Side-Channel Analysis and Cryptography Engineering : Getting OpenSSL Closer to Constant-Time

As side-channel attacks reached general purpose PCs and started to be more practical for attackers to exploit, OpenSSL adopted in 2005 a flagging mechanism to protect against SCA. The opt-in mechanism allows to flag secret values, such as keys, with the BN_FLG_CONSTTIME flag. Whenever a flag is checked and detected, the library changes its execution flow to SCA-secure functions that are slower but safer, protecting these secret values from being leaked. This mechanism favors performance over security, it is error-prone, and is obscure for most library developers, increasing the potential for side-channel vulnerabilities. This dissertation presents an extensive side-channel analysis of OpenSSL and criticizes its fragile flagging mechanism. This analysis reveals several flaws affecting the library resulting in multiple side-channel attacks, improved cache-timing attack techniques, and a new side channel vector. The first part of this dissertation introduces the main topic and the necessary related work, including the microarchitecture, the cache hierarchy, and attack techniques; then it presents a brief troubled history of side-channel attacks and defenses in OpenSSL, setting the stage for the related publications. This dissertation includes seven original publications contributing to the area of side-channel analysis, microarchitecture timing attacks, and applied cryptography. From an SCA perspective, the results identify several vulnerabilities and flaws enabling protocol-level attacks on RSA, DSA, and ECDSA, in addition to full SCA of the SM2 cryptosystem. With respect to microarchitecture timing attacks, the dissertation presents a new side-channel vector due to port contention in the CPU execution units. And finally, on the applied cryptography front, OpenSSL now enjoys a revamped code base securing several cryptosystems against SCA, favoring a secure-by-default protection against side-channel attacks, instead of the insecure opt-in flagging mechanism provided by the fragile BN_FLG_CONSTTIME flag

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Malaysian bilateral trade relations and economic growth

This paper examines the structure and trends of Malaysian bilateral exports and imports and then investigates whether these bilateral exports and imports have caused Malaysian economic growth. Although the structure of Malaysia’s trade has changed quite significantly over the last three decades, the direction of Malaysia’s trade remains generally the same. Broadly, ASEAN, the EU, East Asia, the US and Japan continue to be the Malaysia’s major trading partners. The Granger causality tests have shown that it is the bilateral imports that have caused economic growth in Malaysia rather than the bilateral exports

Exchange rate misalignments in ASEAN-5 countries

The purpose of this paper is to estimate the exchange rate misalignments for Indonesia, Malaysia, Philippines, Singapore and Thailand before the currency crisis. By employing the sticky-price monetary exchange rate model in the environment of vector error-correction, the results indicate that the Indonesia rupiah, Malaysian ringgit, Philippines peso and Singapore dollar were overvalued before the currency crisis while Thai baht was undervalued on the eve of the crisis. However, they suffered modest misalignment. Therefore, little evidence of exchange misalignment is found to exist in 1997:2. In particular, Indonesia rupiah, Malaysia ringgit, Philippines peso and Singapore dollar were only overvalued about 1 to 4 percent against US dollar while the Thai baht was only 2 percent undervalued against US dollar