coherent pulses with decoy states, we demonstrate the production of secure
key bits at up to 56.5 dB of photon loss. We further illustrate the feasibility
of a satellite uplink by generating secure key while experimentally emulating
the varying channel losses predicted for realistic low-Earth-orbit satellite
passes at 600 km altitude. With a 76 MHz source and including finite-size
analysis, we extract 3374 bits of secure key from the best pass. We also
illustrate the potential benefit of combining multiple passes together: while
one suboptimal "upper-quartile" pass produces no finite-sized key with our
source, the combination of three such passes allows us to extract 165 bits of
secure key. Alternatively, we find that by increasing the signal rate to 300
MHz it would be possible to extract 21570 bits of secure finite-sized key in
just a single upper-quartile pass.Comment: 12 pages, 7 figures, 2 table
3D Integration: Another Dimension Toward Hardware Security
We review threats and selected schemes concerning hardware security at design
and manufacturing time as well as at runtime. We find that 3D integration can
serve well to enhance the resilience of different hardware security schemes,
but it also requires thoughtful use of the options provided by the umbrella
term of 3D integration. Toward enforcing security at runtime, we envision
secure 2.5D system-level integration of untrusted chips and "all around"
shielding for 3D ICs.Comment: IEEE IOLTS 201
- …